Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why is My Hard Drive Being Accessed for Minutes at a Time...???


  • Please log in to reply
31 replies to this topic

#1 Warthog-Fan

Warthog-Fan

  • Members
  • 293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:24 PM

Posted 29 October 2014 - 07:50 PM

Guys,

 

About a month ago, I started noticing that my hard drive was beginning to be accessed for long periods of time...sometimes for a whole minute or two. I first noticed it when I would start Windows Live Mail. While the accesses are going on, the computer runs other tasks very slowly or not at all. Sometimes the mouse cursor disappears until the accesses slow down. Now this kind of thing is happening more often. In fact, as I'm typing this, it's going on.

 

I started the Task Manager and looked at the Performance tab, and while the memory was active at about 50%, the processor was only tied up less than 5% of the time. I check the anti-virus program when this is going on and there is no scan activity in progress. Also, there is no Windows update being downloaded.

 

I've run a full scan with MSE, and I downloaded the latest version of Malwarebytes and ran it. Both of the programs reported no viruses or malware on the machine. I would normally think that Windows is doing something in the background, but since I haven't made any changes to the operating system settings recently I don't know why this disk activity should suddenly show up.

 

Does anyone have any ideas as to what might be causing this disk activity? Is it possible that the hard drive is starting to fail and the OS is doing extra accesses to try to recover from read or write errors? The computer is about five years old and the hard disk is the original. Any help will be appreciated.

 

Bob



BC AdBot (Login to Remove)

 


#2 technonymous

technonymous

  • Members
  • 2,498 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 PM

Posted 30 October 2014 - 03:00 AM

I don't know you didn't mention what the process was. When this starts to happen close out all running programs in use IE: Firefox etc. Open task manager by pressing ctrl+shift+esc. Go to process tab and at the bottom click the button Show all processes from all users. This will change the view and you can see your user name/system/network service/local service processes. Expand the window to full screen. Monitor which process is using the cpu the most. Disregard the System Idle Process at cpu 97-99% this is normal. Make a note of all the processes using cpu %. Some may fluctuate 0-1% this is also normal behavior. Look for any steady ones.



#3 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:24 PM

Posted 04 November 2014 - 10:22 AM

Okay,

 

I finally managed to get the Task Manager started while the hard disk was being accessed for a long period. It looks like the program msmpeng.exe is running about 40 - 50% of the time. The description to the right states that this is an antimalware program from Microsoft. It's nice to know that MS is trying to protect my computer, but I don't know why it has to run five or six times a day.

 

Bob



#4 Willy22

Willy22

  • Members
  • 945 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:10:24 PM

Posted 04 November 2014 - 10:27 AM

Try this:

http://www.tweaking.com/articles/pages/fix_high_cpu_usage_of_microsoft_security_essentials,1.html



#5 Torvald

Torvald

  • Members
  • 366 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX USA
  • Local time:04:24 PM

Posted 04 November 2014 - 10:59 AM

The most common reason for high CPU usage with msmpeng.exe (it's associated with Windows Defender anti-malware) is a conflicting security program left in place before installing Microsoft Security Essentials (MSE).  Please refer to: http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/msmpengexe-excessive-disk-usage-problem/63816ff0-f27a-4cf0-9337-ad5b4bf9124a?auth=1

 

I also found the following MS article about turning off MS Defender, but I'm puzzled by that as it supposed to be automatically disabled in Windows 7 when MSE gets installed. 

http://helpdeskgeek.com/windows-vista-tips/what-is-msmpeng-exe/

 

Therefore, verify that you have fully removed/uninstalled all other real-time anti-virus and anti-malware products that were ever installed on your PC, including any free/trial products that were installed when the PC was purchased.  (I believe it's okay to leave in place any free versions of on-demand anti-malware programs)  Then, just to be sure, use the cleanup tools listed here: 

http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/list-of-anti-malware-product-removal-tools/407bf6da-c05d-4546-8788-0aa4c25a1f91

 

You may need to remove and reinstall MSE as well.

 

P.S.  Sorry - I got delayed by real work while in the middle of drafting my response, and see that Willy22 beat me to posting a reply.  Please go ahead and try his recommendation first.


Edited by Torvald, 04 November 2014 - 11:02 AM.

Google is my friend. Make Google your friend too.


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:24 PM

Posted 04 November 2014 - 11:07 AM

I also found the following MS article about turning off MS Defender, but I'm puzzled by that as it supposed to be automatically disabled in Windows 7 when MSE gets installed. 

http://helpdeskgeek.com/windows-vista-tips/what-is-msmpeng-exe/

Windows Defender in Windows 7 is an antimalware program.  It is not suggested that you use two antimalware programs, but it can be done.  Windows 7 does not automatically disable Windows Defender if another antimalware program is installed.  Windows Defender in Window 8/8.1 is a full blown antivirus which if another antivirus is installed will automatically disable Home Defender since you should never run more than one antivirus.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:24 PM

Posted 04 November 2014 - 11:10 AM

@Warthog-Fan

 

Please download and install Speccy to provide us with information about your computer.  When  FileHippo opens, click on Download latest version in the upper right pane.
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.

 

 

Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkbox:
 
List Installed Programs
 
Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.
 
 

 
Double click on the download and choose to run the program.
 
A screen similar to the one below will open, click any key to run the program.
 
securitycheck_zpscfb86945.png
 
When the scan is finished there will be a log, copy and then paste your log in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:24 PM

Posted 04 November 2014 - 04:30 PM

dc3,

 

I downloaded and installed Malwarebytes a short time ago when I first began to try to figure out this problem. Based upon your comment that it's not a good idea to run TWO anti-malware programs, do you recommend that I uninstall Malwarebytes and just go with Windows Defender?

 

Bob



#9 Torvald

Torvald

  • Members
  • 366 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX USA
  • Local time:04:24 PM

Posted 04 November 2014 - 05:16 PM

Not wanting to cause an argument, but according to the following Microsoft article, when using Windows XP, Vista or 7, it is not advisable to have both MSE and Windows Defender active at the same time, "or else your system may experience performance degradation and other problems caused by the conflict of two services providing real time protection simultaneously":  

 

http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/windows-defender-and-microsoft-security-essentials/5309cb8d-02e1-40e8-974f-0dcedb9ab9fd

 

Therefore, I would recommend disabling Windows Defender, if it is currently active, since you earlier mentioned using MSE.  You can still keep MSE antivirus active, plus use other on demand anti-malware programs, such as MalwareBytes.  I think you can also continue using other anti-malware in active scanning mode - the main point is that Microsoft recommends not having MSE and Windows Defender both running active at the same time for Windows XP, Vista, and 7.


Google is my friend. Make Google your friend too.


#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:24 PM

Posted 05 November 2014 - 10:05 AM

@Torvald

 

No argument. :thumbup2:   

 

From Microsoft Support.

 

 
Q: Does installing Microsoft Security Essentials (XP/Vista/7) disable Windows Defender? 
A: Microsoft Security Essentials should disable Windows Defender on Vista and Windows 7 and uninstall it from XP. In some cases, this does not happen automatically.
 
More times than not I've seen it fail to disable Defender.
 
To continue this in Warthog-Fab's topic would be a disservice to them.  If you wish to continue to discuss this, you should open a topic in the appropriate forum. :)

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:24 PM

Posted 05 November 2014 - 10:11 AM

dc3,

 

Based upon your comment that it's not a good idea to run TWO anti-malware programs, do you recommend that I uninstall Malwarebytes and just go with Windows Defender?

 

Bob

I would not uninstall Malwarebytes, it is the better of the two antimalware programs we've mentioned.  I would leave the Windows Defender activated and run the occasional scan with the free version of Malwarebytes.  If you have the paid version of Malwarebytes, then I would make sure that Hove Defender is disabled.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:24 PM

Posted 06 November 2014 - 02:37 PM

dc3,

 

Okay, here is the info that you asked for:

 

1) Link to SPECCY file http://speccy.piriform.com/results/mJCLd6BdWwvGX6ILEKJpycM

 

2) Output from Mini Toolbox:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Bob (ATTENTION: The logged in user is not administrator) on 06-11-2014 at 14:25:25
Running from "C:\Users\Bob\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************


 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
=========================== Installed Programs ============================
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Backup Manager (HKLM\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eLock Management (HKLM\...\{5CC23DEB-D22A-4345-9CFF-F8C602BCE792}) (Version: 3.00.5000 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.00.5001 - Acer Incorporated)
Acer Framework (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5000 - Acer Incorporated)
Acer PowerSaver (HKLM\...\{A1FFD720-0806-40E9-9554-DB22D593FDEF}) (Version: 1.00.3005 - Acer Incorporated)
Acer QuickMigration (HKLM\...\{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}) (Version: 1.00.3005 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0811 - Acer Incorporated)
Acer SmartBoot (HKLM\...\{9E65215B-9DE9-401A-8541-C82FE2D2BC66}) (Version: 1.00.3006 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19480 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}) (Version: 3.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{D56401D6-E356-4CA5-97A3-024D666F5E5C}) (Version:  - ArcSoft)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.9.0.0 - AuthenTec) Hidden
Backup Manager Advance (Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{8A253629-0511-4854-8B4E-46E57E66005C}) (Version: 2.0.1.2 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon MP560 series User Registration (HKLM\...\Canon MP560 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CanoScan Toolbox Ver4.5 (HKLM\...\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}) (Version:  - )
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815i.50 - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2815i.50 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DesignPro 5 (HKLM\...\InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (Version: 5.5.708 - Avery Dennison) Hidden
EMBASSY Security Center Lite (Version: 03.09.00.091 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 03.09.00.102 - Wave Systems Corp) Hidden
Embassy Trust Suite - Acer Edition (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 07.03.02.000 - Wave Systems Corp)
Eraser 6.0.8.2273 (HKLM\...\{392A74D0-4DFE-49F7-87C3-8A61708F8856}) (Version: 6.0.2273 - The Eraser Project)
ESC Home Page Plugin (Version: 03.04.00.029 - Wave Systems Corp) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (Version: 2.0.4.000274 - esobi Inc.) Hidden
EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister (HKLM\...\EZ Vinyl/Tape Converter by MixMeister_is1) (Version:  - MixMeister Technology LLC)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.5 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.5 - FUJIFILM Corporation)
FinePixViewer YTUPL (HKLM\...\{65EB09A3-993B-401E-8936-C9708CBFAB26}) (Version: 1.0 - FUJIFILM Corporation)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HVAC-Calc Residential (HKLM\...\HVAC-Calc Residential4.0.58) (Version: 4.0.58 - HVAC Computer Systems Ltd.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}) (Version: 9.1.1.12 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Manual CanoScan LiDE 35 (HKLM\...\{6AA4C799-BF98-4573-9C83-0C8E4EA46D14}) (Version:  - )
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Money Shared Libraries (Version: 17.0.0.3817 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{41ab2087-4c57-4454-840e-4c10d266e898}) (Version:  - Nero AG)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.10.505 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NETGEAR Live Parental Controls Management Utility 2.0b44 (HKLM\...\NETGEAR Live Parental Controls Management Utility) (Version: 2.0b44 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
OVT Scanner X86 (HKLM\...\{6B566EFE-DC1D-471F-93DD-84832663F140}) (Version: 1.00.0000 - OVT)
PCI Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.4.0 - Conexant Systems)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PrimoPDF -- by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
Private Information Manager (Version: 06.04.00.047 - Wave Systems Corp.) Hidden
QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Secure Update (Version: 05.07.00.019 - Wave Systems Corp.) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{23AE87D8-AB2F-4539-935C-442BC976F469}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
upekmsi (Version: 03.00.00.0000 - Wave Systems Corp) Hidden
Veriton ControlCenter (HKLM\...\{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}) (Version: 1.00.3004 - Acer Incorporated)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version:  - Sakar)
Wave Infrastructure Installer (Version: 07.00.21.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.046 - Wave Systems Corp) Hidden
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wisdom-soft Set up ScreenHunter 5.1 Free (HKLM\...\Wisdom-soft Set up ScreenHunter 5.1 Free) (Version:  - Wisdom Software Inc.)

**** End of log ****

 

 

3) Results of the Security Check

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     15.0.0.152  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (33.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

 

By the way, I used the Start Menu to start Windows Defender and disable it, but I received the message that the program WAS disabled. It still seems to show up in the active Processes list in the Task Manager, although it didn't appear to be using the processor's time very much.

 

If you need anything else, please let me know.

 

Bob



#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:24 PM

Posted 08 November 2014 - 10:01 AM

I couldn't address Torvald's post regarding Windows Defender being a resource hog, which is true, until I saw the Speccy report.  The msmpeng.exe is Windows Defender, but the Speccy snapshot indicates that it has been disabled, and I don't see any other active malware/spyware program installed.

 

I would like to run some scans to rule out the possibility that there is an infection involved here.

 

 Please run AdwCleaner

 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 

When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

 

 

 Please download and install Emsisoft.

 
1.  When Emsisoft opens click on Update.
 
emsisoft6_zpsace019ac.png
 
2.  Click on Full Scan.
 
emsisoft7_zps9186dacd.png
 
3.  After the scan has completed the results will be displayed.  Make sure there is a check in the box of each item found, then click on Quarantine.
 
emsisoft9_zpsf493a30a.png
 
4.  After the items have been quarantined click on OK.
 
emsisoft10_zpscd89d5de.png
 
5.  After the quarantine has been completed click on Logs.
 
emsisoft11_zps7f976399.png
 
6.  Click on Export and save the log to a location which you will be able to find and open.  Open the log, copy and then paste the log in your topic.
 
emsisoft12_zpsb7365391.png
 
 
Please post the Malwarebytes log from the scan you ran.

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

 

 

 

Sorry for not getting back sooner.  I took delivery of twelve new thermal pane windows a couple of days ago and am trying get the old one removed and replaced with the new ones before the storm door opens for the winter.  It would have been a lot more convenient if I could have done this last summer, but we have a budget which has to be adhered to.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:24 PM

Posted 08 November 2014 - 10:13 PM

dc3,

 

Twelve new windows? Man, that's an ambitious project.

 

1) Here is the result of the Scan in AdwCleaner. Almost everything that showed up was in the Registry and I don't want to mess with anything in there without you telling me that it's okay to delete these items. Here is the report file.

 

# AdwCleaner v4.100 - Report created 08/11/2014 at 22:16:27
# Updated 08/11/2014 by Xplode
# Database : 2014-11-07.1
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Warthog - WARTHOG
# Running from : C:\Users\Bob\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****

Task Found : YourFile DownloaderInstaller Starter

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Found : HKLM\SOFTWARE\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1821 octets] - [08/11/2014 18:59:06]
AdwCleaner[R1].txt - [1521 octets] - [08/11/2014 22:16:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1581 octets] ##########

 

2) Log file

 

Emsisoft Emergency Kit - Version 9.0
Quarantine log

    Date    Source    Event    Infection/PUP    
11/8/2014 9:58:47 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\TELEVISIONFANATICEI    Moved to quarantine    Application.InstallAd (A)    11    
11/8/2014 9:58:47 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1    Moved to quarantine    Application.AdReg (A)    12    
11/8/2014 9:58:47 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO    Moved to quarantine    Application.AdReg (A)    13    
11/8/2014 9:58:46 PM    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Moved to quarantine    Setting.DisableTaskMgr (A)    10    
11/8/2014 9:58:45 PM    Value: HKEY_USERS\S-1-5-21-949332312-3081475535-2739407912-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Moved to quarantine    Setting.DisableTaskMgr (A)    9    
11/8/2014 9:58:44 PM    Key: HKEY_USERS\S-1-5-21-949332312-3081475535-2739407912-1001\SOFTWARE\CONDUIT    Moved to quarantine    Application.InstallAd (A)    6    
11/8/2014 9:58:44 PM    Value: HKEY_USERS\S-1-5-21-949332312-3081475535-2739407912-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Moved to quarantine    Setting.DisableRegistryTools (A)    7    
11/8/2014 9:58:44 PM    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Moved to quarantine    Setting.DisableRegistryTools (A)    8    
11/8/2014 9:58:43 PM    Key: HKEY_USERS\S-1-5-21-949332312-3081475535-2739407912-1006\SOFTWARE\YAHOOPARTNERTOOLBAR    Moved to quarantine    Application.Win32.YTool (A)    3    
11/8/2014 9:58:43 PM    Key: HKEY_USERS\S-1-5-21-949332312-3081475535-2739407912-1001\SOFTWARE\YAHOOPARTNERTOOLBAR    Moved to quarantine    Application.Win32.YTool (A)    4    
11/8/2014 9:58:43 PM    Key: HKEY_USERS\S-1-5-21-949332312-3081475535-2739407912-1006\SOFTWARE\CONDUIT    Moved to quarantine    Application.InstallAd (A)    5    
11/8/2014 9:58:42 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\BINGBAR_RASMANCS    Moved to quarantine    Application.Win32.InstallExt (A)    1    
11/8/2014 9:58:42 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SPEEDUPMYPC    Moved to quarantine    Application.AdReg (A)    2

 

3) mbam-check log output (It did not appear to have quarantined any items)

 

Quarantined Items:
===================
Vendor: PUP.Optional.YFDownloader, Date: 2014/10/27 14:24:11, Type: File, Location: C:\$Recycle.Bin\S-1-5-21-949332312-3081475535-2739407912-1006\$RZ0UGN4.exe
===============================================================
END OF FILE


Edited by Warthog-Fan, 09 November 2014 - 10:04 AM.


#15 Warthog-Fan

Warthog-Fan
  • Topic Starter

  • Members
  • 293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:05:24 PM

Posted 09 November 2014 - 09:49 AM

dc3,

 

I should have added this to the preceeding post.

 

1) Even though Windows Defender is supposed to be disabled, I still see it in the list of Processes that are running on the computer, and when I'm having the problem of the continuous disk accesses, it is still occasionally using 10 - 12 % of the CPU. Since it's supposed to be disabled, I would expect it to be gone from the list, or at least show 0% CPU usage all of the time.

 

2) Since you stated that Malware Bytes is a better malware program, I'm thinking of upgrading to the full version of Malware bytes and using it as my antimalware program. Is there a way to completely delete Windows Defender from my computer? I don't see it as being listed in the Programs and Features  part of the Control Panel.

 

3) Yesterday, the "continuous accesses" started again, so I started the Task Manager to check and see which processes were making use of the CPU. As mentioned above, Windows Defender was occasionally using 10 - 12% of the CPU, but Firefox was using about 25% quite frequently. I found this interesting because Firefox was listed as running on my wife's USER ID, but I was the one that was logged on and using the computer at the time. I thought that a user's programs were suspended when they were logged on but another user was using the computer under a different USER ID.

 

I hope that your window replacements go smoothly. We had our old double-hung windows replaced with new vinyl thermal windows and it made a big difference in comfort and heating. Plus, the tilt-out feature made them easier to clean.

 

Thanks,

 

Bob


Edited by Warthog-Fan, 09 November 2014 - 10:03 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users