Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus deep within computer


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK windows update repair


Go to this page
Run the fixit there (big button about one third the way down) - if the normal run does not cure it then re run and use the aggressive mode
  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know what your current problems are please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#34
Ken2893

Ken2893

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi. Sorry I diddnt respond yesterday I was at work. Well the only problem I have is the one from the very beginning. The slowness. What happens is the computer gets slow over time. The CPU usage spikes all the way up to %100.
  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you run OTL as above please and I will have a look see - and see if I can find a resolution for this
  • 0

#36
Ken2893

Ken2893

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
here you go. i dont think it made a extras.txt

OTL logfile created on: 5/23/2011 5:43:56 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ken\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.89% Memory free
8.00 Gb Paging File | 6.94 Gb Available in Paging File | 86.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 127.85 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
Drive D: | 7.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 14.65 Gb Total Space | 8.25 Gb Free Space | 56.29% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 05:41:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2011/05/06 19:43:05 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2010/10/27 05:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2010/04/12 04:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 05:41:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/08 16:06:50 | 000,295,424 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2011/03/09 05:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/06/17 21:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/04/29 09:55:18 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/16 05:29:33 | 000,818,115 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\msvfd32.exe -- (Adobe Licensing Console)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/09 10:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/03/09 10:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/09 05:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/17 21:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 3D 29 B2 4B BE CB 01 [binary data]
IE - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/16 05:09:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/25 22:41:19 | 000,000,000 | ---D | M]

[2010/10/09 15:26:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2011/05/17 13:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions
[2011/04/16 05:09:43 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/28 14:15:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/16 05:09:43 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\uruw9tx8.default\extensions\[email protected]
[2011/05/17 13:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/16 05:09:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/02 11:30:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/02 11:21:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1688366822-1479520909-2313585086-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Rainforest%20Adventure/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Rainforest%20Adventure/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 05:42:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/23 05:41:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2011/05/07 15:14:31 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Electronic Arts
[2011/05/07 15:02:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/05/04 06:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2011/05/02 12:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2011/05/02 12:06:19 | 001,420,288 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranFD.exe
[2011/05/02 12:06:19 | 000,295,424 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragS.exe
[2011/05/02 12:06:19 | 000,292,352 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDC.exe
[2011/05/02 12:06:19 | 000,270,336 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefrag.dll
[2011/05/02 12:06:19 | 000,132,608 | ---- | C] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
[2011/05/02 12:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2011/05/02 10:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/05/02 09:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/05/02 09:01:47 | 012,800,512 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2011/05/02 09:01:47 | 003,467,264 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011/05/02 09:01:47 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2011/05/02 09:01:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011/05/02 09:00:43 | 000,515,584 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/05/02 09:00:41 | 001,465,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/05/02 09:00:41 | 000,645,632 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/05/02 09:00:41 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/05/02 09:00:41 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646289.dll
[2011/05/02 08:58:29 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/05/02 08:58:25 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/05/02 08:58:20 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/05/02 07:17:24 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\My Drivers
[2011/05/02 07:17:24 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Innovative Solutions
[2011/05/02 07:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2011/05/01 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/04/30 11:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/28 14:16:19 | 000,000,000 | ---D | C] -- C:\Users\Ken\dwhelper
[2011/04/26 06:16:38 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\TuneUp Software
[2011/04/26 06:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/04/26 06:16:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/26 05:49:38 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Auslogics
[2011/04/26 05:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/04/26 05:49:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/04/25 22:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/04/25 22:19:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/25 22:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/25 22:19:19 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/16 05:29:33 | 000,818,115 | ---- | C] ( ) -- C:\Windows\SysWow64\msvfd32.exe

========== Files - Modified Within 30 Days ==========

[2011/05/23 05:41:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2011/05/23 04:31:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 04:31:52 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 04:24:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 04:24:29 | 3219,955,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 15:28:33 | 000,000,017 | ---- | M] () -- C:\Windows\SysNative\npd6.d
[2011/05/07 17:06:51 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/07 17:06:51 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/07 17:06:51 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/02 11:21:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

========== Files Created - No Company Name ==========

[2011/05/02 12:06:24 | 000,000,017 | ---- | C] () -- C:\Windows\SysNative\npd6.d
[2011/05/02 08:58:28 | 000,790,592 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/05/02 08:58:26 | 000,790,592 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/05/02 08:58:24 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/02 08:58:24 | 000,003,155 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2011/05/02 08:58:22 | 000,030,831 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/05/02 08:58:19 | 000,227,586 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2011/05/02 08:58:15 | 000,152,384 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/09/21 01:21:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 00:20:41 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\SysWow64\sherlock2.exe

========== LOP Check ==========

[2011/04/26 05:49:38 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Auslogics
[2011/05/23 05:49:10 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\BitTorrent
[2011/04/16 05:00:16 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Datel
[2011/04/16 05:00:16 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\FrostWire
[2010/10/15 02:46:05 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\GameTuts
[2011/02/05 17:37:12 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\GoldWaveCDDB
[2010/09/24 19:40:25 | 000,000,000 | -H-D | M] -- C:\Users\Ken\AppData\Roaming\Hardcore
[2011/04/16 21:21:13 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Sakura
[2011/04/16 05:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\SpinTop
[2011/04/26 06:16:38 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\TuneUp Software
[2011/03/04 18:29:16 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/11/27 00:26:50 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/11/27 00:26:50 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/11/27 00:26:50 | 000,553,696 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/11/27 00:26:49 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/11/27 00:26:49 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/11/27 00:26:49 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/24 01:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:7679D513
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C60A94A8

< End of report >

Attached Files

  • Attached File  OTL.Txt   63.19KB   103 downloads

  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When the system starts to slow down could you open taskmanager and let me know which process is starting to use all the CPU power
  • 0

#38
Ken2893

Ken2893

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
The main culprit is svchost.exe

There's at least 12 running. The highest is over 95,000
  • 0

#39
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please download Process Explorer from here

Install and run
Once the system starts slowing click the svchost process which is using the largest amount
Then either take a screenshot or go to File > Save as... and save to your desktop as a text file


Example from my system

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.45 0 K 24 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 0.77 0 K 0 K Deferred Procedure Calls
System 4 168 K 2,656 K
smss.exe 304 460 K 1,164 K
csrss.exe 448 2,404 K 4,512 K
wininit.exe 508 2,064 K 5,208 K
services.exe 564 6,824 K 10,456 K
svchost.exe 752 5,028 K 10,072 K Host Process for Windows Services Microsoft Corporation
FlashUtil10q_ActiveX.exe 2108 2,928 K 8,936 K Adobe® Flash® Player Installer/Uninstaller 10.3 r181 Adobe Systems, Inc.
wlcomm.exe 3356 14,588 K 22,716 K Windows Live Communications Platform Microsoft Corporation
svchost.exe 840 5,332 K 9,540 K Host Process for Windows Services Microsoft Corporation
atiesrxx.exe 892 2,060 K 4,852 K AMD External Events Service Module AMD
svchost.exe 976 26,528 K 23,892 K Host Process for Windows Services Microsoft Corporation
audiodg.exe 3124 22,632 K 21,468 K
svchost.exe 1012 152,020 K 158,808 K Host Process for Windows Services Microsoft Corporation
dwm.exe 1508 35,172 K 31,692 K Desktop Window Manager Microsoft Corporation
WUDFHost.exe 2924 2,776 K 6,896 K
svchost.exe 340 23,444 K 42,080 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1044 10,024 K 17,848 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1188 14,104 K 17,944 K Host Process for Windows Services Microsoft Corporation
AvastSvc.exe 1332 69,880 K 21,208 K avast! Service AVAST Software
spoolsv.exe 928 8,528 K 14,416 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1444 8,704 K 8,140 K Host Process for Windows Services Microsoft Corporation
taskhost.exe 1432 3,736 K 9,044 K Host Process for Windows Tasks Microsoft Corporation
svchost.exe 2280 1,404 K 3,224 K Host Process for Windows Services Microsoft Corporation
WLIDSVC.EXE 2328 8,964 K 17,008 K
WLIDSVCM.EXE 2592 1,820 K 3,924 K
svchost.exe 2940 3,600 K 6,880 K Host Process for Windows Services Microsoft Corporation
wmpnetwk.exe 2780 12,108 K 8,368 K Windows Media Player Network Sharing Service Microsoft Corporation
svchost.exe 2900 0.77 8,312 K 67,992 K Host Process for Windows Services Microsoft Corporation
svchost.exe 112 14,152 K 18,512 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3664 74,648 K 40,208 K Host Process for Windows Services Microsoft Corporation
afwServ.exe 2824 3,900 K 2,784 K avast! firewall service AVAST Software
iPodService.exe 1076 3,468 K 7,864 K iPodService Module (64-bit) Apple Inc.
lsass.exe 580 7,740 K 15,148 K Local Security Authority Process Microsoft Corporation
lsm.exe 588 3,008 K 4,996 K
csrss.exe 528 3,028 K 9,592 K
conhost.exe 4868 1,608 K 3,988 K Console Window Host Microsoft Corporation
conhost.exe 4036 1,592 K 3,956 K Console Window Host Microsoft Corporation
winlogon.exe 628 3,236 K 7,664 K
explorer.exe 1532 40,028 K 63,128 K Windows Explorer Microsoft Corporation
itype.exe 1660 11,796 K 3,632 K IType.exe Microsoft Corporation
dpupdchk.exe 1736 2,236 K 5,048 K dpupdchk.exe Microsoft Corporation
iexplore.exe 2092 23,000 K 36,596 K Internet Explorer Microsoft Corporation
iexplore.exe 2804 133,476 K 193,752 K Internet Explorer Microsoft Corporation
robotaskbaricon.exe 3300 8,948 K 18,096 K RoboForm TaskBar Icon Siber Systems
wlmail.exe 3324 80,716 K 104,116 K Windows Live Mail Microsoft Corporation
iexplore.exe 960 68,144 K 123,964 K Internet Explorer Microsoft Corporation
ipoint.exe 1676 7,388 K 17,412 K IPoint.exe Microsoft Corporation
CaledosWallpaper6.exe 1708 45,988 K 50,020 K Caledos Automatic Wallpaper Changer CaledosLAB
blueline.exe 3260 22,536 K 32,412 K BlueLine ITX Associates
notepad.exe 2076 2,216 K 7,292 K Notepad Microsoft Corporation
iTunes.exe 4764 3.86 56,572 K 67,504 K iTunes Apple Inc.
AppleMobileDeviceHelper.exe 3848 3,340 K 10,764 K MobileDeviceHelper Apple Inc.
distnoted.exe 1828 1,848 K 5,780 K distnoted Apple Inc.
procexp.exe 4552 2,440 K 8,568 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
procexp64.exe 2880 19,512 K 36,504 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
AvastUI.exe 1832 17,652 K 13,032 K avast! Antivirus AVAST Software
ctfmon.exe 3928 1,820 K 4,096 K CTF Loader Microsoft Corporation
WinPatrol.exe 1848 3,788 K 8,948 K WinPatrol System Monitor BillP Studios


  • 0

#40
Ken2893

Ken2893

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Here you go.
  • 0

Advertisements


#41
Ken2893

Ken2893

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
something happened with the post.
  • 0

#42
Ken2893

Ken2893

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
something happened with the post.
  • 0

#43
Ken2893

Ken2893

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Attached File  svchost.txt   4.09KB   134 downloadssomething happened with the post.
  • 0

#44
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It is dmw using the vast majority of memory

Have a read of this page

Try the two fixes suggested there and see if that helps - the fixes are very easily reversed. But it will enable us to narrow down the problem area

Also lets run a quick programme to look at the MBR

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#45
Ken2893

Ken2893

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
That's kinda weird that wpuld happen

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP