Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU usage 100% - seems to svchost.exe (netsvcs)


  • Please log in to reply
16 replies to this topic

#1 SuzSoody

SuzSoody

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 19 December 2015 - 01:29 PM

I inherited my laptop from my ex..... I thought I'd gotten it mostly cleaned up and ran virus and malware.... however, CPU usage has continued to climb and climb until it now just sits at 100% and I can do almost nothing on it. I just keeps freezing.

 

I've got Windows 7, 64 bit OS.

 

Any suggestions?

 

Many, many thanks.


Edited by hamluis, 19 December 2015 - 03:32 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 PM

Posted 22 December 2015 - 12:59 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.



#3 SuzSoody

SuzSoody
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 27 December 2015 - 11:15 AM

Thank you! Here are the logs:

 

ADWARE CLEANER

# AdwCleaner v5.026 - Logfile created 26/12/2015 at 09:33:43
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Vincent - VINCENT-PC
# Running from : C:\Users\Vincent\Desktop\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Vincent\AppData\LocalLow\Yahoo!\Companion

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\W3I
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\astromendagames.com

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2170 bytes] ##########
 

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Vincent (Administrator) on Sat 12/26/2015 at  9:46:32.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Windows\prefetch\DRIVERSUPPORT.EXE-290DC691.pf (File)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/26/2015 at  9:52:44.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ADWARE REMOVAL

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v4.1
Time: 2015_12_26_10_01_10
OS: Windows 7 Home Premium - x64 Bit
Account Name: Vincent
Adware Definition: Adware Definition: Dec-19-2015-1
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

No results found
 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v4.1
Time: 2015_12_26_10_01_10
OS: Windows 7 Home Premium - x64 Bit
Account Name: Vincent
Adware Definition: Adware Definition: Dec-19-2015-1
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\


No results found
 

ZHP

~ ZHPCleaner v2015.12.25.407 by Nicolas Coolman (2015/12/25)
~ Run by Vincent (Administrator)  (27/12/2015 01:12:08)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Vincent\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Vincent\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (3)
DELETED task: [Driver Support-RTMRules] [C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (Not File) ]  =>PUP.Optional.DriverSupport
DELETED task: [Driver Support-RTMScan] [C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (Not File) ]  =>PUP.Optional.DriverSupport
DELETED task: [Driver Support-RTMUpdater] [C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (Not File) ]  =>PUP.Optional.DriverSupport


---\\  Explorer ( File, Folder) (1)
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support  =>PUP.Optional.DriverSupport


---\\  Registry ( Key, Value, Data) (12)
DELETED key*: HKCU\Software\AppDataLow\Software\ShopAtHome []  =>PUP.Optional.SAHAgent
DELETED key*: [X64] HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1 [cpbrkpie Control]  =>PUP.Optional.CouponBar
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ShopAtHome.IEToolbar [ShopAtHome.com Toolbar]  =>PUP.Optional.SAHAgent
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ShopAtHome.IEToolbar.1 [ShopAtHome.com Toolbar]  =>PUP.Optional.SAHAgent
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ToolBand.ShopAtHomeIEHelper [ShopAtHomeIEHelper Class]  =>PUP.Optional.SAHAgent
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ToolBand.ShopAtHomeIEHelper.1 [ShopAtHomeIEHelper Class]  =>PUP.Optional.SAHAgent
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\5A4BF79568DD61344A01E70847CCC2EC [Driver Support]  =>PUP.Optional.DriverSupport
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Driver Support []  =>PUP.Optional.DriverSupport
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SunriseBrowse_RASAPI32 []  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SunriseBrowse_RASMANCS []  =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\ShopAtHome []  =>PUP.Optional.SAHAgent
DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\5A4BF79568DD61344A01E70847CCC2EC [Flexera Software LLC]  =>PUP.Optional.DriverSupport


---\\  Summary of the elements found (4)






---\\  Other deletions. (38)
~ Registry Keys Tracing deleted (38)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 654
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 16


~ End of clean in 00h08mn55s
===================
ZHPCleaner-[R]-27122015-01_21_03.txt
ZHPCleaner-[S]-26122015-20_50_24.txt
 

 

ZEMANA

Zemana AntiMalware 2.19.2.737 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/12/27
Operating System       : Windows 7 64-bit
Processor              : 1X AMD Athlon™ Processor TF-20
BIOS Mode              : Legacy
CUID                   : 000B991A1B3BA241FE1B2B
Scan Type              : Deep Scan
Duration               : 55m 57s
Scanned Objects        : 184917
Detected Objects       : 4
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer Homepage
Status             : Scanned
Object             : http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0394z1m5t4972x22n
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Homepage

Internet Explorer URL
Status             : Scanned
Object             : http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360110d505l0394z1m5t4972x22n
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer URL

adwcleaner_5.026.exe
Status             : Scanned
Object             : %userprofile%\downloads\adwcleaner_5.026.exe
MD5                : 76F7569DB01B4D65431B0E6BBBDD261D
Publisher          : -
Size               : 1743360
Version            : 5.0.2.6
Detection          : Heur.Malicious!Pa
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\adwcleaner_5.026.exe

$RWL4NY4.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-1924702302-452892295-2085287855-1000\$rwl4ny4.exe
MD5                : 76F7569DB01B4D65431B0E6BBBDD261D
Publisher          : -
Size               : 1743360
Version            : 5.0.2.6
Detection          : Heur.Malicious!Pa
Cleaning Action    : Quarantine
Traces             :
                File - %homedrive%\$recycle.bin\s-1-5-21-1924702302-452892295-2085287855-1000\$rwl4ny4.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 4
Reported as safe      : 0
Failed                : 0
 



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:18 AM

Posted 28 December 2015 - 09:54 PM

Hi there,

As InadequateInfirmity is not available, I will help you with your problem.

Please run these tools to get some information about your computer.

:step1: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

:step2: Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

#5 SuzSoody

SuzSoody
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 30 December 2015 - 01:52 AM

Thank you. Logs follow.

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Vincent (administrator) on 29-12-2015 at 06:11:22
Running from "C:\Users\Vincent\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Aspire 5532 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Atheros AR5B93 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Vincent-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
   Physical Address. . . . . . . . . : 90-4C-E5-8D-5E-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::956d:cdc4:aa3f:d51f%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.12(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, December 27, 2015 3:38:03 PM
   Lease Expires . . . . . . . . . . : Wednesday, December 30, 2015 5:38:54 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 311446757
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AF-AE-90-00-26-22-E2-F0-B9
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-22-E2-F0-B9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:400a:807::200e
      216.58.216.174


Pinging google.com [216.58.216.174] with 32 bytes of data:
Reply from 216.58.216.174: bytes=32 time=26ms TTL=55
Reply from 216.58.216.174: bytes=32 time=24ms TTL=55

Ping statistics for 216.58.216.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 26ms, Average = 25ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=63ms TTL=50
Reply from 206.190.36.45: bytes=32 time=63ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 63ms, Maximum = 63ms, Average = 63ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...90 4c e5 8d 5e 14 ......Atheros AR5B93 Wireless Network Adapter
 10...00 26 22 e2 f0 b9 ......Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.12     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.12    281
     192.168.1.12  255.255.255.255         On-link      192.168.1.12    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.12    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.12    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.12    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::956d:cdc4:aa3f:d51f/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/29/2015 05:42:17 AM) (Source: Application Hang) (User: )
Description: The program SETUP.EXE version 12.0.6606.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 177c

Start Time: 01d142361f46a8c7

Termination Time: 110

Application Path: C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE

Report Id:

Error: (12/29/2015 05:42:15 AM) (Source: Application Hang) (User: )
Description: The program WINWORD.EXE version 12.0.6683.5002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 168c

Start Time: 01d1423617987827

Termination Time: 156

Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

Report Id:

Error: (12/27/2015 06:02:49 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\SUABnR\SUABnR.exe . Error code = 0x800700d8

Error: (12/27/2015 06:02:28 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\SUABnR\SUABnR.exe . Error code = 0x800700d8

Error: (12/26/2015 03:35:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2246586

Error: (12/26/2015 03:35:28 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2246586

Error: (12/26/2015 03:35:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2015 06:25:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: SETUP.EXE_Microsoft Setup Bootstrapper, version: 12.0.6606.1000, time stamp: 0x4e26b0a2
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003bc21
Faulting process id: 0x1300
Faulting application start time: 0xSETUP.EXE_Microsoft Setup Bootstrapper0
Faulting application path: SETUP.EXE_Microsoft Setup Bootstrapper1
Faulting module path: SETUP.EXE_Microsoft Setup Bootstrapper2
Report Id: SETUP.EXE_Microsoft Setup Bootstrapper3

Error: (12/22/2015 05:53:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 84604693

Error: (12/22/2015 05:53:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 84604693


System errors:
=============
Error: (12/29/2015 05:38:47 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/29/2015 05:38:44 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/28/2015 05:59:15 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/28/2015 05:59:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/28/2015 05:06:24 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/28/2015 05:06:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (12/27/2015 07:03:26 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/27/2015 04:14:41 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/27/2015 03:38:09 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (12/27/2015 03:37:38 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (12/26/2013 07:24:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 105 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/22/2013 11:03:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 866078 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/09/2011 10:46:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 518070 seconds with 60 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

4500_K710_Help (HKLM-x32\...\{74514F8C-AE25-4DE8-B117-0E8256D55409}) (Version: 000.0.751.000 - Hewlett-Packard) Hidden
4500K710 (HKLM-x32\...\{CE0D4271-69C9-4f28-AD9B-BB33D126A30E}) (Version: 000.0.751.000 - Hewlett-Packard) Hidden
4500K710_Software_Min (HKLM-x32\...\{38379381-B56A-43e1-B505-3098D82B1C30}) (Version: 000.0.751.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Acer Assist (HKLM-x32\...\Acer Assist) (Version:  - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.02.0804 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{ACCA82EB-7088-919E-5E1C-100A24F11CCF}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
ccc-core-static (HKLM-x32\...\{23E9588B-05ED-BC2F-EB69-101A96511EF1}) (Version: 2009.0729.2227.38498 - ATI) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Photo AIO Printer 924 (HKLM\...\Dell Photo AIO Printer 924) (Version:  - Dell, Inc.)
Dell Photo AIO Printer 924 (HKLM-x32\...\Dell Photo AIO Printer 924) (Version:  - Dell, Inc.)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.167.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DocMgr (HKLM-x32\...\{92A51949-EE4C-466D-AAF0-99E74A49A63F}) (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Fax Solutions (HKLM\...\Dell Fax Solutions) (Version:  - Dell, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 K710 (HKLM\...\{F35B85A9-68AB-4D98-912E-5B68E00C17C9}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - )
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM-x32\...\{CEB7F45F-F9AB-4DB1-824C-79FE1CE5988F}) (Version: 0.1 - administrator)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (HKLM-x32\...\{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.58.0 - Samsung Electronics Co., Ltd.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SnagIt 8 (HKLM-x32\...\{524228C9-826F-4B58-9E47-4F2E5C7E9F45}) (Version: 8.1.0 - TechSmith Corporation)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}) (Version: 2.15.1003 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}) (Version: 2.15.1001 - Samsung Electronics Co., Ltd.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.737 - Zemana Ltd.)

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Deskjet 3050A J611 series
Description: Deskjet 3050A J611 series
Class Guid:
Manufacturer:
Service:
Device ID: ROOT\MULTIFUNCTION\0000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 2812.05 MB
Available physical RAM: 1171.63 MB
Total Virtual: 5622.29 MB
Available Virtual: 2379.2 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:26.14 GB) NTFS

========================= Users: ========================================

User accounts for \\VINCENT-PC

Administrator            Guest                    Vincent                  

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

04-06-2015 12:37:42 Scheduled Checkpoint
29-11-2015 20:51:32 Scheduled Checkpoint
20-12-2015 14:50:34 Removed D-Link DWA-131 Wireless N Nano USB Adapter
20-12-2015 15:01:34 Configured NTI Media Maker 8
26-12-2015 16:46:44 JRT Pre-Junkware Removal
27-12-2015 16:02:22 Zemana AntiMalware 12/27/2015 9:02:21 AM
27-12-2015 22:16:16 Windows Update
28-12-2015 00:55:38 Installed SUABnR

**** End of log ****
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Java 7 Update 15  
 Java version 32-bit out of Date!
 Adobe Flash Player 20.0.0.267  
 Adobe Reader 10.1.2 Adobe Reader out of Date!  
 Mozilla Firefox (43.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#6 SuzSoody

SuzSoody
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 02 January 2016 - 08:21 PM

CPU Usage still sits at 100% and physical memory still spiking (currently around 72%). Even though usage still spikes and holds, there has been a tiny bit of improvement. I've been able to move a couple of files without crashing......

 

Any next steps?

 

Thank you!



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:18 AM

Posted 02 January 2016 - 10:06 PM

Hi there,

I have a very long flight, so I will be offline for at least a day in the meantime.

Please run these scanners to rule out malware first.

:step1: Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
===

:step2: Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

:step3: ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.


#8 SuzSoody

SuzSoody
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 05 January 2016 - 08:36 AM

Here are the logs:

 

EMSISOFT:

Emsisoft Emergency Kit - Version 10.0
Last update: N/A
User account: Vincent-PC\Vincent

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    1/3/2016 11:23:23 AM
Value: HKEY_USERS\S-1-5-21-1924702302-452892295-2085287855-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1924702302-452892295-2085287855-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    77870
Found    2

Scan end:    1/3/2016 11:34:36 AM
Scan time:    0:11:13

Value: HKEY_USERS\S-1-5-21-1924702302-452892295-2085287855-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1924702302-452892295-2085287855-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    2
 

 

MALWAREBYTES

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/3/2016
Scan Time: 12:14 PM
Logfile: MBAM Log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.03.05
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Vincent

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355353
Time Elapsed: 30 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

ESET

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\prxConduitEngine.dll.vir    a variant of Win32/Toolbar.Conduit.AQ potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\prxtbSwag.dll.vir    a variant of Win32/Toolbar.Conduit.AQ potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Swag_Bucks\tbSwag.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\wse_astromenda\uninstall.exe.vir    a variant of Win32/InstallCore.ADB potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\wse_astromenda\BRS\brs.exe.vir    a variant of Win32/AdWare.Agent.NNW application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Vincent\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Vincent\AppData\LocalLow\Swag_Bucks\tbSwag.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Vincent\AppData\Roaming\wse_astromenda\UpdateProc\bkup.dat.vir    VBS/Kryptik.DY trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Vincent\AppData\Roaming\wse_astromenda\UpdateProc\UpdateTask.exe.vir    Win32/DealPly.U potentially unwanted application    cleaned by deleting - quarantined
C:\Windows\Installer\b65282b8.msi    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
 

 

THANK YOU!!



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:18 AM

Posted 12 January 2016 - 08:57 AM

Hi there,

My apologies for missing your reply - do you still need help?

#10 SuzSoody

SuzSoody
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 13 January 2016 - 08:19 AM

Yes. Still need help. Things are better.......I'm able to use a program without it locking me out for 5 minutes due to high CPU usage. However, it is still slow and pauses........ and CPU usage still sits most of the time at 100%.

 

Thank you!



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:18 AM

Posted 13 January 2016 - 08:38 AM

Hi there,

Can you check which process(es) take up the most CPU with Task Manager?

Also you can view memory use by each process with Process Explorer. Let me know which processes take up the most CPU and memory.

#12 SuzSoody

SuzSoody
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 17 January 2016 - 04:30 PM

Sorry for the delay, busy week! Thank you for hanging with me.

 

When it spikes, svchost.exe seems to be the culprit. Oddly, once I installed Process Explorer, CPU usage seems to have improved somewhat. Although I'm not entirely sure what to look for in the Process Explorer window.

 

Thank you.



#13 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:07:18 PM

Posted 17 January 2016 - 05:04 PM

Would be helpful to know which svchost.exe process is spiking. Double-click the offending process and select the Services tab. Next, take a screenshot of the services in the window and paste it into your next reply.



#14 SuzSoody

SuzSoody
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 17 January 2016 - 06:54 PM

A quick update. If I try to do anything (research on Web, work in a Word document), usage spikes to 100% and the computer slows down substantially to the point of hesitation between every click and movement.

 

Still svchost.exe that is causing the problems.

 

Thank you.



#15 SuzSoody

SuzSoody
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:18 PM

Posted 17 January 2016 - 07:16 PM

I can't post a screenshot, regardless of extension, so here's the info.

 

Svchost.exe:288 (netsvcs) Properties

 

Service                           Display Name                                                    Path

Appinfo                            Application Information                                        C:\Windows\System32\appinfo.dll

BITS                                Background Intelligent Transfer Service                 C:\Windows\System32\qmgr.dll

Browser                           Computer Browser                                              C:\Windows\System32\browser.dll

EapHost                          Extensible Authentication Protocol                       C:\Windows\System32\eapsvc.dll

IKEEXT                           IKE and AuthIP IPsec Keying Modules                  C:\Windows\System32\ikeext.dll

Iphlpsvc                           IP Helper                                                            C:\Windows\System32\iphlpsvc.dll

Lanman Server                 Server                                                                C:\Windows\System32\srvsvc.dll

MMCSS                          Multimedia Class Scheduler                                 C:\Windows\System32\mmcss.dll

ProfSvc                           User Profile Service                                              C:\Windows\System32\profsvc.dll

Schedule                         Task Scheduler                                                   C:\Windows\System32\schedsvc.dll

SENS                              System Event Notification Service                        C:\Windows\System32\sens.dll

ShellHWDetection            Shell Hardware Detection                                     C:\Windows\System32\shsvcs.dll

Themes                           Themes                                                              C:\Windows\System32\themeservice.dll

Winmgmt                        Windows Management Instrumentation                  C:\Windows\System32\WMlsvc.dll

Wuauserv                        Windows Update                                                  C:\Windows\System32\wuaueng.dll


Edited by SuzSoody, 18 January 2016 - 06:49 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users