[RKinner]

Try Autoruns again. This time when you do the Save, Change "Save As Type": to autorun.txt

[Advertisements]

Okay

Attached Files

•  AutoRuns.txt   47.08KB   79 downloads

[goodseed]

Okay

Attached Files

•  AutoRuns.txt   47.08KB   79 downloads

[RKinner]

Run Autoruns again and Uncheck these 4 that show up in Everything

JQSIEStartDetectorImpl Class
+ "SSVHelper Class"
+ "JavaQuickStarterService"
+ "AppMgmt"

These are just remnants. It won't fix anything but might as well get rid of them.

There is a Security Advisory for some of your files:

http://support.microsoft.com/kb/954157

I can't tell if they are the same versions that they are concerned with. You would have to check your files against the versions they mention.

I'm not seeing anything evil tho. Can I see another Process Explorer log?

[goodseed]

I ran the FIX IT from Microsoft.com but I can't check it to see if it has affected anything. Everything's just too slow.

Process	PID	CPU	Private Bytes	Working Set	Description	Company Name	Verified Signer
System Idle Process	0		0 K	16 K			
svchost.exe	712		144,308 K	128,496 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
explorer.exe	1280	0.92	20,268 K	9,324 K	Windows Explorer	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
Interrupts	n/a	< 0.01	0 K	0 K	Hardware Interrupts and DPCs		
procexp.exe	664	0.20	20,964 K	8,500 K	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com	(Verified) Microsoft Corporation
System	4		0 K	32 K			
MatsBoot.exe	3328	0.10	27,104 K	7,476 K	Microsoft Automated Troubleshooting Services BootStrapper	Microsoft Corporation	(Verified) Microsoft Corporation
wuauclt.exe	2340		14,024 K	9,180 K	Windows Update	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
winlogon.exe	408		6,052 K	336 K	Windows NT Logon Application	Microsoft Corporation	(Unable to verify) Microsoft Corporation
UpdateChecker.exe	1864		20,400 K	604 K	FileHippo.com Update Checker	FileHippo.com	(Unable to verify) FileHippo.com
svchost.exe	2060		1,684 K	152 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
svchost.exe	752		2,480 K	72 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
svchost.exe	672		1,996 K	840 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Unable to verify) Microsoft Corporation
svchost.exe	624		3,136 K	380 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Unable to verify) Microsoft Corporation
svchost.exe	804		1,876 K	468 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
svchost.exe	844		4,932 K	200 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Unable to verify) Microsoft Corporation
svchost.exe	1400		1,464 K	56 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
svchost.exe	1668		2,516 K	32 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
svchost.exe	2416		9,856 K	64 K	Generic Host Process for Win32 Services	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
spoolsv.exe	1000		4,116 K	96 K	Spooler SubSystem App	Microsoft Corporation	(Unable to verify) Microsoft Corporation
smss.exe	336		180 K	40 K	Windows NT Session Manager	Microsoft Corporation	(Unable to verify) Microsoft Corporation
services.exe	452		1,920 K	420 K	Services and Controller app	Microsoft Corporation	(Unable to verify) Microsoft Corporation
QTTask.exe	1792		760 K	44 K	QuickTime Task	Apple Inc.	(Unable to verify) Apple Inc.
msseces.exe	3880		6,764 K	80 K	Microsoft Security Client User Interface	Microsoft Corporation	(Verified) Microsoft Corporation
MsMpEng.exe	3520		66,764 K	13,212 K	Antimalware Service Executable	Microsoft Corporation	(Verified) Microsoft Corporation
mscorsvw.exe	2884		1,232 K	636 K	.NET Runtime Optimization Service	Microsoft Corporation	(Verified) Microsoft Corporation
MpCmdRun.exe	668		2,436 K	80 K	Microsoft Malware Protection Command Line Utility	Microsoft Corporation	(Verified) Microsoft Corporation
MpCmdRun.exe	4004		3,900 K	88 K	Microsoft Malware Protection Command Line Utility	Microsoft Corporation	(Verified) Microsoft Corporation
MicrosoftFixit.Codec.LB.132283717439278536.2.1.Run.exe	2524		8,176 K	220 K	Microsoft® Fix it	Microsoft Corporation	(Verified) Microsoft Corporation
mDNSResponder.exe	1432		1,296 K	200 K	Bonjour Service	Apple Inc.	(Verified) Apple Inc.
lsass.exe	464		4,064 K	1,680 K	LSA Shell (Export Version)	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
LOGI_MWX.EXE	1772		756 K	32 K	Logitech Launcher Application	Logitech Inc.	(Unable to verify) Logitech Inc.
kbd.exe	1784		3,452 K	52 K	KBD EXE	Hewlett-Packard Company	(Unable to verify) Hewlett-Packard Company
iexplore.exe	616		46,064 K	10,204 K	Internet Explorer	Microsoft Corporation	(Verified) Microsoft Windows
iexplore.exe	2204		8,920 K	2,836 K			(Unable to verify) (null)
hpsysdrv.exe	1748		604 K	44 K	hpsysdrv	Hewlett-Packard Company	(Unable to verify) Hewlett-Packard Company
firefox.exe	1272		114,084 K	19,992 K	Firefox	Mozilla Corporation	(Verified) Mozilla Corporation
DivXUpdate.exe	1824		5,020 K	312 K	DivX Update		(Verified) DivX
ctfmon.exe	1856		1,084 K	1,528 K	CTF Loader	Microsoft Corporation	(Unable to verify) Microsoft Corporation
csrss.exe	384		2,048 K	620 K	Client Server Runtime Process	Microsoft Corporation	(Verified) Microsoft Windows Component Publisher
alg.exe	1136		1,268 K	68 K	Application Layer Gateway Service	Microsoft Corporation	(Unable to verify) Microsoft Corporation
AGRSMMSG.exe	1756		852 K	276 K	SoftModem Messaging Applet	Agere Systems	(Unable to verify) Agere Systems

[RKinner]

Run Process Explorer again. Hightlight the first svchost.exe and then File Save as to your desktop svchost.exe.txt Copy and paste the svchost.exe.txt file.

Also do this:

copy the next two lines:

tasklist.exe /m > \junk.txt
notepad \junk.txt

Copy and paste the text from notepad (or attach c:\junk.txt if it is too big)

[goodseed]

Also do this:

copy the next two lines:

tasklist.exe /m > \junk.txt
notepad \junk.txt

Copy and paste the text from notepad (or attach c:\junk.txt if it is too big)

Wasn't sure what you wanted me to do. I tried pasting it in cmd but it didn't recognize tasklist.exe



Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 94.62 0 K 16 K
procexp.exe 360 2.31 20,452 K 8,712 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
wuauclt.exe 2340 1.54 241,156 K 225,752 K Windows Update Microsoft Corporation (Verified) Microsoft Windows Component Publisher
System 4 0.77 0 K 32 K
Interrupts n/a 0.77 0 K 0 K Hardware Interrupts and DPCs
winlogon.exe 408 6,048 K 860 K Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
UpdateChecker.exe 1864 20,400 K 676 K FileHippo.com Update Checker FileHippo.com (Unable to verify) FileHippo.com
svchost.exe 712 145,808 K 132,308 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 624 3,156 K 880 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 672 2,016 K 752 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 804 1,876 K 840 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 2416 9,920 K 200 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1668 2,516 K 36 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 844 4,932 K 200 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 752 2,480 K 72 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2060 1,684 K 148 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1400 1,464 K 52 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
spoolsv.exe 1000 4,116 K 596 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smss.exe 336 180 K 36 K Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
services.exe 452 1,920 K 240 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
QTTask.exe 1792 760 K 40 K QuickTime Task Apple Inc. (Unable to verify) Apple Inc.
msseces.exe 3880 6,764 K 200 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
MsMpEng.exe 3520 59,764 K 9,644 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
mscorsvw.exe 2884 1,232 K 632 K .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 4040 3,920 K 688 K Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 2000 2,440 K 300 K Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
mDNSResponder.exe 1432 1,296 K 200 K Bonjour Service Apple Inc. (Verified) Apple Inc.
lsass.exe 464 3,976 K 1,132 K LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
LOGI_MWX.EXE 1772 756 K 40 K Logitech Launcher Application Logitech Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
kbd.exe 1784 3,452 K 40 K KBD EXE Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
hpsysdrv.exe 1748 604 K 36 K hpsysdrv Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
firefox.exe 3288 104,524 K 26,760 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
explorer.exe 1280 19,420 K 6,448 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
DivXUpdate.exe 1824 5,020 K 236 K DivX Update (Verified) DivX
ctfmon.exe 1856 1,088 K 1,436 K CTF Loader Microsoft Corporation (Verified) Microsoft Windows Component Publisher
csrss.exe 384 2,112 K 536 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
alg.exe 1136 1,280 K 68 K Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
AGRSMMSG.exe 1756 852 K 276 K SoftModem Messaging Applet Agere Systems (Verified) Microsoft Windows Hardware Compatibility Publisher

[RKinner]

Turns out tasklist is not part of XP home. Just XP Pro. You can get it from

http://www.computerh...xp/tasklist.exe

However, your latest Process Explorer looks pretty good.

System Idle is 94.62 which means it should be fairly quick right now.

wuauclt.exe is 1.54 which probably just means it is talking to MS to see if there are any updates. Process Explorer was able to verify it this time.

What I wanted you to do looking at the old process explorer log was

find the top svchost.exe process and click on it. (The one in bold below)

System Idle Process 0 0 K 16 K
svchost.exe 712 144,308 K 128,496 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
explorer.exe 1280 0.92 20,268 K 9,324 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher


Then create a process Explorer log. This will give me a bit more info about svchost. As you can see we have a bunch of them. Each one does something differently - actually they each do a lot of things. Since one of them was using so much CPU I wanted to see what services it handled but now it's not acting up so not much point in it.

Tasklist /m would have given me some more info. I could compare the process numbers and see what modules are being loaded.

If you open IE and click on Tools or Safety you should see a windows update option. Click on it and see if there are any updates. IF so do they download and install OK?

[goodseed]

Microsoft did not find any high priority updates. I took about 15 minutes to search. Sometimes a window will open quickly but then most internet windows take 3-4 mins to load. Is that a memory problem?