Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sluggish, can't find malware, Vista OS, OTL log include

Started by BeckyH , Jun 15 2011 09:26 AM

  • Please log in to reply

#91
BeckyH
Posted 23 June 2011 - 06:18 PM

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
it says the security center won't run without it
  • 0

Advertisements

#92
RKinner
Posted 23 June 2011 - 06:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Mine complained too but it let me stop it anyway. Sure enough Security Center complained but it's only temporary
  • 0

#93
BeckyH
Posted 23 June 2011 - 08:20 PM

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 73.44 0 K 24 K
firefox.exe 1952 11.60 433,916 K 443,620 K Firefox Mozilla Corporation
csrss.exe 668 5.41 9,272 K 11,964 K Client Server Runtime Process Microsoft Corporation
procexp64.exe 256 4.64 22,064 K 31,512 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
plugin-container.exe 2852 1.55 429,204 K 431,768 K Plugin Container for Firefox Mozilla Corporation
sttray64.exe 1120 0.77 9,152 K 17,948 K IDT PC Audio IDT, Inc.
PanelApp.exe 2136 0.77 24,696 K 34,456 K
igfxsrvc.exe 2116 0.77 3,188 K 7,380 K igfxsrvc Module Intel Corporation
explorer.exe 1656 0.77 39,088 K 55,020 K Windows Explorer Microsoft Corporation
AvastSvc.exe 1492 0.77 31,944 K 16,876 K avast! Service AVAST Software
System 4 < 0.01 0 K 35,580 K
ApMsgFwd.exe 764 < 0.01 1,876 K 4,224 K ApMsgFwd Alps Electric Co., Ltd.
AvastUI.exe 2304 < 0.01 12,752 K 9,780 K avast! Antivirus AVAST Software
svchost.exe 976 < 0.01 6,552 K 11,008 K Host Process for Windows Services Microsoft Corporation
hkcmd.exe 2012 < 0.01 3,132 K 7,264 K hkcmd Module Intel Corporation
wlanext.exe 1432 < 0.01 3,096 K 7,164 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
taskeng.exe 1704 < 0.01 11,620 K 14,744 K Task Scheduler Engine Microsoft Corporation
svchost.exe 420 < 0.01 17,744 K 18,688 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1372 < 0.01 10,164 K 18,584 K Spooler SubSystem App Microsoft Corporation
stacsv64.exe 4132 < 0.01 9,016 K 8,500 K IDT PC Audio IDT, Inc.
svchost.exe 1224 < 0.01 20,472 K 21,980 K Host Process for Windows Services Microsoft Corporation
Apoint.exe 2004 < 0.01 3,556 K 9,228 K Alps Pointing-device Driver Alps Electric Co., Ltd.
svchost.exe 3944 < 0.01 4,816 K 8,672 K Host Process for Windows Services Microsoft Corporation
svchost.exe 568 < 0.01 121,484 K 129,960 K Host Process for Windows Services Microsoft Corporation
csrss.exe 612 < 0.01 2,672 K 7,360 K Client Server Runtime Process Microsoft Corporation
mmc.exe 5056 < 0.01 70,836 K 19,028 K Microsoft Management Console Microsoft Corporation
svchost.exe 580 < 0.01 30,584 K 43,960 K Host Process for Windows Services Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wmpnscfg.exe 4652 2,908 K 7,516 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 3776 4,216 K 7,688 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 3572 2,112 K 4,320 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WLIDSVC.EXE 3260 8,944 K 16,616 K Microsoft® Windows Live ID Service Microsoft Corp.
winlogon.exe 800 3,304 K 8,160 K Windows Logon Application Microsoft Corporation
wininit.exe 648 2,240 K 5,788 K Windows Start-Up Application Microsoft Corporation
taskeng.exe 1700 3,324 K 8,336 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 4296 2,540 K 6,096 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1104 12,268 K 21,312 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3156 6,620 K 10,924 K Host Process for Windows Services Microsoft Corporation
svchost.exe 296 74,992 K 43,536 K Host Process for Windows Services Microsoft Corporation
svchost.exe 904 4,288 K 8,692 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1044 3,112 K 6,660 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1636 22,332 K 27,224 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2904 6,688 K 11,812 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2956 4,184 K 8,400 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2392 1,884 K 4,528 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1920 1,756 K 4,144 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2248 3,580 K 7,572 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3120 5,204 K 8,912 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3184 1,620 K 3,432 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2636 2,800 K 7,276 K Host Process for Windows Services Microsoft Corporation
sqlwriter.exe 3100 4,884 K 9,512 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlservr.exe 1320 41,380 K 2,864 K SQL Server Windows NT Microsoft Corporation
sqlbrowser.exe 1388 1,844 K 5,052 K SQL Browser Service EXE Microsoft Corporation
splwow64.exe 4916 2,768 K 6,380 K Thunking Spooler APIS from 32 to 64 Process Microsoft Corporation
smss.exe 544 492 K 1,028 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1060 8,560 K 13,444 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 704 3,596 K 8,860 K Services and Controller app Microsoft Corporation
SeaPort.exe 1980 6,004 K 10,252 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
rundll32.exe 928 2,996 K 4,228 K Windows host process (Rundll32) Microsoft Corporation
procexp.exe 4804 3,796 K 9,744 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
notepad.exe 1664 2,792 K 6,564 K Notepad Microsoft Corporation
lsm.exe 724 3,588 K 5,948 K Local Session Manager Service Microsoft Corporation
lsass.exe 716 5,480 K 12,844 K Local Security Authority Process Microsoft Corporation
inetinfo.exe 3040 11,764 K 19,832 K Internet Information Services Microsoft Corporation
HPKBDAPP.exe 2100 7,776 K 8,836 K HP QuickTouch On Screen Display Hewlett-Packard Development Company, L.P.
ehtray.exe 2124 2,672 K 2,608 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 2288 2,528 K 6,476 K Media Center Media Status Aggregator Service Microsoft Corporation
dwm.exe 1596 6,000 K 3,132 K Desktop Window Manager Microsoft Corporation
audiodg.exe 960 14,744 K 18,172 K Windows Audio Device Graph Isolation Microsoft Corporation
ApntEx.exe 1076 2,536 K 5,500 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
agr64svc.exe 4580 1,772 K 3,696 K LSI Soft Modem Call Progress Service LSI Corporation
  • 0

#94
RKinner
Posted 23 June 2011 - 08:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Does the process explorer order still jump around with WMI turned off?
  • 0

#95
BeckyH
Posted 23 June 2011 - 08:51 PM

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
yep sure does...course its default setting seems to be on .5 sec so that may be why but its still awfully jumpy...
The computer is definitely running a lot better than when we started though...that is for sure...I have noticed something though (prob has to do with me turning off the themes but not sure) but it looks different...the windows, colors, etc all look different...

anything else I can do for the desktop or do you need me to post new logs after having uninstalled norton and installing avast?
  • 0

#96
RKinner
Posted 23 June 2011 - 09:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Mine is set for 1 seconds so it doesn't hop as much. Also mostly the change is in the percentage and not in the order. System Idle sits in the high 90s most of the time.

Let's see Vino's for the desktop

Ron
  • 0

#97
BeckyH
Posted 23 June 2011 - 09:39 PM

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 23/06/2011 11:38:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/06/2011 4:24:02 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\SKIN\ICONS\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:24:02 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\SKIN\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:24:01 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\SKIN\PNG\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:58 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\SKIN\PNG\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:56 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\WINDOWS SIDEBAR\SHARED GADGETS\ASWSIDEBAR.GADGET\IMAGES\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:50 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\SKIN\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:38 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\LOCALE\EN-US\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:22 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\SKIN\ICONS\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:20 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\CONTENT\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:17 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\CONTENT\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:15 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\CONTENT\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:12 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\CONTENT\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:23:11 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\SKIN\ICONS\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:22:27 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\FLASH\AMMAP\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:22:19 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\FLASH\AMMAP\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:22:04 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:22:02 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:22:01 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:22:00 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 23/06/2011 4:22:00 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\ONEFILE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/06/2011 12:17:24 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 23/06/2011 12:12:46 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 3304 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3304 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3304 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3304 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3304 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3304 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3304 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 3304 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010


Log: 'Application' Date/Time: 23/06/2011 11:59:25 AM
Type: Warning Category: 18
Event: 4354 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {6F6E2383-D080-442F-9203-A0467B798404}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80040210.

Log: 'Application' Date/Time: 23/06/2011 11:59:08 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 23/06/2011 11:56:55 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010\Software\Lenovo\RegMonitor
Process 2100 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010\Software\Lenovo


Log: 'Application' Date/Time: 23/06/2011 4:40:37 AM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 77 time(s) since 12:24:03 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

Log: 'Application' Date/Time: 23/06/2011 4:10:20 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 23/06/2011 4:03:30 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2188 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2188 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2188 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2188 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2188 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2188 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2188 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2188 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2188 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010\Software\Lenovo
Process 3756 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010\Software\AWS


Log: 'Application' Date/Time: 20/06/2011 3:11:10 PM
Type: Warning Category: 18
Event: 4354 Source: Microsoft-Windows-EventSystem
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {6F6E2383-D080-442F-9203-A0467B798404}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80040210.

Log: 'Application' Date/Time: 20/06/2011 1:13:01 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 20/06/2011 1:11:20 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2068 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010\Software\Lenovo


Log: 'Application' Date/Time: 19/06/2011 8:14:06 PM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 12 time(s) since 4:09:14 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

Log: 'Application' Date/Time: 19/06/2011 4:37:56 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 19/06/2011 4:35:34 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2152 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010\Software\Lenovo


Log: 'Application' Date/Time: 18/06/2011 10:41:11 PM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 8 time(s) since 6:11:10 PM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

Log: 'Application' Date/Time: 17/06/2011 1:45:44 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 17/06/2011 1:43:27 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2096 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010


Log: 'Application' Date/Time: 16/06/2011 12:59:48 PM
Type: Warning Category: 1
Event: 1015 Source: Microsoft-Windows-Search
Event ID 3013 for the Windows Search Service has been suppressed 12 time(s) since 8:48:40 AM. This event is used to suppress Windows Search Service events that have occurred frequently within a short period of time. See Event ID 3013 for further details on this event.

Log: 'Application' Date/Time: 16/06/2011 7:32:55 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 16/06/2011 7:29:23 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-206110968-517032728-4089512812-1010:
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010
Process 2708 (\Device\HarddiskVolume2\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe) has opened key \REGISTRY\USER\S-1-5-21-206110968-517032728-4089512812-1010

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 23/06/2011 11:38:38 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/06/2011 12:33:16 PM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A}. The backup browser is stopping.

Log: 'System' Date/Time: 23/06/2011 12:20:39 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

Log: 'System' Date/Time: 23/06/2011 12:20:06 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Log: 'System' Date/Time: 23/06/2011 12:19:36 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

Log: 'System' Date/Time: 23/06/2011 12:18:27 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Lbd

Log: 'System' Date/Time: 23/06/2011 12:02:26 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Log: 'System' Date/Time: 23/06/2011 12:01:55 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

Log: 'System' Date/Time: 23/06/2011 11:59:46 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Lbd

Log: 'System' Date/Time: 23/06/2011 11:56:27 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 23/06/2011 4:25:06 AM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A}. The backup browser is stopping.

Log: 'System' Date/Time: 23/06/2011 4:13:31 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

Log: 'System' Date/Time: 23/06/2011 4:13:27 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Log: 'System' Date/Time: 23/06/2011 4:12:29 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.

Log: 'System' Date/Time: 23/06/2011 4:11:34 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Lbd

Log: 'System' Date/Time: 23/06/2011 3:25:22 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 23/06/2011 3:16:31 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 23/06/2011 3:11:11 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 21/06/2011 1:58:10 AM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A}. The backup browser is stopping.

Log: 'System' Date/Time: 21/06/2011 1:12:44 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.100 for the Network Card with network address 001617F810EC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 20/06/2011 1:43:08 PM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A}. The backup browser is stopping.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/06/2011 12:25:50 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\DOWNSTAIRS on the network \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A}. Browser master: \\DOWNSTAIRS Network: \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 23/06/2011 12:17:20 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001617F810EC. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 23/06/2011 12:06:34 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\DOWNSTAIRS on the network \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A}. Browser master: \\DOWNSTAIRS Network: \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 23/06/2011 4:17:42 AM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\DOWNSTAIRS on the network \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A}. Browser master: \\DOWNSTAIRS Network: \Device\NetBT_Tcpip_{E03824B5-C549-4650-A8F5-ADF45C4E2F9A} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 23/06/2011 4:03:46 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 23/06/2011 3:50:17 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {6A869075-0AC5-4F6C-B224-6EF06CA41F46} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:PROCEXP141 Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:50:17 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {63AAD1D4-2DF5-432C-A960-AD21BC3D2070} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: service:PROCEXP141 Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:37:55 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {32A922A4-ABBA-455D-9A03-CA47E40D0F24} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: safeboot:HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318} Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:25:25 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {0F9C9121-CDFA-4B8D-B373-6660A1D02991} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: service:PEVSystemStart Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:25:25 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {F8180C15-FD84-455B-AB49-7EDC0461A602} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:PEVSystemStart Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:25:18 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {6581DE1B-FF39-4812-92FD-6620FA08FA49} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: file:C:\Windows\system32\drivers\etc\hosts Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:25:13 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {4C55AE84-4A28-4975-8594-E61707A4A4D4} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: iemain:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_Url Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:25:10 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {848F99B4-DAB5-47E6-BB6F-BE20CFC3FB5B} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: iemain:HKCU@S-1-5-21-206110968-517032728-4089512812-1010\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:25:10 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {BE89B232-F964-4A34-B59B-85A32355E843} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: iemain:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:25:08 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {DA907F4E-7444-45EC-AAF6-E6FCC8997960} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: shellopencmd:HKLM\Software\Classes\scrfile\shell\open\command\\ Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:16:33 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {3C1B6071-4525-4284-B43D-6B71471EF8F4} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:PEVSystemStart Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:16:33 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {5C0411A8-BD2D-4763-A422-FADD3F66C2FB} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: service:PEVSystemStart Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:11:24 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {2D79C702-58A0-4691-9EDD-D9D3827D3674} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:mbr Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:11:14 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {6EBBC46C-4891-463B-8C9F-918CC969DFFB} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: service:PEVSystemStart Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 23/06/2011 3:11:14 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {E6428100-C73A-44A6-8AC1-01506AEDF394} User: mainbedroom\Charlie Name: Unknown ID: Severity ID: Category ID: Path Found: driver:catchme Alert Type: Unclassified software Detection Type:
  • 0

#98
RKinner
Posted 23 June 2011 - 10:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Go into Services on the Desktop and set the start up type for Microsoft-Windows-Search to disabled and Stop the service.

Ron
  • 0

#99
BeckyH
Posted 24 June 2011 - 09:29 AM

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
DESKTOP
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 71.68 0 K 24 K
procexp.exe 4360 12.38 17,756 K 28,900 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
firefox.exe 2384 7.82 252,716 K 260,888 K Firefox Mozilla Corporation
System 4 3.91 0 K 15,804 K
dwm.exe 1756 1.95 67,080 K 70,016 K Desktop Window Manager Microsoft Corporation
Interrupts n/a 1.30 0 K 0 K Hardware Interrupts and DPCs
svchost.exe 1052 0.65 56,068 K 61,432 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1436 0.65 16,020 K 16,580 K Host Process for Windows Services Microsoft Corporation
plugin-container.exe 4956 < 0.01 35,412 K 39,888 K Plugin Container for Firefox Mozilla Corporation
explorer.exe 1780 < 0.01 31,464 K 44,024 K Windows Explorer Microsoft Corporation
AvastSvc.exe 1580 < 0.01 27,920 K 40,464 K avast! Service AVAST Software
Weather.exe 2540 < 0.01 26,680 K 2,072 K AWS Convergence Technologies, Inc.
csrss.exe 556 < 0.01 2,244 K 9,444 K Client Server Runtime Process Microsoft Corporation
wmpnetwk.exe 2972 < 0.01 14,304 K 21,104 K Windows Media Player Network Sharing Service Microsoft Corporation
tvt_reg_monitor_svc.exe 3304 < 0.01 3,108 K 5,900 K ThinkVantage Registry Monitor Service Lenovo Group Limited
AvastUI.exe 2532 < 0.01 11,812 K 8,804 K avast! Antivirus AVAST Software
spoolsv.exe 268 < 0.01 6,500 K 11,880 K Spooler SubSystem App Microsoft Corporation
DkService.exe 2764 < 0.01 6,244 K 11,004 K DKSERVICE.EXE Diskeeper Corporation
csrss.exe 492 < 0.01 1,872 K 5,652 K Client Server Runtime Process Microsoft Corporation
SearchIndexer.exe 3772 < 0.01 42,012 K 26,880 K Microsoft Windows Search Indexer Microsoft Corporation
taskeng.exe 540 < 0.01 9,672 K 10,444 K Task Scheduler Engine Microsoft Corporation
DkIcon.exe 3644 < 0.01 1,652 K 4,692 K DKICON.EXE Diskeeper Corporation
svchost.exe 1076 < 0.01 30,856 K 36,200 K Host Process for Windows Services Microsoft Corporation
iPodService.exe 5096 < 0.01 3,144 K 5,816 K iPodService Module (32-bit) Apple Inc.
svchost.exe 868 < 0.01 3,860 K 7,324 K Host Process for Windows Services Microsoft Corporation
services.exe 588 < 0.01 2,904 K 7,292 K Services and Controller app Microsoft Corporation
svchost.exe 3232 < 0.01 17,756 K 16,820 K Host Process for Windows Services Microsoft Corporation
AppleMobileDeviceService.exe 2564 < 0.01 3,376 K 7,236 K MobileDeviceService Apple Inc.
mmc.exe 4564 < 0.01 54,336 K 17,364 K Microsoft Management Console Microsoft Corporation
iTunesHelper.exe 2416 < 0.01 7,332 K 13,184 K iTunesHelper Apple Inc.
AOLacsd.exe 2160 < 0.01 2,464 K 5,568 K AOL Connectivity Service AOL LLC
logmon.exe 4032 < 0.01 3,180 K 5,836 K
WUDFHost.exe 4020 3,300 K 5,616 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
wmpnscfg.exe 2624 1,992 K 5,728 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 1248 3,556 K 6,464 K WMI Provider Host Microsoft Corporation
WmiPrvSE.exe 2196 5,456 K 8,980 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 3124 1,120 K 3,140 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
WLIDSVC.EXE 3664 4,516 K 9,944 K Microsoft® Windows Live ID Service Microsoft Corporation
winlogon.exe 688 2,288 K 5,872 K Windows Logon Application Microsoft Corporation
wininit.exe 544 1,532 K 4,376 K Windows Start-Up Application Microsoft Corporation
unsecapp.exe 5224 3,112 K 6,192 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
tvttcsd.exe 3344 1,120 K 3,808 K tvttcsd Application IBM
tvtsched.exe 3608 8,104 K 12,696 K ThinkVantage Scheduler Lenovo Group Limited
taskeng.exe 308 2,224 K 6,160 K Task Scheduler Engine Microsoft Corporation
svchost.exe 992 25,296 K 21,192 K Host Process for Windows Services Microsoft Corporation
svchost.exe 792 2,880 K 6,496 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1252 8,648 K 14,952 K Host Process for Windows Services Microsoft Corporation
svchost.exe 304 14,856 K 18,992 K Host Process for Windows Services Microsoft Corporation
svchost.exe 932 67,360 K 36,424 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1192 2,196 K 5,144 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2964 2,488 K 6,040 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3160 1,080 K 3,172 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3636 756 K 2,404 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2252 2,728 K 9,144 K Host Process for Windows Services Microsoft Corporation
SUService.exe 3924 16,660 K 15,088 K ThinkVantage System Update Service Lenovo Group Limited
sqlwriter.exe 3200 3,908 K 7,660 K SQL Server VSS Writer Microsoft Corporation
sqlbrowser.exe 3184 1,340 K 3,848 K SQL Browser Service EXE Microsoft Corporation
smss.exe 424 292 K 764 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1216 6,140 K 11,600 K Microsoft Software Licensing Service Microsoft Corporation
scheduler_proxy.exe 2308 3,636 K 7,104 K scheduler_proxy Application Lenovo Group Limited
rundll32.exe 2372 3,336 K 5,656 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 3468 5,008 K 7,520 K Windows host process (Rundll32) Microsoft Corporation
rrservice.exe 3432 9,328 K 14,976 K Rescue and Recovery Backup Service Lenovo Group Limited
rrpservice.exe 3404 2,476 K 5,488 K rrpservice Module
realsched.exe 2448 2,492 K 340 K RealNetworks Scheduler RealNetworks, Inc.
QTTask.exe 2468 1,252 K 3,552 K QuickTime Task Apple Inc.
PSIService.exe 2984 2,520 K 4,048 K nTitles PSIService
mobsync.exe 3716 3,756 K 7,780 K Microsoft Sync Center Microsoft Corporation
mDNSResponder.exe 2716 1,940 K 5,424 K Bonjour Service Apple Inc.
lsm.exe 612 1,984 K 4,236 K Local Session Manager Service Microsoft Corporation
lsass.exe 600 3,320 K 1,912 K Local Security Authority Process Microsoft Corporation
IPSSVC.EXE 2124 1,884 K 4,136 K IPS Core Service Lenovo Group Limited
ijplmsvc.exe 2816 1,224 K 3,488 K PIXMA Extended Servey Program Service
ico.exe 2292 1,152 K 3,464 K Mouse Suite 98 Daemon Primax Electronics Ltd.
DfrgNTFS.exe 6008 3,504 K 6,024 K DFRGNTFS.EXE Diskeeper Corporation
CTSVCCDA.EXE 2748 1,032 K 2,884 K Creative Service for CDROM Access Creative Technology Ltd
BJMYPRT.EXE 2400 1,544 K 4,484 K Canon My Printer CANON INC.
BcmSqlStartupSvc.exe 2656 1,260 K 3,552 K BCM SQL Startup Service Microsoft Corporation
audiodg.exe 1164 11,004 K 13,668 K Windows Audio Device Graph Isolation Microsoft Corporation
  • 0

#100
RKinner
Posted 24 June 2011 - 06:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Desktop:
Right click on the desktop and select Personalize then select Window Color and Appearance and under Color Scheme change it to Windows Vista Basic then OK. Reboot. Wait 5 minutes or so for it to settle down then (without starting Firefox), run Process Explorer and create a log. Then open Firefox and post it.
  • 0

Advertisements

#101
BeckyH
Posted 24 June 2011 - 08:51 PM

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 92.95 0 K 24 K
procexp.exe 1044 2.32 17,776 K 29,212 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
explorer.exe 3492 1.55 29,156 K 39,100 K Windows Explorer Microsoft Corporation
dwm.exe 3764 1.55 55,240 K 49,732 K Desktop Window Manager Microsoft Corporation
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts and DPCs
Weather.exe 3096 < 0.01 28,156 K 3,672 K AWS Convergence Technologies, Inc.
System 4 < 0.01 0 K 16,200 K
csrss.exe 572 < 0.01 1,940 K 7,288 K Client Server Runtime Process Microsoft Corporation
wmpnetwk.exe 432 < 0.01 13,544 K 18,952 K Windows Media Player Network Sharing Service Microsoft Corporation
tvt_reg_monitor_svc.exe 2228 < 0.01 1,884 K 4,668 K ThinkVantage Registry Monitor Service Lenovo Group Limited
DkService.exe 1644 < 0.01 6,316 K 11,096 K DKSERVICE.EXE Diskeeper Corporation
csrss.exe 512 < 0.01 1,872 K 5,600 K Client Server Runtime Process Microsoft Corporation
AvastUI.exe 2676 < 0.01 5,568 K 2,480 K avast! Antivirus AVAST Software
DkIcon.exe 2960 < 0.01 1,448 K 4,140 K DKICON.EXE Diskeeper Corporation
SearchIndexer.exe 3212 < 0.01 45,532 K 21,368 K Microsoft Windows Search Indexer Microsoft Corporation
AvastSvc.exe 1608 < 0.01 16,928 K 3,356 K avast! Service AVAST Software
svchost.exe 1472 < 0.01 15,668 K 16,288 K Host Process for Windows Services Microsoft Corporation
svchost.exe 880 < 0.01 3,404 K 6,720 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1088 < 0.01 60,244 K 64,204 K Host Process for Windows Services Microsoft Corporation
SearchProtocolHost.exe 3528 < 0.01 4,976 K 8,940 K Microsoft Windows Search Protocol Host Microsoft Corporation
svchost.exe 2196 < 0.01 17,740 K 16,780 K Host Process for Windows Services Microsoft Corporation
svchost.exe 932 < 0.01 67,700 K 36,696 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1112 < 0.01 23,176 K 31,968 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1948 < 0.01 6,536 K 12,264 K Spooler SubSystem App Microsoft Corporation
WUDFHost.exe 2868 3,416 K 5,660 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
wmpnscfg.exe 924 2,016 K 5,600 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 3132 3,440 K 6,512 K WMI Provider Host Microsoft Corporation
WmiPrvSE.exe 2708 5,356 K 8,844 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 3004 1,120 K 3,144 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
WLIDSVC.EXE 2456 4,520 K 9,976 K Microsoft® Windows Live ID Service Microsoft Corporation
winlogon.exe 708 2,324 K 6,008 K Windows Logon Application Microsoft Corporation
wininit.exe 564 1,520 K 4,372 K Windows Start-Up Application Microsoft Corporation
unsecapp.exe 3396 2,556 K 5,008 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
tvttcsd.exe 2300 1,128 K 3,820 K tvttcsd Application IBM
taskeng.exe 3516 9,540 K 10,236 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 3432 2,204 K 6,116 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1268 8,116 K 14,212 K Host Process for Windows Services Microsoft Corporation
svchost.exe 804 2,664 K 6,044 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1024 14,520 K 12,692 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1972 14,384 K 18,612 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1224 2,216 K 5,132 K Host Process for Windows Services Microsoft Corporation
svchost.exe 684 2,424 K 5,820 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2064 1,088 K 3,184 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2420 800 K 2,544 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2512 2,708 K 8,388 K Host Process for Windows Services Microsoft Corporation
SUService.exe 2548 16,852 K 15,988 K ThinkVantage System Update Service Lenovo Group Limited
sqlwriter.exe 2124 3,912 K 7,700 K SQL Server VSS Writer Microsoft Corporation
sqlbrowser.exe 2096 1,320 K 3,804 K SQL Browser Service EXE Microsoft Corporation
smss.exe 424 288 K 760 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1240 6,132 K 11,616 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 608 2,780 K 7,092 K Services and Controller app Microsoft Corporation
SearchFilterHost.exe 3692 3,820 K 6,528 K Microsoft Windows Search Filter Host Microsoft Corporation
scheduler_proxy.exe 1328 3,528 K 7,032 K scheduler_proxy Application Lenovo Group Limited
rundll32.exe 1404 3,160 K 5,132 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 1252 4,796 K 6,960 K Windows host process (Rundll32) Microsoft Corporation
rrservice.exe 2380 9,416 K 14,916 K Rescue and Recovery Backup Service Lenovo Group Limited
rrpservice.exe 2320 4,008 K 7,076 K rrpservice Module
PELMICED.EXE 3204 2,004 K 5,176 K Mouse Suite 98 Daemon Primax Electronics Ltd.
lsm.exe 632 1,972 K 4,156 K Local Session Manager Service Microsoft Corporation
lsass.exe 624 3,248 K 2,420 K Local Security Authority Process Microsoft Corporation
IPSSVC.EXE 1460 1,932 K 4,144 K IPS Core Service Lenovo Group Limited
ico.exe 1060 1,152 K 3,476 K Mouse Suite 98 Daemon Primax Electronics Ltd.
BJMYPRT.EXE 1564 1,536 K 4,508 K Canon My Printer CANON INC.
BcmSqlStartupSvc.exe 1548 1,264 K 3,564 K BCM SQL Startup Service Microsoft Corporation
audiodg.exe 1196 11,096 K 13,816 K Windows Audio Device Graph Isolation Microsoft Corporation
  • 0

#102
RKinner
Posted 24 June 2011 - 09:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Right click on COmputer and select Manage (continue) then Services and Applications then Services. Find Desktop Window Manager Session Manager service. Right click on it and select Properties then STOP the service. Change the Startup type to Disabled.

Now go back to Process Explorer (close Firefox and let it settle) and make a new log.

Ron
  • 0

#103
BeckyH
Posted 25 June 2011 - 06:35 AM

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 82.07 0 K 24 K
DfrgNTFS.exe 6104 6.54 3,580 K 5,968 K DFRGNTFS.EXE Diskeeper Corporation
procexp.exe 3204 5.08 16,788 K 26,148 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 3.63 0 K 0 K Hardware Interrupts and DPCs
System 4 1.45 0 K 13,768 K
services.exe 652 0.73 2,724 K 7,040 K Services and Controller app Microsoft Corporation
DkService.exe 2348 0.73 6,316 K 11,076 K DKSERVICE.EXE Diskeeper Corporation
csrss.exe 620 < 0.01 7,876 K 10,336 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1140 < 0.01 23,388 K 31,588 K Host Process for Windows Services Microsoft Corporation
svchost.exe 936 < 0.01 3,640 K 6,936 K Host Process for Windows Services Microsoft Corporation
csrss.exe 556 < 0.01 1,664 K 5,420 K Client Server Runtime Process Microsoft Corporation
wmpnetwk.exe 3820 < 0.01 14,084 K 20,632 K Windows Media Player Network Sharing Service Microsoft Corporation
svchost.exe 860 < 0.01 3,220 K 6,716 K Host Process for Windows Services Microsoft Corporation
explorer.exe 1024 < 0.01 29,164 K 35,488 K Windows Explorer Microsoft Corporation
WmiPrvSE.exe 3944 < 0.01 3,480 K 6,432 K WMI Provider Host Microsoft Corporation
tvt_reg_monitor_svc.exe 2696 < 0.01 2,912 K 5,684 K ThinkVantage Registry Monitor Service Lenovo Group Limited
Weather.exe 3316 < 0.01 21,196 K 856 K AWS Convergence Technologies, Inc.
svchost.exe 1496 < 0.01 15,476 K 16,284 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1120 < 0.01 50,740 K 54,972 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1056 < 0.01 14,492 K 12,596 K Host Process for Windows Services Microsoft Corporation
WUDFHost.exe 3364 < 0.01 3,404 K 5,668 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
lsass.exe 664 < 0.01 3,356 K 8,368 K Local Security Authority Process Microsoft Corporation
AvastUI.exe 3236 < 0.01 5,564 K 2,608 K avast! Antivirus AVAST Software
DkIcon.exe 5788 < 0.01 1,432 K 4,208 K DKICON.EXE Diskeeper Corporation
spoolsv.exe 1964 < 0.01 6,588 K 12,284 K Spooler SubSystem App Microsoft Corporation
SearchIndexer.exe 2360 < 0.01 41,680 K 18,996 K Microsoft Windows Search Indexer Microsoft Corporation
AvastSvc.exe 1636 < 0.01 12,516 K 2,532 K avast! Service AVAST Software
scheduler_proxy.exe 2708 < 0.01 3,532 K 7,016 K scheduler_proxy Application Lenovo Group Limited
taskeng.exe 2060 < 0.01 9,336 K 10,004 K Task Scheduler Engine Microsoft Corporation
svchost.exe 2652 < 0.01 17,724 K 16,776 K Host Process for Windows Services Microsoft Corporation
svchost.exe 972 < 0.01 67,232 K 36,124 K Host Process for Windows Services Microsoft Corporation
SearchProtocolHost.exe 3908 < 0.01 4,708 K 8,940 K Microsoft Windows Search Protocol Host Microsoft Corporation
wuauclt.exe 5516 2,928 K 6,036 K Windows Update Microsoft Corporation
wmpnscfg.exe 3604 1,968 K 5,680 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 3592 5,372 K 8,872 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 3728 1,116 K 3,128 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
WLIDSVC.EXE 3012 4,532 K 9,972 K Microsoft® Windows Live ID Service Microsoft Corporation
winlogon.exe 724 2,356 K 6,008 K Windows Logon Application Microsoft Corporation
wininit.exe 608 1,520 K 4,360 K Windows Start-Up Application Microsoft Corporation
unsecapp.exe 3928 2,556 K 5,096 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
tvttcsd.exe 2776 1,108 K 3,812 K tvttcsd Application IBM
taskeng.exe 1564 2,248 K 6,204 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1316 8,084 K 14,088 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1988 13,304 K 17,444 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3588 2,708 K 8,372 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2440 2,420 K 5,840 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1256 2,244 K 5,108 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2520 1,072 K 3,124 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2992 748 K 2,368 K Host Process for Windows Services Microsoft Corporation
SUService.exe 3120 16,588 K 15,032 K ThinkVantage System Update Service Lenovo Group Limited
sqlwriter.exe 2572 3,924 K 7,708 K SQL Server VSS Writer Microsoft Corporation
sqlbrowser.exe 2540 1,316 K 3,796 K SQL Browser Service EXE Microsoft Corporation
smss.exe 488 288 K 764 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1284 6,148 K 11,636 K Microsoft Software Licensing Service Microsoft Corporation
SearchFilterHost.exe 848 3,180 K 5,412 K Microsoft Windows Search Filter Host Microsoft Corporation
rundll32.exe 3028 3,164 K 5,136 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 3656 4,828 K 7,048 K Windows host process (Rundll32) Microsoft Corporation
rrservice.exe 2908 9,400 K 14,916 K Rescue and Recovery Backup Service Lenovo Group Limited
rrpservice.exe 2808 2,456 K 5,488 K rrpservice Module
mobsync.exe 4080 3,592 K 7,192 K Microsoft Sync Center Microsoft Corporation
lsm.exe 672 1,968 K 4,184 K Local Session Manager Service Microsoft Corporation
IPSSVC.EXE 2292 1,872 K 4,088 K IPS Core Service Lenovo Group Limited
ico.exe 2584 1,144 K 3,468 K Mouse Suite 98 Daemon Primax Electronics Ltd.
BJMYPRT.EXE 3176 1,536 K 4,480 K Canon My Printer CANON INC.
BcmSqlStartupSvc.exe 2316 1,260 K 3,556 K BCM SQL Startup Service Microsoft Corporation
audiodg.exe 1232 11,040 K 13,708 K Windows Audio Device Graph Isolation Microsoft Corporation

I'm not so sure that didn't slow it down...it might not have but it definitely seems more sluggish in responding this morning for whatever reason...I did a reboot before doing that last log...
  • 0

#104
RKinner
Posted 25 June 2011 - 08:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Appears that DfrgNTFS.exe (automatic defrag routine) has decided to run. It's only supposed to run when the system is idle for about 10 minutes or when scheduled.

Perhaps the desktop needs a defrag?

Open Computer, right click on C: and select Properties then select Tools then Defragment Now. IT will tell you what schedule it plans to defrag. Make sure it is sometime in the wee hours when you won't be using the computer. Then go ahead and Sefragment Now. This will take an hour or two.

When it finishes see if Process Explorer log looks different.

Ron
  • 0

#105
BeckyH
Posted 25 June 2011 - 08:51 AM

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
ok i'll run it again but hubby usually defrags every other day...you want the new log posted or what?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP