Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow & other misc. problems


  • Please log in to reply

#16
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
This is an Acer Aspire 5251 Series laptop. I have a prop I use under my laptop that I bought after I realized how hot the bottom of the thing got right after I bought it so that it could vent properly. Speedfan shows HD0: 42C, Temp1 48-50C & Core seems to bounce between 48-51C. I'm running it right now without the battery, still having the same issues. Here's the log again:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 73.26 0 K 24 K
procexp64.exe 832 11.42 22,364 K 41,004 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
svchost.exe 1484 6.03 6,184 K 10,876 K Host Process for Windows Services Microsoft Corporation
netsession_win.exe 3880 1.53 6,292 K 12,572 K Akamai NetSession Client Akamai Technologies, Inc
dwm.exe 1608 1.42 30,604 K 33,052 K Desktop Window Manager Microsoft Corporation
Interrupts n/a 1.39 0 K 0 K Hardware Interrupts and DPCs
SynTPEnh.exe 3548 1.26 9,084 K 14,584 K Synaptics TouchPad Enhancements Synaptics Incorporated
csrss.exe 520 0.81 3,352 K 7,144 K Client Server Runtime Process Microsoft Corporation
System 4 0.80 172 K 3,024 K
explorer.exe 1664 0.59 37,500 K 64,284 K Windows Explorer Microsoft Corporation
AvastUI.exe 3288 0.32 5,096 K 4,348 K avast! Antivirus AVAST Software
svchost.exe 744 0.29 4,180 K 9,704 K Host Process for Windows Services Microsoft Corporation
lsass.exe 644 0.20 5,748 K 14,236 K Local Security Authority Process Microsoft Corporation
wmpnetwk.exe 3188 0.19 18,132 K 39,468 K Windows Media Player Network Sharing Service Microsoft Corporation
sidebar.exe 3596 0.11 19,380 K 40,140 K Windows Desktop Gadgets Microsoft Corporation
svchost.exe 1440 0.08 9,052 K 31,552 K Host Process for Windows Services Microsoft Corporation
AvastSvc.exe 1424 0.05 21,696 K 14,608 K avast! Service AVAST Software
svchost.exe 1332 0.05 26,852 K 32,016 K Host Process for Windows Services Microsoft Corporation
svchost.exe 988 0.04 20,128 K 24,180 K Host Process for Windows Services Microsoft Corporation
SbieCtrl.exe 3608 0.03 3,432 K 11,472 K Sandboxie Control SANDBOXIE L.T.D
ePowerTray.exe 3576 0.03 3,492 K 9,632 K ePowerTray Acer Incorporated
ePowerEvent.exe 1464 0.02 1,676 K 4,956 K ePowerEvent Acer Incorporated
svchost.exe 428 0.02 25,888 K 43,676 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1060 0.01 10,348 K 18,024 K Host Process for Windows Services Microsoft Corporation
AppleMobileDeviceService.exe 1288 0.01 2,872 K 9,084 K MobileDeviceService Apple Inc.
WLIDSVC.EXE 2532 0.01 7,008 K 16,008 K Microsoft® Windows Live ID Service Microsoft Corp.
svchost.exe 4208 0.01 76,148 K 26,856 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1432 0.01 10,404 K 14,384 K Host Process for Windows Services Microsoft Corporation
IScheduleSvc.exe 2236 < 0.01 5,364 K 10,228 K Backup Manager Module NewTech Infosystems, Inc.
netsession_win.exe 3724 < 0.01 2,872 K 6,484 K Akamai NetSession Client Akamai Technologies, Inc
dsiwmis.exe 820 < 0.01 2,684 K 6,052 K Dritek WMI Service Dritek System Inc.
lxddserv.exe 2108 < 0.01 1,492 K 3,724 K Lexmark Connect Service Executable Lexmark International, Inc.
csrss.exe 452 < 0.01 2,096 K 4,684 K Client Server Runtime Process Microsoft Corporation
svchost.exe 328 < 0.01 60,064 K 69,516 K Host Process for Windows Services Microsoft Corporation
SPUVolumeWatcher.exe 3968 < 0.01 1,756 K 5,964 K Media Check Tool Sony Corporation
YahooAUService.exe 2588 3,808 K 9,148 K AutoUpater Service Module Yahoo! Inc.
WmiPrvSE.exe 1688 2,972 K 7,144 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 2600 1,528 K 3,688 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
winlogon.exe 560 2,896 K 7,420 K Windows Logon Application Microsoft Corporation
wininit.exe 512 1,868 K 5,052 K Windows Start-Up Application Microsoft Corporation
UpdaterService.exe 2360 1,356 K 4,164 K Updater Service Acer Group
unsecapp.exe 1280 2,168 K 6,416 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
UnlockerAssistant.exe 4004 1,268 K 4,644 K
SynTPHelper.exe 3924 1,704 K 4,464 K Synaptics Pointing Device Helper Synaptics Incorporated
svchost.exe 824 4,156 K 8,248 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1968 12,548 K 16,240 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4800 3,460 K 7,716 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2272 2,032 K 5,908 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2792 2,764 K 6,488 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1932 9,956 K 16,780 K Spooler SubSystem App Microsoft Corporation
smss.exe 304 392 K 1,096 K Windows Session Manager Microsoft Corporation
services.exe 600 5,600 K 9,772 K Services and Controller app Microsoft Corporation
SbieSvc.exe 1132 2,132 K 4,372 K Sandboxie Service SANDBOXIE L.T.D
rundll32.exe 3360 2,200 K 7,172 K Windows host process (Rundll32) Microsoft Corporation
RAVCpl64.exe 3540 9,572 K 11,832 K Realtek HD Audio Manager Realtek Semiconductor
procexp.exe 1652 2,496 K 6,564 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
PLFSetI.exe 3556 2,172 K 7,020 K DefaultSettingEXE MFC Application
NLSSRV32.EXE 2216 964 K 3,028 K This service enables products that use the Nalpeiron Licensing System Nalpeiron Ltd.
msiexec.exe 5108 10,428 K 21,948 K Windows® installer Microsoft Corporation
MMDx64Fx.exe 3240 2,216 K 5,304 K MMDx64Fx Application Dritek System Inc.
mDNSResponder.exe 1048 2,408 K 6,000 K Bonjour Service Apple Inc.
lxddcoms.exe 2164 2,224 K 6,324 K Printer Communication System
lsm.exe 652 2,712 K 4,708 K Local Session Manager Service Microsoft Corporation
LMworker.exe 3412 1,324 K 4,316 K Launch Manager Worker Dritek System Inc.
LManager.exe 3960 11,832 K 12,840 K Launch Manager Keyboard Application Dritek System Inc.
jusched.exe 1600 1,336 K 4,660 K Java™ Update Scheduler Sun Microsystems, Inc.
GREGsvc.exe 2076 1,004 K 3,116 K Global Registration Service Acer Incorporated
ePowerSvc.exe 1732 2,556 K 6,924 K ePowerSvc Acer Incorporated
dllhost.exe 4352 2,284 K 6,680 K COM Surrogate Microsoft Corporation
dllhost.exe 4960 2,492 K 7,248 K COM Surrogate Microsoft Corporation
atiesrxx.exe 872 1,772 K 4,612 K AMD External Events Service Module AMD
atieclxx.exe 1084 2,548 K 6,784 K AMD External Events Client Module AMD
armsvc.exe 1128 1,420 K 4,276 K Adobe Acrobat Update Service Adobe Systems Incorporated

Edited by Jasmyne, 20 November 2011 - 09:23 PM.

  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
OK. Let's leave the battery out for now. It did make a difference to Interrupts n/a so I would say it is old and weak and loading down your power supply.

Interrupts n/a 1.39 0 K 0 K Hardware Interrupts and DPCs

Now let's try booting into Safe Mode with Networking
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.) and then run Process Explorer again.
  • 0

#18
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Here it is in safe mode w/networking:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 91.67 0 K 24 K
svchost.exe 816 4.11 12,604 K 19,216 K Host Process for Windows Services Microsoft Corporation
procexp64.exe 1996 2.13 18,048 K 32,572 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 1.02 0 K 0 K Hardware Interrupts and DPCs
csrss.exe 380 0.89 2,744 K 5,104 K Client Server Runtime Process Microsoft Corporation
System 4 0.06 148 K 936 K
svchost.exe 664 0.04 2,552 K 6,292 K Host Process for Windows Services Microsoft Corporation
explorer.exe 1128 0.04 18,500 K 34,792 K Windows Explorer Microsoft Corporation
svchost.exe 600 0.03 3,472 K 8,260 K Host Process for Windows Services Microsoft Corporation
svchost.exe 956 0.01 8,900 K 11,844 K Host Process for Windows Services Microsoft Corporation
services.exe 436 0.01 4,052 K 7,024 K Services and Controller app Microsoft Corporation
WmiPrvSE.exe 1064 2,368 K 5,816 K WMI Provider Host Microsoft Corporation
winlogon.exe 468 1,564 K 4,916 K Windows Logon Application Microsoft Corporation
wininit.exe 372 1,292 K 4,232 K Windows Start-Up Application Microsoft Corporation
svchost.exe 272 8,232 K 13,492 K Host Process for Windows Services Microsoft Corporation
svchost.exe 916 2,468 K 6,288 K Host Process for Windows Services Microsoft Corporation
svchost.exe 764 7,668 K 10,836 K Host Process for Windows Services Microsoft Corporation
svchost.exe 884 7,072 K 14,696 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1240 2,292 K 5,672 K Host Process for Windows Services Microsoft Corporation
smss.exe 240 372 K 1,040 K Windows Session Manager Microsoft Corporation
procexp.exe 1988 2,188 K 5,932 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
lsm.exe 460 2,124 K 3,904 K Local Session Manager Service Microsoft Corporation
lsass.exe 452 3,400 K 9,620 K Local Security Authority Process Microsoft Corporation
ctfmon.exe 1176 1,624 K 3,296 K CTF Loader Microsoft Corporation
csrss.exe 332 1,664 K 3,816 K Client Server Runtime Process Microsoft Corporation
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Does it seem peppier now? I am curious about the one svchost.exe process near the top. If you click on the Space bar Process Explorer should stop updating. Hover over the svchost.exe and it will tell you more about it. Is it the one that says DCOMLAUNCH with three services, DCOMLAUNCH, PlugPlay and Power?

If it seems more normal than before I would:

Start, Programs, Accessories then right click on Command Prompt and select Run as Admin. Then type:

msconfig

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. Run Process Explorer and see if System Idle is over 90%. If it doesn't run faster then go back into msconfig and uncheck the
Hide Microsoft Services and also uncheck them and reboot. If it helps then go back and turn on a few items each
time until you find the culprit.
  • 0

#20
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Both of the lurking near the top are related to Network Services, the 2nd is the DCOMLAUNCH with the three services. Right clicking is a little quicker than it was before. Moving files around is definitely quicker. I'm going to go start on msconfig. Should I do this in safemode still or return to normal mode?

Thanks,

Destiny

Added Note:
I've stopped all the non-Windows services and started trying to weed through the others. I've managed to get the idle processes to the high 80's now with interrupts less that 1.0, but one of the non-Windows services I stopped was Avast and it won't let me turn the service back on and I know I need that... :(

Edited by Jasmyne, 21 November 2011 - 12:27 AM.

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
It does need to be in regular mode when you test your msconfig stuff.

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if rightclicking is better.
  • 0

#22
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Here's the latest after I've tweaked some in MSconfig. :) It's running like it used to now...finally. So was the main culprit here just too much stuff trying to run on my computer? From a student standpoint I'm curious and curious as to how you figured that out. :P

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 95.33 0 K 24 K
procexp64.exe 3492 3.38 12,196 K 20,668 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 0.32 0 K 0 K Hardware Interrupts and DPCs
csrss.exe 524 0.19 2,412 K 9,876 K Client Server Runtime Process Microsoft Corporation
AvastUI.exe 2128 0.16 5,032 K 4,180 K avast! Antivirus AVAST Software
System 4 0.15 152 K 1,248 K
dwm.exe 1852 0.10 29,560 K 30,452 K Desktop Window Manager Microsoft Corporation
SynTPEnh.exe 1092 0.09 9,048 K 14,076 K Synaptics TouchPad Enhancements Synaptics Incorporated
sidebar.exe 2216 0.06 16,976 K 35,816 K Windows Desktop Gadgets Microsoft Corporation
explorer.exe 1740 0.05 24,120 K 43,316 K Windows Explorer Microsoft Corporation
svchost.exe 980 0.04 58,760 K 67,480 K Host Process for Windows Services Microsoft Corporation
AvastSvc.exe 1324 0.02 20,948 K 32,680 K avast! Service AVAST Software
svchost.exe 316 0.02 25,328 K 42,800 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1820 0.02 6,012 K 24,680 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1028 0.01 9,900 K 17,108 K Host Process for Windows Services Microsoft Corporation
services.exe 620 0.01 5,872 K 9,628 K Services and Controller app Microsoft Corporation
csrss.exe 452 0.01 1,852 K 4,164 K Client Server Runtime Process Microsoft Corporation
svchost.exe 836 0.01 3,560 K 7,488 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1232 0.01 11,016 K 15,400 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1732 0.01 2,776 K 6,484 K Host Process for Windows Services Microsoft Corporation
lsass.exe 636 < 0.01 5,344 K 13,288 K Local Security Authority Process Microsoft Corporation
lsm.exe 644 < 0.01 2,804 K 4,712 K Local Session Manager Service Microsoft Corporation
svchost.exe 1560 < 0.01 11,212 K 15,760 K Host Process for Windows Services Microsoft Corporation
WmiPrvSE.exe 2312 2,992 K 6,852 K WMI Provider Host Microsoft Corporation
WmiPrvSE.exe 2896 3,632 K 7,880 K WMI Provider Host Microsoft Corporation
winlogon.exe 564 3,120 K 7,484 K Windows Logon Application Microsoft Corporation
wininit.exe 512 1,888 K 5,072 K Windows Start-Up Application Microsoft Corporation
unsecapp.exe 692 1,968 K 5,784 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
taskhost.exe 2660 6,640 K 13,468 K Host Process for Windows Tasks Microsoft Corporation
taskeng.exe 2652 1,912 K 5,504 K Task Scheduler Engine Microsoft Corporation
SynTPHelper.exe 444 1,448 K 3,728 K Synaptics Pointing Device Helper Synaptics Incorporated
svchost.exe 884 20,092 K 23,460 K Host Process for Windows Services Microsoft Corporation
svchost.exe 756 3,992 K 9,388 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1220 1,280 K 3,180 K Host Process for Windows Services Microsoft Corporation
smss.exe 304 388 K 1,100 K Windows Session Manager Microsoft Corporation
RAVCpl64.exe 1984 10,340 K 12,124 K Realtek HD Audio Manager Realtek Semiconductor
procexp.exe 3420 2,500 K 6,476 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
PLFSetI.exe 356 2,212 K 6,924 K DefaultSettingEXE MFC Application
MMDx64Fx.exe 2828 2,000 K 4,796 K MMDx64Fx Application Dritek System Inc.
LManager.exe 712 11,916 K 12,776 K Launch Manager Keyboard Application Dritek System Inc.
jusched.exe 2092 1,308 K 4,528 K Java™ Update Scheduler Sun Microsystems, Inc.
ePowerTray.exe 2756 3,432 K 9,396 K ePowerTray Acer Incorporated
audiodg.exe 688 17,600 K 17,568 K Windows Audio Device Graph Isolation Microsoft Corporation
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
It appears to have been a combination of things and I'm not sure we are totally out of the woods yet. Is your battery still out? (I'm not saying put it back in - just curious)

Copy the next line:

reg query "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig" /s > \junk.txt

Start, (All) Programs, Accessories then right click on Command Prompt and Run as Admin. Then right click and Paste or Edit Paste and the copied line should appear. Hit Enter.
Type:

notepad \junk.txt

Copy and paste the text from notepad into a reply. That should show me what you have turned off with msconfig.

Also let's revisit the event log. Clear the events, reboot and run Vino's and let's see if we still have the nasty atapi error. It's possible that it's not too many programs but the atapi errors that are making your PC unable to run as many programs as before.

As for how I figured it out - I have worked out a routine over time. First scan for and clear all malware. Second look for and clear as many errors as you can (includes running disk check and SPC /SCANNOW). Third run speccy to check for overheating and the condition of the hard drive. Fourth run Process Explorer and try and get the System Idle over 95% (here you have to remember that the Interrupts n/a line needs to be around 1% and that laptop batteries are a main cause of high %). Fifth run a memory check. Somewhere along the line I also check for a minimum amount of RAM (XP SP3 should have at least 1 GB, Vista/Win7 2GB) and at least 11% free space on the hard drive.
  • 0

#24
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
I did have to put the battery back in this morning as I had to use my computer for school and had no way to plug it in and things *seemed* okay then but all I was doing was typing in Microsoft Word, nothing else. As soon as I got home I took it back out. Thank you for letting me know your process you've developed on narrowing this down. I'll have to save it for future reference...if I ever get done with practice logs LOL!

Here's the logs you asked for:


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\AdobeARMservice
AdobeARMservice REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x29

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\Akamai
Akamai REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0xe
SECOND REG_DWORD 0x17

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\AMD External Events Utility
AMD External Events Utility REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x28

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\Apple Mobile Device
Apple Mobile Device REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x28

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\avast! Antivirus
avast! Antivirus REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x28

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\Bonjour Service
Bonjour Service REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x28

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\bthserv
bthserv REG_DWORD 0x3
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x37
SECOND REG_DWORD 0x26

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\DsiWMIService
DsiWMIService REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x28

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\ePowerSvc
ePowerSvc REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x28

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\FLEXnet Licensing Service
FLEXnet Licensing Service REG_DWORD 0x3
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x28

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\GREGService
GREGService REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x27

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\gupdate
gupdate REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x27

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\gupdatem
gupdatem REG_DWORD 0x3
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x27

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\gusvc
gusvc REG_DWORD 0x3
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x27

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\iPod Service
iPod Service REG_DWORD 0x3
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x27

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\lxddCATSCustConnectService
lxddCATSCustConnectService REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x27

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\lxdd_device
lxdd_device REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x26

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\nlsX86cc
nlsX86cc REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x26

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\NTI IScheduleSvc
NTI IScheduleSvc REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x26

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\p2pimsvc
p2pimsvc REG_DWORD 0x3
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x22

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\p2psvc
p2psvc REG_DWORD 0x3
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x22

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\PNRPsvc
PNRPsvc REG_DWORD 0x3
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x22

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\SbieSvc
SbieSvc REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x26

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\Spooler
Spooler REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x22

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\TapiSrv
TapiSrv REG_DWORD 0x3
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x22

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\Updater Service
Updater Service REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x26

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\WinDefend
WinDefend REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x21

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\wlidsvc
wlidsvc REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x20

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\WMPNetworkSvc
WMPNetworkSvc REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x37
SECOND REG_DWORD 0x24

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\YahooAUService
YahooAUService REG_DWORD 0x2
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x14
HOUR REG_DWORD 0x17
MINUTE REG_DWORD 0x2d
SECOND REG_DWORD 0x25

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Destiny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk
item REG_SZ MagicDisc
path REG_SZ C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup REG_SZ C:\Windows\pss\MagicDisc.lnk.Startup
location REG_SZ C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
backupExtension REG_SZ .Startup
command REG_SZ C:\PROGRA~2\MAGICD~1\MAGICD~1.EXE
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0x5
DAY REG_DWORD 0x1
HOUR REG_DWORD 0xf
MINUTE REG_DWORD 0x3
SECOND REG_DWORD 0x21

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Destiny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk
item REG_SZ OneNote 2010 Screen Clipper and Launcher
path REG_SZ C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup REG_SZ C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
location REG_SZ C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
backupExtension REG_SZ .Startup
command REG_SZ C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0x5
DAY REG_DWORD 0x10
HOUR REG_DWORD 0xd
MINUTE REG_DWORD 0x30
SECOND REG_DWORD 0x19

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Destiny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk
path REG_SZ C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup REG_SZ C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
location REG_SZ C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
backupExtension REG_SZ .Startup
command REG_SZ C:\PROGRA~2\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE /noballoononstart
item REG_SZ Picture Motion Browser Media Check Tool
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x23

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Destiny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RCA Detective.lnk
item REG_SZ RCA Detective
path REG_SZ C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
backup REG_SZ C:\Windows\pss\RCA Detective.lnk.Startup
location REG_SZ C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
backupExtension REG_SZ .Startup
command REG_SZ C:\Users\Destiny\DOCUME~1\RCADET~1\RCADET~1.EXE
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x13
HOUR REG_DWORD 0x15
MINUTE REG_DWORD 0x9
SECOND REG_DWORD 0x30

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
item REG_SZ Adobe ARM
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
inimapping REG_SZ 0
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x23

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ Akamai NetSession Interface
hkey REG_SZ HKCU
command REG_SZ C:\Users\Destiny\AppData\Local\Akamai\netsession_win.exe
inimapping REG_SZ 0
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x15
SECOND REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
item REG_SZ iTunesHelper
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
inimapping REG_SZ 0
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x13
HOUR REG_DWORD 0x15
MINUTE REG_DWORD 0x9
SECOND REG_DWORD 0x3a

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ Messenger (Yahoo!)
hkey REG_SZ HKCU
command REG_SZ "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
inimapping REG_SZ 0
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x13
HOUR REG_DWORD 0x15
MINUTE REG_DWORD 0xa
SECOND REG_DWORD 0x7

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ mwlDaemon
hkey REG_SZ HKLM
command REG_SZ C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
inimapping REG_SZ 0
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x13
HOUR REG_DWORD 0x15
MINUTE REG_DWORD 0x9
SECOND REG_DWORD 0x26

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ SandboxieControl
hkey REG_SZ HKCU
command REG_SZ "C:\Program Files\Sandboxie\SbieCtrl.exe"
inimapping REG_SZ 0
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x23

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray
key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REG_SZ SmileboxTray
hkey REG_SZ HKCU
command REG_SZ "C:\Users\Destiny\AppData\Roaming\Smilebox\SmileboxTray.exe"
inimapping REG_SZ 0
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x13
HOUR REG_DWORD 0x15
MINUTE REG_DWORD 0x9
SECOND REG_DWORD 0x1a

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
item REG_SZ StartCCC
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
inimapping REG_SZ 0
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0x5
DAY REG_DWORD 0x10
HOUR REG_DWORD 0xd
MINUTE REG_DWORD 0x30
SECOND REG_DWORD 0x7

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant
key REG_SZ SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
item REG_SZ UnlockerAssistant
hkey REG_SZ HKLM
command REG_SZ "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
inimapping REG_SZ 0
YEAR REG_DWORD 0x7db
MONTH REG_DWORD 0xb
DAY REG_DWORD 0x15
HOUR REG_DWORD 0x0
MINUTE REG_DWORD 0x5
SECOND REG_DWORD 0x23

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state
services REG_DWORD 0x2
startup REG_DWORD 0x2


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/11/2011 11:17:35 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/11/2011 5:16:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/11/2011 5:16:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 21/11/2011 5:16:41 PM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/11/2011 5:16:26 PM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 21/11/2011 5:15:48 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/11/2011 11:18:15 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I would turn Avast and Windefend back on. You don't want to run without them.

The atapi errors have stopped. I hope that is because of something we turned off and not something that is just coming and going on its own.



Log: 'System' Date/Time: 21/11/2011 5:16:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 21/11/2011 5:16:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

These may be because of something you have turned off - My guess would be TapiSrv:

The idea is not to turn everything off and leave it off. We want to narrow it down to one or two that are causing the problem then uninstall them. You are going to run into problems with printing and other stuff if you leave everything off.
  • 0

Advertisements


#26
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Ahhh...was late last night when I was turning things off. Windows Defender and Avast are back on, Telephony is back on. I can live without anything print related as I don't print from this computer. About to restart with the other turned back on and see how it goes.
  • 0

#27
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Only error I got this time was:

Log: 'System' Date/Time: 21/11/2011 5:51:19 PM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126


I checked and the WLAN AutoConfig service is running...?

About to have to run off to English...and write some more on that dreaded paper that's due in 36 hours I haven't done more than a few notes on. :P
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
C:\Windows\system32\athExt.dll is missing from your system which is why we are seeing the error. Part of your wireless driver so you might check your PC maker's website and see if you can find a new wireless driver. AzureWave or Atheros.
  • 0

#29
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
I reinstalled the wireless driver from Acer's website and still got these errors:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/11/2011 6:40:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/11/2011 12:38:38 AM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/11/2011 12:38:11 AM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 22/11/2011 12:37:34 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

The good news is...playing around with my battery actually in and this is what I see:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 88.61 0 K 24 K
procexp64.exe 3140 8.65 13,364 K 21,576 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
svchost.exe 328 0.74 29,860 K 39,472 K Host Process for Windows Services Microsoft Corporation
csrss.exe 524 0.49 2,340 K 10,200 K Client Server Runtime Process Microsoft Corporation
System 4 0.39 160 K 1,084 K
Interrupts n/a 0.34 0 K 0 K Hardware Interrupts and DPCs
AvastUI.exe 2372 0.31 5,048 K 4,312 K avast! Antivirus AVAST Software
dwm.exe 2064 0.19 29,672 K 31,476 K Desktop Window Manager Microsoft Corporation
sidebar.exe 2696 0.11 17,328 K 36,600 K Windows Desktop Gadgets Microsoft Corporation
explorer.exe 2076 0.08 26,276 K 46,736 K Windows Explorer Microsoft Corporation
AvastSvc.exe 1264 0.03 21,640 K 42,652 K avast! Service AVAST Software
csrss.exe 452 0.02 1,868 K 4,172 K Client Server Runtime Process Microsoft Corporation
lsm.exe 644 0.01 2,588 K 4,668 K Local Session Manager Service Microsoft Corporation
svchost.exe 1028 0.01 8,700 K 16,220 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1188 0.01 11,968 K 16,496 K Host Process for Windows Services Microsoft Corporation
SynTPEnh.exe 2620 < 0.01 8,936 K 14,068 K Synaptics TouchPad Enhancements Synaptics Incorporated
svchost.exe 836 < 0.01 3,528 K 7,564 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3620 < 0.01 74,028 K 24,648 K Host Process for Windows Services Microsoft Corporation
WmiPrvSE.exe 2680 2,984 K 6,920 K WMI Provider Host Microsoft Corporation
winlogon.exe 568 2,956 K 7,384 K Windows Logon Application Microsoft Corporation
wininit.exe 516 1,872 K 5,056 K Windows Start-Up Application Microsoft Corporation
unsecapp.exe 2492 1,972 K 5,784 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
taskeng.exe 784 1,868 K 5,532 K Task Scheduler Engine Microsoft Corporation
SynTPHelper.exe 228 1,436 K 3,744 K Synaptics Pointing Device Helper Synaptics Incorporated
svchost.exe 1732 5,828 K 24,664 K Host Process for Windows Services Microsoft Corporation
svchost.exe 980 58,104 K 65,832 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1544 12,460 K 17,008 K Host Process for Windows Services Microsoft Corporation
svchost.exe 884 20,244 K 23,536 K Host Process for Windows Services Microsoft Corporation
svchost.exe 756 4,064 K 9,376 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2116 2,728 K 6,420 K Host Process for Windows Services Microsoft Corporation
sppsvc.exe 2772 7,220 K 12,800 K Microsoft Software Protection Platform Service Microsoft Corporation
smss.exe 304 392 K 1,100 K Windows Session Manager Microsoft Corporation
services.exe 620 5,276 K 9,248 K Services and Controller app Microsoft Corporation
rundll32.exe 2132 1,916 K 6,548 K Windows host process (Rundll32) Microsoft Corporation
RAVCpl64.exe 2588 10,296 K 12,096 K Realtek HD Audio Manager Realtek Semiconductor
procexp.exe 3312 2,516 K 6,512 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
PLFSetI.exe 2648 2,272 K 6,964 K DefaultSettingEXE MFC Application
notepad.exe 3884 1,856 K 6,408 K Notepad Microsoft Corporation
MMDx64Fx.exe 2412 1,940 K 4,728 K MMDx64Fx Application Dritek System Inc.
lsass.exe 636 4,848 K 12,604 K Local Security Authority Process Microsoft Corporation
LManager.exe 2176 11,936 K 12,792 K Launch Manager Keyboard Application Dritek System Inc.
jusched.exe 2320 1,372 K 4,556 K Java™ Update Scheduler Sun Microsystems, Inc.
ePowerTray.exe 2660 3,424 K 9,400 K ePowerTray Acer Incorporated
audiodg.exe 364 17,020 K 17,628 K Windows Audio Device Graph Isolation Microsoft Corporation

Thoughts??
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I downloaded the latest driver from atheros and it mentions the dll in its inf file but does not provide it. Can't find it anywhere to download either and there are a lot of people looking for it. Since it's working I would just ignore it.

The battery working and Interrupts still low is good news. No idea why it seemed to make a difference earlier. Are we done then? If so it's time for the cleanup:


We need to cleanup System Restore:

Copy the following:

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP