Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

M

mwmcginn

18 Posts

2411

August 11th, 2008 02:00

dllhost.exe high cpu

dllhost.exe seems to be using about 50% of my cpu all the time.  I have an xps m1530.   Not sure what it is for sure, but here is the hjt log.  I am lost, so any help would be awesome:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:12 PM, on 8/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://themcginnisblog.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://192.168.1.65/bl_camera.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9787 bytes
 

bamajim

10.4K Posts

August 11th, 2008 12:00

mwmcginn

May be nothing lets take a look

1. Go HERE and download TempFix.
Save it to your Desktop (but do not run it yet)

2. Reboot into Safe Mode
This can be done by
  • Restart your PC, and after it starts, but before you see the Windows Splash screen
    Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
    Use your arrow keys and select Safe Mode and then Enter


3. Rt Click TempFix.zip ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
  • Open the TempFix Folder.
    Rt Click TempFix.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\TempFix.txt
    Copy and paste the contents of that log in your reply.
    Note: if your root drive is something other thatn C:\ then the log will default to your designated root drive





4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log.
As well as the C:\TempFix.txt log

















Microsoft MVP Consumer-Security

 


"The world is what you make of it"




bamajim

10.4K Posts

August 11th, 2008 13:00

mwmcginn

Again it may be nothing, but the type of infection that usually overclocks the dllhost is Vundo, so this tool will let us know if it's there.

 



 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"


mwmcginn

18 Posts

August 11th, 2008 13:00

Thanks, I'll do it tonight.  But had a question for you if you have time.  What indicated the problem?

mwmcginn

18 Posts

August 12th, 2008 01:00

C:\Users\Mike\AppData\Local\Temp\TWAIN.LOG C:\Users\Mike\AppData\Local\Temp\Twain001.Mtx C:\Users\Mike\AppData\Local\Temp\Twunk001.MTX C:\Users\Mike\AppData\Local\Temp\Twunk002.MTX C:\Users\Mike\AppData\Local\Temp\undocked-cloudy.png C:\Users\Mike\AppData\Local\Temp\undocked-cloudy_mostly.png C:\Users\Mike\AppData\Local\Temp\undocked-flurries.png C:\Users\Mike\AppData\Local\Temp\undocked-fog.png C:\Users\Mike\AppData\Local\Temp\undocked-haze.png C:\Users\Mike\AppData\Local\Temp\undocked-icy.png C:\Users\Mike\AppData\Local\Temp\undocked-lightning.png C:\Users\Mike\AppData\Local\Temp\undocked-moon.png C:\Users\Mike\AppData\Local\Temp\undocked-rain.png C:\Users\Mike\AppData\Local\Temp\undocked-snow.png C:\Users\Mike\AppData\Local\Temp\undocked-storm.png C:\Users\Mike\AppData\Local\Temp\undocked-sunny.png C:\Users\Mike\AppData\Local\Temp\undocked-sunny[0].png C:\Users\Mike\AppData\Local\Temp\undocked-sunny_mostly.png C:\Users\Mike\AppData\Local\Temp\wallsmack.jpg C:\Users\Mike\AppData\Local\Temp\WER-16457419-0.sysdata.xml C:\Users\Mike\AppData\Local\Temp\WER4EA3.tmp.version.txt C:\Users\Mike\AppData\Local\Temp\WER9918.tmp.version.txt C:\Users\Mike\AppData\Local\Temp\WERB207.tmp.version.txt C:\Users\Mike\AppData\Local\Temp\werewolf.jpg C:\Users\Mike\AppData\Local\Temp\werewolf2.grid C:\Users\Mike\AppData\Local\Temp\werewolf_MASK.bmp C:\Users\Mike\AppData\Local\Temp\wmplog00.sqm C:\Users\Mike\AppData\Local\Temp\wmplog01.sqm C:\Users\Mike\AppData\Local\Temp\wmplog02.sqm C:\Users\Mike\AppData\Local\Temp\wmplog03.sqm C:\Users\Mike\AppData\Local\Temp\wmsetup.log C:\Users\Mike\AppData\Local\Temp\ymsgr2 C:\Users\Mike\AppData\Local\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini C:\Users\Mike\AppData\Local\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini C:\Users\Mike\AppData\Local\Temp\~DF1195.tmp C:\Users\Mike\AppData\Local\Temp\~DF1197.tmp C:\Users\Mike\AppData\Local\Temp\~DF1233.tmp C:\Users\Mike\AppData\Local\Temp\~DF12A9.tmp C:\Users\Mike\AppData\Local\Temp\~DF1319.tmp C:\Users\Mike\AppData\Local\Temp\~DF1354.tmp C:\Users\Mike\AppData\Local\Temp\~DF1416.tmp C:\Users\Mike\AppData\Local\Temp\~DF1423.tmp C:\Users\Mike\AppData\Local\Temp\~DF151A.tmp C:\Users\Mike\AppData\Local\Temp\~DF15C3.tmp C:\Users\Mike\AppData\Local\Temp\~DF1733.tmp C:\Users\Mike\AppData\Local\Temp\~DF1795.tmp C:\Users\Mike\AppData\Local\Temp\~DF188.tmp C:\Users\Mike\AppData\Local\Temp\~DF1A1B.tmp C:\Users\Mike\AppData\Local\Temp\~DF1A37.tmp C:\Users\Mike\AppData\Local\Temp\~DF1B9.tmp C:\Users\Mike\AppData\Local\Temp\~DF1C43.tmp C:\Users\Mike\AppData\Local\Temp\~DF1C46.tmp C:\Users\Mike\AppData\Local\Temp\~DF1D30.tmp C:\Users\Mike\AppData\Local\Temp\~DF1E57.tmp C:\Users\Mike\AppData\Local\Temp\~DF1F72.tmp C:\Users\Mike\AppData\Local\Temp\~DF201E.tmp C:\Users\Mike\AppData\Local\Temp\~DF2024.tmp C:\Users\Mike\AppData\Local\Temp\~DF20C2.tmp C:\Users\Mike\AppData\Local\Temp\~DF217.tmp C:\Users\Mike\AppData\Local\Temp\~DF21D0.tmp C:\Users\Mike\AppData\Local\Temp\~DF22D3.tmp C:\Users\Mike\AppData\Local\Temp\~DF230.tmp C:\Users\Mike\AppData\Local\Temp\~DF235.tmp C:\Users\Mike\AppData\Local\Temp\~DF238F.tmp C:\Users\Mike\AppData\Local\Temp\~DF247F.tmp C:\Users\Mike\AppData\Local\Temp\~DF24D.tmp C:\Users\Mike\AppData\Local\Temp\~DF2572.tmp C:\Users\Mike\AppData\Local\Temp\~DF2660.tmp C:\Users\Mike\AppData\Local\Temp\~DF27BE.tmp C:\Users\Mike\AppData\Local\Temp\~DF29AC.tmp C:\Users\Mike\AppData\Local\Temp\~DF29B5.tmp C:\Users\Mike\AppData\Local\Temp\~DF29B8.tmp C:\Users\Mike\AppData\Local\Temp\~DF2B56.tmp C:\Users\Mike\AppData\Local\Temp\~DF2CEC.tmp C:\Users\Mike\AppData\Local\Temp\~DF2CF1.tmp C:\Users\Mike\AppData\Local\Temp\~DF2D5A.tmp C:\Users\Mike\AppData\Local\Temp\~DF2D78.tmp C:\Users\Mike\AppData\Local\Temp\~DF2E42.tmp C:\Users\Mike\AppData\Local\Temp\~DF2E81.tmp C:\Users\Mike\AppData\Local\Temp\~DF3072.tmp C:\Users\Mike\AppData\Local\Temp\~DF311F.tmp C:\Users\Mike\AppData\Local\Temp\~DF32F.tmp C:\Users\Mike\AppData\Local\Temp\~DF330F.tmp C:\Users\Mike\AppData\Local\Temp\~DF3312.tmp C:\Users\Mike\AppData\Local\Temp\~DF3328.tmp C:\Users\Mike\AppData\Local\Temp\~DF33AC.tmp C:\Users\Mike\AppData\Local\Temp\~DF3415.tmp C:\Users\Mike\AppData\Local\Temp\~DF34B4.tmp C:\Users\Mike\AppData\Local\Temp\~DF35F6.tmp C:\Users\Mike\AppData\Local\Temp\~DF386.tmp C:\Users\Mike\AppData\Local\Temp\~DF3955.tmp C:\Users\Mike\AppData\Local\Temp\~DF3AEC.tmp C:\Users\Mike\AppData\Local\Temp\~DF3B10.tmp C:\Users\Mike\AppData\Local\Temp\~DF3C49.tmp C:\Users\Mike\AppData\Local\Temp\~DF3E53.tmp C:\Users\Mike\AppData\Local\Temp\~DF3E59.tmp C:\Users\Mike\AppData\Local\Temp\~DF3E5A.tmp C:\Users\Mike\AppData\Local\Temp\~DF3E5B.tmp C:\Users\Mike\AppData\Local\Temp\~DF3FC2.tmp C:\Users\Mike\AppData\Local\Temp\~DF402E.tmp C:\Users\Mike\AppData\Local\Temp\~DF40B.tmp C:\Users\Mike\AppData\Local\Temp\~DF413A.tmp C:\Users\Mike\AppData\Local\Temp\~DF4295.tmp C:\Users\Mike\AppData\Local\Temp\~DF43F1.tmp C:\Users\Mike\AppData\Local\Temp\~DF449D.tmp C:\Users\Mike\AppData\Local\Temp\~DF451D.tmp C:\Users\Mike\AppData\Local\Temp\~DF4555.tmp C:\Users\Mike\AppData\Local\Temp\~DF45FF.tmp C:\Users\Mike\AppData\Local\Temp\~DF4638.tmp C:\Users\Mike\AppData\Local\Temp\~DF4668.tmp C:\Users\Mike\AppData\Local\Temp\~DF46D2.tmp C:\Users\Mike\AppData\Local\Temp\~DF480C.tmp C:\Users\Mike\AppData\Local\Temp\~DF4908.tmp C:\Users\Mike\AppData\Local\Temp\~DF49A1.tmp C:\Users\Mike\AppData\Local\Temp\~DF49D8.tmp C:\Users\Mike\AppData\Local\Temp\~DF49F1.tmp C:\Users\Mike\AppData\Local\Temp\~DF4B81.tmp C:\Users\Mike\AppData\Local\Temp\~DF4C3A.tmp C:\Users\Mike\AppData\Local\Temp\~DF4C5C.tmp C:\Users\Mike\AppData\Local\Temp\~DF5244.tmp C:\Users\Mike\AppData\Local\Temp\~DF5251.tmp C:\Users\Mike\AppData\Local\Temp\~DF52E0.tmp C:\Users\Mike\AppData\Local\Temp\~DF53C.tmp C:\Users\Mike\AppData\Local\Temp\~DF53F7.tmp C:\Users\Mike\AppData\Local\Temp\~DF53FB.tmp C:\Users\Mike\AppData\Local\Temp\~DF5457.tmp C:\Users\Mike\AppData\Local\Temp\~DF54E4.tmp C:\Users\Mike\AppData\Local\Temp\~DF5564.tmp C:\Users\Mike\AppData\Local\Temp\~DF56DD.tmp C:\Users\Mike\AppData\Local\Temp\~DF56FE.tmp C:\Users\Mike\AppData\Local\Temp\~DF57D0.tmp C:\Users\Mike\AppData\Local\Temp\~DF5895.tmp C:\Users\Mike\AppData\Local\Temp\~DF591C.tmp C:\Users\Mike\AppData\Local\Temp\~DF5AC.tmp C:\Users\Mike\AppData\Local\Temp\~DF5B78.tmp C:\Users\Mike\AppData\Local\Temp\~DF5B8.tmp C:\Users\Mike\AppData\Local\Temp\~DF5C15.tmp C:\Users\Mike\AppData\Local\Temp\~DF5C2F.tmp C:\Users\Mike\AppData\Local\Temp\~DF5CD6.tmp C:\Users\Mike\AppData\Local\Temp\~DF5D3E.tmp C:\Users\Mike\AppData\Local\Temp\~DF5E00.tmp C:\Users\Mike\AppData\Local\Temp\~DF5F8F.tmp C:\Users\Mike\AppData\Local\Temp\~DF6167.tmp C:\Users\Mike\AppData\Local\Temp\~DF6187.tmp C:\Users\Mike\AppData\Local\Temp\~DF61A9.tmp C:\Users\Mike\AppData\Local\Temp\~DF6353.tmp C:\Users\Mike\AppData\Local\Temp\~DF6439.tmp C:\Users\Mike\AppData\Local\Temp\~DF647A.tmp C:\Users\Mike\AppData\Local\Temp\~DF6847.tmp C:\Users\Mike\AppData\Local\Temp\~DF69BF.tmp C:\Users\Mike\AppData\Local\Temp\~DF6A57.tmp C:\Users\Mike\AppData\Local\Temp\~DF6A7D.tmp C:\Users\Mike\AppData\Local\Temp\~DF6B4A.tmp C:\Users\Mike\AppData\Local\Temp\~DF6D77.tmp C:\Users\Mike\AppData\Local\Temp\~DF6E20.tmp C:\Users\Mike\AppData\Local\Temp\~DF6E35.tmp C:\Users\Mike\AppData\Local\Temp\~DF6FE0.tmp C:\Users\Mike\AppData\Local\Temp\~DF70A0.tmp C:\Users\Mike\AppData\Local\Temp\~DF7163.tmp C:\Users\Mike\AppData\Local\Temp\~DF7185.tmp C:\Users\Mike\AppData\Local\Temp\~DF72A2.tmp C:\Users\Mike\AppData\Local\Temp\~DF72F5.tmp C:\Users\Mike\AppData\Local\Temp\~DF7335.tmp C:\Users\Mike\AppData\Local\Temp\~DF7343.tmp C:\Users\Mike\AppData\Local\Temp\~DF73C3.tmp C:\Users\Mike\AppData\Local\Temp\~DF75CB.tmp C:\Users\Mike\AppData\Local\Temp\~DF76.tmp C:\Users\Mike\AppData\Local\Temp\~DF7750.tmp C:\Users\Mike\AppData\Local\Temp\~DF7798.tmp C:\Users\Mike\AppData\Local\Temp\~DF77F5.tmp C:\Users\Mike\AppData\Local\Temp\~DF7878.tmp C:\Users\Mike\AppData\Local\Temp\~DF7A12.tmp C:\Users\Mike\AppData\Local\Temp\~DF7A1C.tmp C:\Users\Mike\AppData\Local\Temp\~DF7B28.tmp C:\Users\Mike\AppData\Local\Temp\~DF7E9C.tmp C:\Users\Mike\AppData\Local\Temp\~DF7F6B.tmp C:\Users\Mike\AppData\Local\Temp\~DF804D.tmp C:\Users\Mike\AppData\Local\Temp\~DF8322.tmp C:\Users\Mike\AppData\Local\Temp\~DF866D.tmp C:\Users\Mike\AppData\Local\Temp\~DF869A.tmp C:\Users\Mike\AppData\Local\Temp\~DF89D.tmp C:\Users\Mike\AppData\Local\Temp\~DF8A57.tmp C:\Users\Mike\AppData\Local\Temp\~DF8C03.tmp C:\Users\Mike\AppData\Local\Temp\~DF8C2D.tmp C:\Users\Mike\AppData\Local\Temp\~DF8C2E.tmp C:\Users\Mike\AppData\Local\Temp\~DF8C9C.tmp C:\Users\Mike\AppData\Local\Temp\~DF8CA7.tmp C:\Users\Mike\AppData\Local\Temp\~DF8CAD.tmp C:\Users\Mike\AppData\Local\Temp\~DF8D08.tmp C:\Users\Mike\AppData\Local\Temp\~DF8D5E.tmp C:\Users\Mike\AppData\Local\Temp\~DF8DBE.tmp C:\Users\Mike\AppData\Local\Temp\~DF8F9B.tmp C:\Users\Mike\AppData\Local\Temp\~DF914B.tmp C:\Users\Mike\AppData\Local\Temp\~DF93F3.tmp C:\Users\Mike\AppData\Local\Temp\~DF960F.tmp C:\Users\Mike\AppData\Local\Temp\~DF97CF.tmp C:\Users\Mike\AppData\Local\Temp\~DF9867.tmp C:\Users\Mike\AppData\Local\Temp\~DF9916.tmp C:\Users\Mike\AppData\Local\Temp\~DF9B01.tmp C:\Users\Mike\AppData\Local\Temp\~DF9B2C.tmp C:\Users\Mike\AppData\Local\Temp\~DF9B9C.tmp C:\Users\Mike\AppData\Local\Temp\~DF9C5E.tmp C:\Users\Mike\AppData\Local\Temp\~DF9CE5.tmp C:\Users\Mike\AppData\Local\Temp\~DF9D6A.tmp C:\Users\Mike\AppData\Local\Temp\~DF9D9E.tmp C:\Users\Mike\AppData\Local\Temp\~DF9E55.tmp C:\Users\Mike\AppData\Local\Temp\~DF9FA9.tmp C:\Users\Mike\AppData\Local\Temp\~DFA0C.tmp C:\Users\Mike\AppData\Local\Temp\~DFA102.tmp C:\Users\Mike\AppData\Local\Temp\~DFA1AA.tmp C:\Users\Mike\AppData\Local\Temp\~DFA1B2.tmp C:\Users\Mike\AppData\Local\Temp\~DFA220.tmp C:\Users\Mike\AppData\Local\Temp\~DFA2DC.tmp C:\Users\Mike\AppData\Local\Temp\~DFA3B.tmp C:\Users\Mike\AppData\Local\Temp\~DFA3B0.tmp C:\Users\Mike\AppData\Local\Temp\~DFA482.tmp C:\Users\Mike\AppData\Local\Temp\~DFA5DB.tmp C:\Users\Mike\AppData\Local\Temp\~DFA668.tmp C:\Users\Mike\AppData\Local\Temp\~DFA66D.tmp C:\Users\Mike\AppData\Local\Temp\~DFA88.tmp C:\Users\Mike\AppData\Local\Temp\~DFA8DA.tmp C:\Users\Mike\AppData\Local\Temp\~DFA8E7.tmp C:\Users\Mike\AppData\Local\Temp\~DFA97C.tmp C:\Users\Mike\AppData\Local\Temp\~DFAB9A.tmp C:\Users\Mike\AppData\Local\Temp\~DFABE4.tmp C:\Users\Mike\AppData\Local\Temp\~DFAC28.tmp C:\Users\Mike\AppData\Local\Temp\~DFACA2.tmp C:\Users\Mike\AppData\Local\Temp\~DFAD74.tmp C:\Users\Mike\AppData\Local\Temp\~DFADCB.tmp C:\Users\Mike\AppData\Local\Temp\~DFAEB3.tmp C:\Users\Mike\AppData\Local\Temp\~DFB009.tmp C:\Users\Mike\AppData\Local\Temp\~DFB028.tmp C:\Users\Mike\AppData\Local\Temp\~DFB04F.tmp C:\Users\Mike\AppData\Local\Temp\~DFB0D7.tmp C:\Users\Mike\AppData\Local\Temp\~DFB116.tmp C:\Users\Mike\AppData\Local\Temp\~DFB12B.tmp C:\Users\Mike\AppData\Local\Temp\~DFB14F.tmp C:\Users\Mike\AppData\Local\Temp\~DFB426.tmp C:\Users\Mike\AppData\Local\Temp\~DFB44E.tmp C:\Users\Mike\AppData\Local\Temp\~DFB4FE.tmp C:\Users\Mike\AppData\Local\Temp\~DFB794.tmp C:\Users\Mike\AppData\Local\Temp\~DFB871.tmp C:\Users\Mike\AppData\Local\Temp\~DFB9E.tmp C:\Users\Mike\AppData\Local\Temp\~DFBA3D.tmp C:\Users\Mike\AppData\Local\Temp\~DFBAB.tmp C:\Users\Mike\AppData\Local\Temp\~DFBC67.tmp C:\Users\Mike\AppData\Local\Temp\~DFBCAC.tmp C:\Users\Mike\AppData\Local\Temp\~DFBD86.tmp C:\Users\Mike\AppData\Local\Temp\~DFBD95.tmp C:\Users\Mike\AppData\Local\Temp\~DFBE5B.tmp C:\Users\Mike\AppData\Local\Temp\~DFBEE1.tmp C:\Users\Mike\AppData\Local\Temp\~DFC000.tmp C:\Users\Mike\AppData\Local\Temp\~DFC03A.tmp C:\Users\Mike\AppData\Local\Temp\~DFC0AB.tmp C:\Users\Mike\AppData\Local\Temp\~DFC108.tmp C:\Users\Mike\AppData\Local\Temp\~DFC169.tmp C:\Users\Mike\AppData\Local\Temp\~DFC238.tmp C:\Users\Mike\AppData\Local\Temp\~DFC2B2.tmp C:\Users\Mike\AppData\Local\Temp\~DFC472.tmp C:\Users\Mike\AppData\Local\Temp\~DFC494.tmp C:\Users\Mike\AppData\Local\Temp\~DFC553.tmp C:\Users\Mike\AppData\Local\Temp\~DFC5C5.tmp C:\Users\Mike\AppData\Local\Temp\~DFC7A0.tmp C:\Users\Mike\AppData\Local\Temp\~DFC850.tmp C:\Users\Mike\AppData\Local\Temp\~DFC9D5.tmp C:\Users\Mike\AppData\Local\Temp\~DFCB36.tmp C:\Users\Mike\AppData\Local\Temp\~DFCBC0.tmp C:\Users\Mike\AppData\Local\Temp\~DFCCBF.tmp C:\Users\Mike\AppData\Local\Temp\~DFCDC5.tmp C:\Users\Mike\AppData\Local\Temp\~DFCE2E.tmp C:\Users\Mike\AppData\Local\Temp\~DFCE8F.tmp C:\Users\Mike\AppData\Local\Temp\~DFCEDA.tmp C:\Users\Mike\AppData\Local\Temp\~DFCF05.tmp C:\Users\Mike\AppData\Local\Temp\~DFCF1C.tmp C:\Users\Mike\AppData\Local\Temp\~DFD07C.tmp C:\Users\Mike\AppData\Local\Temp\~DFD0DB.tmp C:\Users\Mike\AppData\Local\Temp\~DFD1FD.tmp C:\Users\Mike\AppData\Local\Temp\~DFD27B.tmp C:\Users\Mike\AppData\Local\Temp\~DFD2FD.tmp C:\Users\Mike\AppData\Local\Temp\~DFD4C8.tmp C:\Users\Mike\AppData\Local\Temp\~DFD54F.tmp C:\Users\Mike\AppData\Local\Temp\~DFD555.tmp C:\Users\Mike\AppData\Local\Temp\~DFD5D7.tmp C:\Users\Mike\AppData\Local\Temp\~DFD621.tmp C:\Users\Mike\AppData\Local\Temp\~DFD638.tmp C:\Users\Mike\AppData\Local\Temp\~DFD64.tmp C:\Users\Mike\AppData\Local\Temp\~DFD65F.tmp C:\Users\Mike\AppData\Local\Temp\~DFD6C5.tmp C:\Users\Mike\AppData\Local\Temp\~DFD6F2.tmp C:\Users\Mike\AppData\Local\Temp\~DFD7F1.tmp C:\Users\Mike\AppData\Local\Temp\~DFD819.tmp C:\Users\Mike\AppData\Local\Temp\~DFD8BB.tmp C:\Users\Mike\AppData\Local\Temp\~DFD8CE.tmp C:\Users\Mike\AppData\Local\Temp\~DFD95E.tmp C:\Users\Mike\AppData\Local\Temp\~DFD992.tmp C:\Users\Mike\AppData\Local\Temp\~DFD9AD.tmp C:\Users\Mike\AppData\Local\Temp\~DFD9CE.tmp C:\Users\Mike\AppData\Local\Temp\~DFDA29.tmp C:\Users\Mike\AppData\Local\Temp\~DFDB5A.tmp C:\Users\Mike\AppData\Local\Temp\~DFDBF7.tmp C:\Users\Mike\AppData\Local\Temp\~DFDC2.tmp C:\Users\Mike\AppData\Local\Temp\~DFDC2F.tmp C:\Users\Mike\AppData\Local\Temp\~DFDC32.tmp C:\Users\Mike\AppData\Local\Temp\~DFDCBE.tmp C:\Users\Mike\AppData\Local\Temp\~DFDD2F.tmp C:\Users\Mike\AppData\Local\Temp\~DFDEA3.tmp C:\Users\Mike\AppData\Local\Temp\~DFDEC6.tmp C:\Users\Mike\AppData\Local\Temp\~DFDF64.tmp C:\Users\Mike\AppData\Local\Temp\~DFDFF8.tmp C:\Users\Mike\AppData\Local\Temp\~DFE000.tmp C:\Users\Mike\AppData\Local\Temp\~DFE06.tmp C:\Users\Mike\AppData\Local\Temp\~DFE1A.tmp C:\Users\Mike\AppData\Local\Temp\~DFE297.tmp C:\Users\Mike\AppData\Local\Temp\~DFE4EA.tmp C:\Users\Mike\AppData\Local\Temp\~DFE5A6.tmp C:\Users\Mike\AppData\Local\Temp\~DFE616.tmp C:\Users\Mike\AppData\Local\Temp\~DFE6BA.tmp C:\Users\Mike\AppData\Local\Temp\~DFE6FA.tmp C:\Users\Mike\AppData\Local\Temp\~DFE95F.tmp C:\Users\Mike\AppData\Local\Temp\~DFEA.tmp C:\Users\Mike\AppData\Local\Temp\~DFEA26.tmp C:\Users\Mike\AppData\Local\Temp\~DFEB3D.tmp C:\Users\Mike\AppData\Local\Temp\~DFEBB7.tmp C:\Users\Mike\AppData\Local\Temp\~DFECBA.tmp C:\Users\Mike\AppData\Local\Temp\~DFECBB.tmp C:\Users\Mike\AppData\Local\Temp\~DFECFD.tmp C:\Users\Mike\AppData\Local\Temp\~DFEEF0.tmp C:\Users\Mike\AppData\Local\Temp\~DFEF72.tmp C:\Users\Mike\AppData\Local\Temp\~DFEFC1.tmp C:\Users\Mike\AppData\Local\Temp\~DFF12B.tmp C:\Users\Mike\AppData\Local\Temp\~DFF2B2.tmp C:\Users\Mike\AppData\Local\Temp\~DFF367.tmp C:\Users\Mike\AppData\Local\Temp\~DFF3F8.tmp C:\Users\Mike\AppData\Local\Temp\~DFF4BD.tmp C:\Users\Mike\AppData\Local\Temp\~DFF599.tmp C:\Users\Mike\AppData\Local\Temp\~DFF648.tmp C:\Users\Mike\AppData\Local\Temp\~DFF701.tmp C:\Users\Mike\AppData\Local\Temp\~DFF76E.tmp C:\Users\Mike\AppData\Local\Temp\~DFF9DC.tmp C:\Users\Mike\AppData\Local\Temp\~DFFA17.tmp C:\Users\Mike\AppData\Local\Temp\~DFFB69.tmp C:\Users\Mike\AppData\Local\Temp\~DFFBCE.tmp C:\Users\Mike\AppData\Local\Temp\~DFFC0.tmp C:\Users\Mike\AppData\Local\Temp\~DFFD8A.tmp C:\Users\Mike\AppData\Local\Temp\~DFFE2A.tmp C:\Users\Mike\AppData\Local\Temp\~DFFE57.tmp C:\Users\Mike\AppData\Local\Temp\~DFFF56.tmp C:\Users\Mike\AppData\Local\Temp\~DFFF7E.tmp C:\Users\Mike\AppData\Local\Temp\~DFFF82.tmp C:\Users\Mike\AppData\Local\Temp\~e5.0001 C:\Users\Mike\AppData\Local\Temp\~PICC6D.tmp C:\Users\Mike\AppData\Local\Temp\~PICC7D.tmp C:\Users\Mike\AppData\Local\Temp\~PICF6C.tmp 810 Files deleted

mwmcginn

18 Posts

August 12th, 2008 01:00

Not sure yet. I dont see it spiking yet, but it seems to do it after a while of operation. I'll let you know if we have a fix soon. Thanks for the help so far.

 

 

tempfix log

 

 

========================================
TempFix

Version 1.0.2

By bamajim @ bamajim.com

========================================


Report ran on --->>> 8/11/2008 9:15:15 PM


======== Files created in (System32) last 30 days ========

7/30/2008 9:47:52 AM 1671680 32 C:\Windows\System32\chsbrkr.dll
7/30/2008 9:47:52 AM 6103040 32 C:\Windows\System32\chtbrkr.dll
7/30/2008 9:47:53 AM 143872 32 C:\Windows\System32\korwbrkr.dll
7/30/2008 9:47:52 AM 11967524 32 C:\Windows\System32\korwbrkr.lex
7/30/2008 9:47:52 AM 40448 32 C:\Windows\System32\mimefilt.dll
7/30/2008 9:47:56 AM 34816 32 C:\Windows\System32\msscb.dll
7/30/2008 9:47:52 AM 60416 32 C:\Windows\System32\msscntrs.dll
7/30/2008 9:47:57 AM 11776 32 C:\Windows\System32\msshooks.dll
7/30/2008 9:47:53 AM 231936 32 C:\Windows\System32\msshsq.dll
7/30/2008 9:47:53 AM 87552 32 C:\Windows\System32\mssitlb.dll
7/30/2008 9:47:51 AM 350208 32 C:\Windows\System32\mssph.dll
7/30/2008 9:47:51 AM 203776 32 C:\Windows\System32\mssphtb.dll
7/30/2008 9:47:53 AM 32768 32 C:\Windows\System32\mssprxy.dll
7/30/2008 9:47:51 AM 1418240 32 C:\Windows\System32\mssrch.dll
7/30/2008 9:47:53 AM 44032 32 C:\Windows\System32\msstrc.dll
7/30/2008 9:47:51 AM 670208 32 C:\Windows\System32\mssvp.dll
7/19/2008 4:07:45 PM 801280 32 C:\Windows\System32\NaturalLanguage6.dll
7/30/2008 9:47:52 AM 136704 32 C:\Windows\System32\nlhtml.dll
7/19/2008 4:08:06 PM 12240896 32 C:\Windows\System32\NlsLexicons0007.dll
7/19/2008 4:08:02 PM 2644480 32 C:\Windows\System32\NlsLexicons0009.dll
7/30/2008 9:47:52 AM 194560 32 C:\Windows\System32\offfilt.dll
7/30/2008 9:47:53 AM 71680 32 C:\Windows\System32\propdefs.dll
7/30/2008 9:47:53 AM 754176 32 C:\Windows\System32\propsys.dll
7/30/2008 9:47:52 AM 38400 32 C:\Windows\System32\rtffilt.dll
7/30/2008 9:47:53 AM 87552 32 C:\Windows\System32\SearchFilterHost.exe
7/30/2008 9:47:52 AM 439808 32 C:\Windows\System32\SearchIndexer.exe
7/30/2008 9:47:52 AM 184832 32 C:\Windows\System32\SearchProtocolHost.exe
7/30/2008 9:47:53 AM 301568 32 C:\Windows\System32\srchadmin.dll
7/30/2008 9:47:56 AM 106605 32 C:\Windows\System32\StructuredQuerySchema.bin
7/30/2008 9:47:56 AM 18904 32 C:\Windows\System32\StructuredQuerySchemaTrivial.bin
7/30/2008 9:47:53 AM 313344 32 C:\Windows\System32\thawbrkr.dll
7/30/2008 9:47:52 AM 1582592 32 C:\Windows\System32\tquery.dll
7/30/2008 9:47:52 AM 29184 32 C:\Windows\System32\wsepno.dll
7/30/2008 9:47:52 AM 56320 32 C:\Windows\System32\xmlfilter.dll

========= Temp Files Deleted ========

C:\Users\Mike\AppData\Local\Temp\103288.od
C:\Users\Mike\AppData\Local\Temp\11097427.od
C:\Users\Mike\AppData\Local\Temp\11099361.od
C:\Users\Mike\AppData\Local\Temp\1127278.od
C:\Users\Mike\AppData\Local\Temp\1206901.od
C:\Users\Mike\AppData\Local\Temp\121290.od
C:\Users\Mike\AppData\Local\Temp\128291540.od
C:\Users\Mike\AppData\Local\Temp\15960852.od
C:\Users\Mike\AppData\Local\Temp\16326690.od
C:\Users\Mike\AppData\Local\Temp\187263.od
C:\Users\Mike\AppData\Local\Temp\190898.od
C:\Users\Mike\AppData\Local\Temp\1915614.od
C:\Users\Mike\AppData\Local\Temp\1916331.od
C:\Users\Mike\AppData\Local\Temp\2115810.od
C:\Users\Mike\AppData\Local\Temp\250023129.od
C:\Users\Mike\AppData\Local\Temp\250025423.od
C:\Users\Mike\AppData\Local\Temp\2594561.od
C:\Users\Mike\AppData\Local\Temp\26_phc.ram
C:\Users\Mike\AppData\Local\Temp\2916_zip_dump.png
C:\Users\Mike\AppData\Local\Temp\297976261.od
C:\Users\Mike\AppData\Local\Temp\321174.od
C:\Users\Mike\AppData\Local\Temp\32867523.od
C:\Users\Mike\AppData\Local\Temp\331392.od
C:\Users\Mike\AppData\Local\Temp\3340_zip_dump.cab
C:\Users\Mike\AppData\Local\Temp\33412153.od
C:\Users\Mike\AppData\Local\Temp\3381602.od
C:\Users\Mike\AppData\Local\Temp\34425442.od
C:\Users\Mike\AppData\Local\Temp\3546370.od
C:\Users\Mike\AppData\Local\Temp\3658005.od
C:\Users\Mike\AppData\Local\Temp\370486.od
C:\Users\Mike\AppData\Local\Temp\3859792.od
C:\Users\Mike\AppData\Local\Temp\3949071.od
C:\Users\Mike\AppData\Local\Temp\3950007.od
C:\Users\Mike\AppData\Local\Temp\405212.od
C:\Users\Mike\AppData\Local\Temp\4272_zip_dump.class
C:\Users\Mike\AppData\Local\Temp\435476.od
C:\Users\Mike\AppData\Local\Temp\4555104.od
C:\Users\Mike\AppData\Local\Temp\490f010f-2647-4289-9fea-8d8bcf7990bb.tmp
C:\Users\Mike\AppData\Local\Temp\51729.od
C:\Users\Mike\AppData\Local\Temp\520310.od
C:\Users\Mike\AppData\Local\Temp\54522.od
C:\Users\Mike\AppData\Local\Temp\557001.od
C:\Users\Mike\AppData\Local\Temp\583662.od
C:\Users\Mike\AppData\Local\Temp\65206561.od
C:\Users\Mike\AppData\Local\Temp\7080900.od
C:\Users\Mike\AppData\Local\Temp\75535.od
C:\Users\Mike\AppData\Local\Temp\7671115.od
C:\Users\Mike\AppData\Local\Temp\793280.od
C:\Users\Mike\AppData\Local\Temp\90636.od
C:\Users\Mike\AppData\Local\Temp\96F7.tmp
C:\Users\Mike\AppData\Local\Temp\972_zip_dump.class
C:\Users\Mike\AppData\Local\Temp\airforce3.bmp
C:\Users\Mike\AppData\Local\Temp\AUInst.log
C:\Users\Mike\AppData\Local\Temp\autoextra.bmp
C:\Users\Mike\AppData\Local\Temp\AutoRun.exe
C:\Users\Mike\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Mike\AppData\Local\Temp\avg8inst.log
C:\Users\Mike\AppData\Local\Temp\b9c5c21a-1c2d-446e-b177-250b7bf1b1b9.tmp
C:\Users\Mike\AppData\Local\Temp\bananaspin10frames02.jpg
C:\Users\Mike\AppData\Local\Temp\bananaspin10frames02_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\baybridge3frames.jpg
C:\Users\Mike\AppData\Local\Temp\baybridge3frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\baybridgesky.jpg
C:\Users\Mike\AppData\Local\Temp\baybridgesky_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\bgwhite.jpg
C:\Users\Mike\AppData\Local\Temp\bub3frames.jpg
C:\Users\Mike\AppData\Local\Temp\bub3frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\cattycush.jpg
C:\Users\Mike\AppData\Local\Temp\cattycush_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\cattysleepwake14frames.jpg
C:\Users\Mike\AppData\Local\Temp\cattysleepwake14frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\ctmweb.htm
C:\Users\Mike\AppData\Local\Temp\ctmweb.xml
C:\Users\Mike\AppData\Local\Temp\CVR15BF.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR1AC0.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR1D02.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR2022.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR270F.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR2E9E.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR336E.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR3ADE.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR3D9C.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR420F.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR45A8.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR48E2.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR4A62.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR5553.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR5CE1.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR620C.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR6A75.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR7FC9.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR8160.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR84C3.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR8B14.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR92D4.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR9378.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR9701.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVR9962.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRA505.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRA736.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRBC4.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRC1C5.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRCA11.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRCCA.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRD115.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRD3B.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRD42A.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRD48D.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRD9CA.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRDB7F.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRE550.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRE687.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRE7EE.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRE80.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRE9B2.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRF076.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\CVRF921.tmp.cvr
C:\Users\Mike\AppData\Local\Temp\dell_hnm2-v1_7-07-01-2008-094053-931-3716-3412.dmp
C:\Users\Mike\AppData\Local\Temp\dell_hnm2-v1_7-07-01-2008-094053-931-3716-3412.zip
C:\Users\Mike\AppData\Local\Temp\disco4frames.jpg
C:\Users\Mike\AppData\Local\Temp\disco4frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\DMI7081.tmp
C:\Users\Mike\AppData\Local\Temp\DMIF625.tmp
C:\Users\Mike\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Mike\AppData\Local\Temp\EASOUNInstaller.exe
C:\Users\Mike\AppData\Local\Temp\eauninstall.exe
C:\Users\Mike\AppData\Local\Temp\elvenears.jpg
C:\Users\Mike\AppData\Local\Temp\elvenears_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\farm.jpg
C:\Users\Mike\AppData\Local\Temp\farm_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\fash05.jpg
C:\Users\Mike\AppData\Local\Temp\fash05_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\flaC60B.tmp
C:\Users\Mike\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Mike\AppData\Local\Temp\flysky.jpg
C:\Users\Mike\AppData\Local\Temp\gardasil.bmp
C:\Users\Mike\AppData\Local\Temp\GoogleDesktop.exe__473d81297fd44f11f9b87484236a2cc9.dmp
C:\Users\Mike\AppData\Local\Temp\herofly4frames.jpg
C:\Users\Mike\AppData\Local\Temp\herofly4frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\hover_glow.png
C:\Users\Mike\AppData\Local\Temp\icon_chanceofrain.png
C:\Users\Mike\AppData\Local\Temp\icon_chanceofsleet.png
C:\Users\Mike\AppData\Local\Temp\icon_chanceofsnow.png
C:\Users\Mike\AppData\Local\Temp\icon_chanceofstorm.png
C:\Users\Mike\AppData\Local\Temp\icon_chanceofthunderstorm.png
C:\Users\Mike\AppData\Local\Temp\icon_clear_night.png
C:\Users\Mike\AppData\Local\Temp\icon_cloudy.png
C:\Users\Mike\AppData\Local\Temp\icon_flurries.png
C:\Users\Mike\AppData\Local\Temp\icon_fog.png
C:\Users\Mike\AppData\Local\Temp\icon_haze.png
C:\Users\Mike\AppData\Local\Temp\icon_icy.png
C:\Users\Mike\AppData\Local\Temp\icon_mostlyclear_night.png
C:\Users\Mike\AppData\Local\Temp\icon_mostlycloudy.png
C:\Users\Mike\AppData\Local\Temp\icon_mostlycloudy_night.png
C:\Users\Mike\AppData\Local\Temp\icon_mostlysunny.png
C:\Users\Mike\AppData\Local\Temp\icon_rain.png
C:\Users\Mike\AppData\Local\Temp\icon_snow.png
C:\Users\Mike\AppData\Local\Temp\icon_storm.png
C:\Users\Mike\AppData\Local\Temp\icon_sunny.png
C:\Users\Mike\AppData\Local\Temp\icon_thunderstorm.png
C:\Users\Mike\AppData\Local\Temp\indipoke7frames.jpg
C:\Users\Mike\AppData\Local\Temp\indipoke7frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\junglebg02.jpg
C:\Users\Mike\AppData\Local\Temp\listerine.bmp
C:\Users\Mike\AppData\Local\Temp\london3frames.jpg
C:\Users\Mike\AppData\Local\Temp\london3frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\londonsky.jpg
C:\Users\Mike\AppData\Local\Temp\londonsky_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\Mike.bmp
C:\Users\Mike\AppData\Local\Temp\monkbackscratch15frames.jpg
C:\Users\Mike\AppData\Local\Temp\monkbackscratch15frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\monkeyscratch4frames02.jpg
C:\Users\Mike\AppData\Local\Temp\monkeyscratch4frames02_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\MSI330d1.LOG
C:\Users\Mike\AppData\Local\Temp\MSI8ea4f.LOG
C:\Users\Mike\AppData\Local\Temp\MSIa8fd1.LOG
C:\Users\Mike\AppData\Local\Temp\navy2.bmp
C:\Users\Mike\AppData\Local\Temp\newyork3frames.jpg
C:\Users\Mike\AppData\Local\Temp\newyork3frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\newyorksky.jpg
C:\Users\Mike\AppData\Local\Temp\newyorksky_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\PatchByFile.tmp
C:\Users\Mike\AppData\Local\Temp\phantomhat.jpg
C:\Users\Mike\AppData\Local\Temp\phantomhat_MASK.bmp

 

C:\Users\Mike\AppData\Local\Temp\popcornhat8frames.jpg
C:\Users\Mike\AppData\Local\Temp\popcornhat8frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\ptshowdown.bmp
C:\Users\Mike\AppData\Local\Temp\QTInstallCode.log
C:\Users\Mike\AppData\Local\Temp\qtplugin.log
C:\Users\Mike\AppData\Local\Temp\ramhat.jpg
C:\Users\Mike\AppData\Local\Temp\ramhat_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\SetupExe(20080202065124E70).log
C:\Users\Mike\AppData\Local\Temp\slate_closed.png
C:\Users\Mike\AppData\Local\Temp\slate_main.png
C:\Users\Mike\AppData\Local\Temp\slate_open.png
C:\Users\Mike\AppData\Local\Temp\snowf3frames.jpg
C:\Users\Mike\AppData\Local\Temp\snow_ball.jpg
C:\Users\Mike\AppData\Local\Temp\stickmissile50frames.jpg
C:\Users\Mike\AppData\Local\Temp\stickmissile50frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\temp.ani
C:\Users\Mike\AppData\Local\Temp\thruspace4frames.jpg
C:\Users\Mike\AppData\Local\Temp\thruspace4frames_MASK.bmp
C:\Users\Mike\AppData\Local\Temp\Tiger Woods PGA TOUR 06_uninst.exe


 

 

 

mwmcginn

18 Posts

August 12th, 2008 01:00

HJT Log

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:00 PM, on 8/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://themcginnisblog.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://192.168.1.65/bl_camera.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9900 bytes

bamajim

10.4K Posts

August 12th, 2008 12:00

mwmcginn

 

How's your PC performing at this point?

 



 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"


mwmcginn

18 Posts

August 12th, 2008 19:00

Checked it this morning before I left for work.  Dllhost was back around 50%.  Little lost on this one.

bamajim

10.4K Posts

August 14th, 2008 13:00

mwmcginn

Don't see any signs of infection.

You may want to turn off some of your running programs, one at a time, and see if one of the programs is loading dllhost.







Microsoft MVP Consumer-Security

 


"The world is what you make of it"




bamajim

10.4K Posts

August 14th, 2008 19:00

mwmcginn

 

That's good info to know. Thanks

 

surf safe

 



 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"

mwmcginn

18 Posts

August 14th, 2008 19:00

Well, after some work looking into it, I couldnt really find a cause either.  I ran windows update, and all the suddeden the problem went away.  Not sure what the fix was, as there were a few outstanding updates, but its up and working now.

mwmcginn

18 Posts

August 21st, 2008 19:00

Well, it appears that I was too hasty.  The problem is still there!  Doh.

View More

View All

No Events found!

Top