[SOLVED] Vista Slow and using 100% CPU alot

[NeWcS]

Al of a sudden Vista has been running really slow and using %100 CPU for no reason. Can anyone help please?


CPU Info Frequency 1808
CPU Info CPU Name AMD Sempron(tm) Processor 3200+
Memory Info Total Physical Memory 2030528 KB RAM





Thank you

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:01:57 PM, on 6/29/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\PROGRA~1\FREEME~1\fmempro.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack this\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [FreeMem Pro] "D:\PROGRA~1\FREEME~1\fmempro.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: EBgoSniper.lnk = C:\Program Files\EBgoSniper\EBgoSniper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - D:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - D:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - D:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4762 bytes


-Jay

[alba]

Hi NeWcS


We suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

=============================

The log you've posted is the beta version of HijackThis and is still under development. Please refer to this thread TrendMicro's HijackThis version2 Beta

Uninstall your Beta version of HijackThis, and download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review.
• DSS automatically runs HijackThis 1.99.1 for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. **Allow dss.exe to download HijackThis 1.99.1 when prompted**

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

[NeWcS]

Deckard's System Scanner v20070611.50
Run by NeWcS on 2007-06-30 at 09:51:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as NeWcS.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:52:45 AM, on 6/30/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\DSS\dss.exe
C:\PROGRA~1\HIJACK~1\NeWcS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [FreeMem Pro] "D:\Program Files\FreeMem Professional\fmempro.exe" autostart
O4 - Global Startup: EBgoSniper.lnk = C:\Program Files\EBgoSniper\EBgoSniper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 lowpp (Lowrance MMC Parallel Port Driver) - \??\c:\windows\system32\drivers\lowpp.sys
R2 windrvNT - \??\c:\windows\system32\windrvnt.sys

S0 OemBiosDevice (Royalty OEM BIOS Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Files created between 2007-05-30 and 2007-06-30 -----------------------------

2007-06-30 09:49:52 0 d-------- C:\DSS
2007-06-29 21:56:09 0 d-------- C:\Program Files\WhatsRunning
2007-06-29 08:04:41 0 d-------- C:\Program Files\EBgoSniper
2007-06-29 02:36:05 0 d-------- C:\Program Files\SMS Create Pro
2007-06-29 02:25:12 0 d-------- C:\Program Files\BACKUP
2007-06-29 02:25:07 0 d-------- C:\Program Files\E-Tools Software
2007-06-27 17:18:06 312320 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-06-27 17:18:01 0 -rahs---- C:\MSDOS.SYS
2007-06-27 17:18:01 0 -rahs---- C:\IO.SYS
2007-06-26 17:32:50 0 d-------- C:\Program Files\Alien Skin
2007-06-24 09:56:26 208896 --a------ C:\kbuilder.exe <Not Verified; Kinem Software; kBuilder>
2007-06-19 20:53:07 0 d-------- C:\Users\All Users\vsosdk
2007-06-19 17:42:16 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2007-06-19 17:42:16 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2007-06-19 17:42:16 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2007-06-17 08:56:39 0 d-------- C:\Program Files\Common Files\NSV
2007-06-16 16:45:18 0 d-------- C:\Program Files\XemiComputers
2007-06-16 16:42:09 0 d-------- C:\Windows\Downloaded Installations
2007-06-16 10:48:02 135168 --a------ C:\Windows\system32\DSKernel2.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS Multimedia Filter Pack>
2007-06-16 10:47:49 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-06-16 10:47:14 0 d-------- C:\Program Files\Replay Converter
2007-06-14 14:13:36 0 d-a------ C:\Users\All Users\TEMP
2007-06-14 13:52:15 7787 --a------ C:\Windows\system32\drivers\lowpp.sys <Not Verified; Lowrance Electronics, Inc.; Lowrance Parallel Port Driver>
2007-06-14 13:03:32 0 d-------- C:\Program Files\Common Files\Canon
2007-06-06 00:41:36 0 d-------- C:\perflogs
2007-06-04 19:00:48 0 d-------- C:\Users\All Users\Adobe Systems
2007-06-04 08:07:39 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-31 20:36:15 0 d-------- C:\Users\All Users\FLEXnet
2007-05-31 20:33:53 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-05-31 20:29:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-30 19:23:37 0 d-------- C:\Program Files\vso


-- Find3M Report ---------------------------------------------------------------

2007-06-29 21:05:25 0 d-------- C:\Users\NeWcS\AppData\Roaming\uTorrent
2007-06-28 01:32:12 0 d-------- C:\Users\NeWcS\AppData\Roaming\Vso
2007-06-26 18:01:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-26 17:47:54 0 d-------- C:\Users\NeWcS\AppData\Roaming\Alien Skin
2007-06-26 16:19:48 0 d-------- C:\Users\NeWcS\AppData\Roaming\Adobe
2007-06-19 16:41:57 0 d-------- C:\Users\NeWcS\AppData\Roaming\CopyToDvd
2007-06-19 08:04:57 0 d-------- C:\Users\NeWcS\AppData\Roaming\DVD Flick
2007-06-17 08:55:17 0 d-------- C:\Users\NeWcS\AppData\Roaming\Winamp
2007-06-16 22:18:03 0 d-------- C:\Users\NeWcS\AppData\Roaming\AdobeUM
2007-06-16 12:03:12 0 d-------- C:\Users\NeWcS\AppData\Roaming\FlashFXP
2007-06-13 18:05:07 0 d-------- C:\Program Files\Windows Mail
2007-06-04 08:01:22 0 d-------- C:\Users\NeWcS\AppData\Roaming\GlobalSCAPE
2007-05-31 21:12:52 0 d-------- C:\Program Files\Gigabyte
2007-05-30 20:12:55 34 --a------ C:\Users\NeWcS\AppData\Roaming\pcouffin.log
2007-05-30 20:11:55 7887 --a------ C:\Users\NeWcS\AppData\Roaming\pcouffin.cat
2007-05-26 13:41:18 0 d-------- C:\Program Files\DAEMON Tools
2007-05-26 1351 0 d-------- C:\Program Files\GoldWave
2007-05-26 12:53:10 0 d-------- C:\Users\NeWcS\AppData\Roaming\Apple Computer
2007-05-26 12:52:40 0 d-------- C:\Program Files\iPod
2007-05-26 08:03:11 0 d-------- C:\Users\NeWcS\AppData\Roaming\Talkback
2007-05-26 08:03:06 0 d-------- C:\Users\NeWcS\AppData\Roaming\Mozilla
2007-05-25 22:05:02 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-05-24 20:36:43 35363 --a------ C:\Windows\system32\windrvNT.sys
2007-05-24 20:36:43 53248 --a------ C:\Windows\system32\suppdll.dll
2007-05-24 20:14:35 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-05-24 20:12:34 0 d-------- C:\Program Files\Microsoft.NET
2007-05-23 23:38:56 0 d-------- C:\Program Files\VistaCodecPack
2007-05-23 23:25:23 0 d-------- C:\Program Files\Common Files\InstallShield
2007-05-23 23:11:37 1277 --a------ C:\Windows\mozver.dat
2007-05-23 23:11:27 0 d-------- C:\Program Files\Java
2007-05-23 23:10:07 0 d-------- C:\Program Files\Common Files\Java
2007-05-23 22:46:52 0 d-------- C:\Users\NeWcS\AppData\Roaming\WinRAR
2007-05-23 22:31:08 0 d-------- C:\Users\NeWcS\AppData\Roaming\ImgBurn
2007-05-23 19:25:20 0 d-------- C:\Program Files\BitLocker
2007-05-23 19:25:19 0 d-------- C:\Program Files\Microsoft Games
2007-05-22 23:54:06 0 d-------- C:\Program Files\Kaspersky Lab
2007-05-22 22:14:18 0 d-------- C:\Users\NeWcS\AppData\Roaming\Macromedia
2007-05-22 19:45:04 0 d-------- C:\Program Files\Windows Defender
2007-05-22 19:21:13 0 d-------- C:\Users\NeWcS\AppData\Roaming\Identities
2007-05-08 18:23:10 10752 --a------ C:\Windows\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
"CmPCIaudio"="RunDll32 CMICNFG3.CPL,CMICtrlWnd"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"FreeMem Pro"="\"D:\\Program Files\\FreeMem Professional\\fmempro.exe\" autostart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}"="Windows DreamScene"
"{EC654325-1273-C2A9-2B7C-45D29BCE68FB}"="Deskscapes"
"{EC654325-1273-C2A9-2B7C-45D29BCE68FD}"="Stardock Vista ControlPanel Extension"
"{EC654325-1273-C2A9-2B7C-45D29BCE68FF}"="StardockDreamController"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Notification Packages REG_MULTI_SZ scecli\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
Authentication Packages REG_MULTI_SZ msv1_0\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:0000001a
"HOUR"=dword:0000000d
"MINUTE"=dword:00000026
"SECOND"=dword:00000018

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:00000017
"HOUR"=dword:00000017
"MINUTE"=dword:0000001c
"SECOND"=dword:00000033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"
"YEAR"=dword:000007d7
"MONTH"=dword:00000005
"DAY"=dword:0000001a
"HOUR"=dword:0000000d
"MINUTE"=dword:00000026
"SECOND"=dword:00000018

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0CscService\0wlansvc\0UmRdpService\0EMDMgmt\0WPDBusEnum\0TabletInputService\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43d91358-08ba-11dc-a32a-806e6f6e6963}]
shell\AutoRun\command E:\Run.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0f3c231-08d6-11dc-842a-806e6f6e6963}]
shell\AutoRun\command E:\LaunchCD.exe


-- End of Deckard's System Scanner: finished at 2007-06-30 at 09:53:19 ---------

[alba]

Hi NeWcS

There isnt any malware showing in your logs, lets dig a little deeper and see if we can find anything that may be causing the high CPU usage

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar, Go to Options>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to Report
• Next, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

[NeWcS]

Is it normal for 'Dr.Web CureIt' to take hours?


-Jay

[alba]

Hi Jay,

It could take a while depending on system size and or speed of your computer.

Was it still running or had it stopped?

If it just stopped on you, try doing an online scan at
Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).

• Follow the prompts to install the ActiveX controls
• It will say "Loading TrendMicro definitions".
• Click "Start Scan"

After it's done scanning, click "Scan Results"

• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.

Let me know if it found anything

[NeWcS]

It didn't find anything?

I'm starting to think its my anti-virus program that is slowing everything down, Kaspersky 6.0.2? I turned it off and my system seems to run a lot better. Could this be?

-Jay

[alba]

Hi Jay

Your logs are clean, it may well be your anti-virus I use NOD as it is very light on resources. You can try posting Vista support
Tell them that you have had your logs checked and your PC is clean

Please respond here one more time so that I can mark this as resolved in this forum

Best of luck

alba