Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Adkubru, Facemoods, HOTBAR and who knows what else


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
When we ran Process Explorer before, I had you close all programs. Let's try leaving your browser running and run Process Explorer again and post the log.

Ron
  • 0

Advertisements


#17
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Ron.. Thank you very much for your time :)

When we ran Process Explorer before, I had you close all programs. Let's try leaving your browser running and run Process Explorer again and post the log.




Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 46.88 0 K 16 K
System 4 1.56 0 K 236 K
Interrupts n/a 32.81 0 K 0 K Hardware Interrupts and DPCs
smss.exe 844 176 K 420 K Windows NT Session Manager Microsoft Corporation
csrss.exe 892 1,508 K 3,380 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 916 7,256 K 3,864 K Windows NT Logon Application Microsoft Corporation
services.exe 960 6.25 2,044 K 3,844 K Services and Controller app Microsoft Corporation
svchost.exe 1140 3,272 K 5,392 K Generic Host Process for Win32 Services Microsoft Corporation
iexplore.exe 4080 10,344 K 5,372 K Internet Explorer Microsoft Corporation
iexplore.exe 3364 92,424 K 103,964 K Internet Explorer Microsoft Corporation
hpswp_clipbook.exe 2852 2,580 K 4,564 K HP Smart Web Printing add-on for Internet Explorer Hewlett-Packard Co.
wmiprvse.exe 1744 3,136 K 5,328 K WMI Microsoft Corporation
svchost.exe 1216 2,096 K 4,864 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1312 23,656 K 33,660 K Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 1824 12,672 K 112,812 K Windows Update Microsoft Corporation
svchost.exe 1352 1,560 K 4,044 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1484 1,700 K 4,276 K Generic Host Process for Win32 Services Microsoft Corporation
AvastSvc.exe 1580 3.13 25,680 K 32,364 K avast! Service AVAST Software
spoolsv.exe 2044 5,908 K 8,336 K Spooler SubSystem App Microsoft Corporation
svchost.exe 536 1,616 K 4,276 K Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 624 5,028 K 8,016 K MobileDeviceService Apple Inc.
svchost.exe 668 3,620 K 6,988 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 684 6,352 K 8,024 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 704 1,284 K 3,392 K Generic Host Process for Win32 Services Microsoft Corporation
nvsvc32.exe 724 2,504 K 4,140 K NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation
svchost.exe 768 1,284 K 3,372 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 860 2,992 K 5,120 K Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 972 3.13 4,156 K 2,516 K LSA Shell (Export Version) Microsoft Corporation
explorer.exe 3612 15,632 K 22,772 K Windows Explorer Microsoft Corporation
AvastUI.exe 3924 5,924 K 6,236 K avast! Antivirus AVAST Software
ctfmon.exe 3976 1,196 K 4,060 K CTF Loader Microsoft Corporation
procexp.exe 460 6.25 11,844 K 16,188 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Have a great day!
Cindy
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Something wrong with IE for sure.
This line:
Interrupts n/a 32.81 0 K 0 K Hardware Interrupts and DPCs

Where it says 32.81 it should normally be about 1. Try Closing IE, then right click on the IE icon on your desktop and select Start without Add-Ons then run Process Explorer again.
  • 0

#19
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi Ron,

Ok, here's the log

Process PID CPU Private Bytes Working Set Description Company Name
AppleMobileDeviceService.exe 624 8,920 K 12,692 K MobileDeviceService Apple Inc.
AvastSvc.exe 1580 15,700 K 26,668 K avast! Service AVAST Software
AvastUI.exe 3924 5,904 K 6,260 K avast! Antivirus AVAST Software
csrss.exe 892 1.56 1,508 K 3,472 K Client Server Runtime Process Microsoft Corporation
ctfmon.exe 3660 1,204 K 4,136 K CTF Loader Microsoft Corporation
explorer.exe 3612 15,624 K 12,508 K Windows Explorer Microsoft Corporation
gbtray.exe 1204 5,924 K 6,188 K Game Box IObit
iexplore.exe 3840 16,520 K 5,288 K Internet Explorer Microsoft Corporation
iexplore.exe 1284 76,632 K 86,576 K Internet Explorer Microsoft Corporation
Interrupts n/a 4.69 0 K 0 K Hardware Interrupts and DPCs
lsass.exe 972 2,804 K 2,240 K LSA Shell (Export Version) Microsoft Corporation
notepad.exe 2108 1,272 K 532 K Notepad Microsoft Corporation
nvsvc32.exe 724 2,504 K 4,160 K NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation
procexp.exe 1040 1.56 11,888 K 16,628 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
services.exe 960 39.06 2,092 K 3,912 K Services and Controller app Microsoft Corporation
smss.exe 844 176 K 420 K Windows NT Session Manager Microsoft Corporation
svchost.exe 1140 3,244 K 5,388 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1216 1.56 2,112 K 4,932 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1312 3.13 23,164 K 34,536 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1352 1,612 K 4,112 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 668 3,752 K 7,176 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 684 6,352 K 8,072 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 704 1,284 K 3,412 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 768 1,284 K 3,392 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2092 7.81 3,048 K 5,300 K Generic Host Process for Win32 Services Microsoft Corporation
System 4 1.56 0 K 236 K
System Idle Process 0 39.06 0 K 16 K
winlogon.exe 916 7,916 K 4,588 K Windows NT Logon Application Microsoft Corporation
wmiprvse.exe 2404 3,132 K 5,336 K WMI Microsoft Corporation

I also noticed this in the addons list.

Name facemoods.com
Publisher Control name is not available
Status Enabled

Along with a bunch of other stuff. Thank you for your time.
Have a good evening :)
Cindy
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
You definitely want to disable the facemoods stuff.

This time we are seeing a lot of CPU going to the
services.exe 960 39.06 2,092 K 3,912 K Services and Controller app Microsoft Corporation
So some service is causing a problem.

Start, All Programs, Accessories, Command Prompt then type:

msconfig

(Enter.)

Under Startup uncheck everything. Apply

Under Services check Hide Microsoft Services then uncheck everything. Apply and reboot. When msconfig comes up just cancel it.

Run IE then run Process Explorer. Make sure you click once or twice on the CPU column header to sort things with the big CPU users at the top.

Wait about a minute for things to settle down then File, Save As, Save. Overwrite the old one. Let's see if things look different.

If System Idle is now over 90% then go back into msconfig and turn on about half of the services, Apply and reboot. See if System Idle is low again. If it is then one of the services you just turned on is the culprit. Go back and turn off half of them. Keep going until you find the culprit.

If it doesn't help then unhide the Microsoft services and try then unchecking them.
  • 0

#21
23red

23red

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 1,797 posts
Hi :)
..sorry for the delay, studying :yes: I haven't gone back and started stopping services as yet. Everything else except antivirus is off. This computer is still...a pain. Very slow, etc. The C drive is waaaay full. Too full to defrag, it says. I haven't put anything on it, really, just been deleting stuff. There is an Fdrive with all kinds of .mdm files, Dell boot stuff, batch file stuff, etc. Not positive what that is, suppose system files of a sort, important (total size 31.2mb). There's no music on C Drive, WOW is on its own partition of the other hard drive. as is the music, in its own partition. Drive C has 58G or so The other hard drive is divided into 3 partitions, the first is unused, the other two have WOW and music. This is also a newer hard drive that I installed after getting this computer maxed out from a family member who could do nothing with it. My question is this: Can I install XP on the other drive, in the unused part of the partition and boot from there where there is more room and the hard drive is newer and larger? Will that work? Is it possible or worth doing or trying? I have no clue how old the original hard drive is, therefor do expect failure before the second larger drive. Thank you for your time, and patience!
Maybe this will help keep this computer going ....and better?
Cindy
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
It might be possible to install XP on the newer drive. You may have to change the drive to be the Master. This is either done by jumpers on the drives or by swapping the connectors.

If you want to look at the C:\ drive to see what is using the space:

http://download.cnet...4-10614593.html

Click on the left Download Now (directly under WinDirStat.

Save the file. Run the installer. (Win 7 or Vista probably need to right click and run as admin.)

Uncheck all three foistware boxes before allowing it to install. Once it is running it will show you your drives. Click on C:\ and then OK.

It will take a while but when it finishes it should tell you what is using the hard drive with the biggest folders at the top of the list. You can open the folders by clicking on the + in front of the folder.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP