Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer won't update

Started by its_chele , Jul 23 2016 04:10 PM

Malware Sluggish

Page 4 of 10
2
3
4
5
6

Please log in to reply

#46
RKinner

Posted 14 August 2016 - 10:28 AM

Malware Expert

Expert
24,625 posts

Let's get rid of MSE and install the free Avast.

Let's install the free Avast:

http://www.avast.com/index

Click on Download then choose the free version.

Download, Save but don't install yet.

Uninstall Microsoft Security Essentials

Reboot.

Install Avast by right clicking and Run As Admin.

Decline any additional software like Google Toolbar, Dropbox or Chrome.

Once you have it installed and it has updated, run a new process explorer log.

Tonight while you sleep let it run a boot-time scan as follows:

It takes like 6 hours so I usually let it run at night.

Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan. Then at the bottom of the page click on Scan Settings.

Make sure both boxes are checked and click on the gray box to the right of the orange ones. It should turn orange. Change where it says "Fix Automatically" to "Move to

Chest." OK. Now click on Start and then close Avast. Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start. It will tell you where it saves its log. Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

#47
its_chele

Posted 14 August 2016 - 06:10 PM

Member

Topic Starter
Member
91 posts

I have uninstalled SE & installed Avast and updated -- -here is new log

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   30.10   0 K   24 K   0
WmiPrvSE.exe   29.13   5,920 K   10,300 K   3380   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
procexp64.exe   21.12   24,036 K   42,364 K   648   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
firefox.exe   4.59   251,524 K   284,048 K   1588   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
Interrupts   3.88   0 K   0 K   n/a   Hardware Interrupts and DPCs
dwm.exe   3.41   52,660 K   26,772 K   1336   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   2.21   98,208 K   99,304 K   956   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   1.84   2,512 K   9,448 K   480   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   1.36   24,804 K   38,292 K   1008   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
System   1.22   176 K   1,908 K   4
AvastSvc.exe   0.40   87,160 K   44,484 K   1232   avast! Service   AVAST Software   (Verified) AVAST Software a.s.
lsass.exe   0.18   4,764 K   10,728 K   588   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
explorer.exe   0.15   25,976 K   40,864 K   1348   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
unsecapp.exe   0.14   1,472 K   5,480 K   3084   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
avastui.exe   0.11   37,676 K   62,692 K   3128   avast! Antivirus   AVAST Software   (Verified) AVAST Software a.s.
wmpnetwk.exe   0.07   15,124 K   12,448 K   1388   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   0.04   2,684 K   5,156 K   1796   NService Application   Nero AG   (Verified) Nero AG
svchost.exe   0.03   14,128 K   14,748 K   1080   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   0.01   6,248 K   11,292 K   2428   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
csrss.exe   0.01   2,452 K   6,708 K   432   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   5,292 K   10,896 K   880   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,344 K   4,032 K   1456   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe       2,232 K   6,092 K   3632   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       996 K   2,856 K   2548   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,456 K   5,724 K   536   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,324 K   3,928 K   472   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
TosCoSrv.exe       2,224 K   3,840 K   2084   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
taskhost.exe       3,976 K   8,360 K   1596   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       7,080 K   11,884 K   984   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       3,700 K   8,012 K   696   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       10,556 K   13,144 K   1604   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       3,808 K   7,152 K   772   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       15,260 K   15,104 K   916   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,708 K   4,912 K   1988   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,368 K   5,552 K   2992   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,424 K   5,212 K   592   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,644 K   9,428 K   1832   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,140 K   10,872 K   1536   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       416 K   1,036 K   336   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
services.exe       5,072 K   7,372 K   572   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe       20,084 K   13,552 K   3604   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,572 K   6,964 K   3684   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
MotoHelperService.exe       3,204 K   6,452 K   1868   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,552 K   6,000 K   2092   MotoHelperAgent       (Verified) Motorola Mobility Inc.
lsm.exe       2,284 K   3,828 K   596   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
igfxtray.exe       1,780 K   5,296 K   2476   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,156 K   7,244 K   2592   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,592 K   9,160 K   2524   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
dllhost.exe       1,756 K   5,532 K   3636   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
cAudioFilterAgent64.exe       1,676 K   4,904 K   2984   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       1,980 K   5,980 K   1744   BelkinService   Affinegy, Inc.   (Verified) Affinegy
audiodg.exe       16,168 K   16,428 K   1812   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows

#48
RKinner

Posted 14 August 2016 - 07:02 PM

Malware Expert

Expert
24,625 posts

Let's work on this one:

WmiPrvSE.exe 29.13 5,920 K 10,300 K 3380 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

It's normal for this to jump every ten seconds or so but it should only use about 10% CPU when it does.

Copy the next line:

Winmgmt /salvagerepository

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste (or Edit then Paste) and the copied lines should appear. Hit Enter

Repeat for:

 winmgmt /verifyrepository

It should say:

WMI repository is consistent

Then try a process explorer log again.

#49
its_chele

Posted 15 August 2016 - 05:21 AM

Member

Topic Starter
Member
91 posts

08/14/2016 23:10
Scan of C:

Scan of C:

Scan of *STARTUP

File C:\0c64389ccba9a62a97ec0cbbe6\$dpx$.tmp\ee262963c3f62948a8f6f32962bf1a9d.tmp|>windows6.1-ie-servicing-x64-7mar14.cab|>servicing\packages\package_9_for_kb2792100~31bf3856ad364e35~amd64~~6.1.1.1.cat Error 42127 {CAB archive is corrupted.}
File C:\0c64389ccba9a62a97ec0cbbe6\$dpx$.tmp\ee262963c3f62948a8f6f32962bf1a9d.tmp|>windows6.1-ie-servicing-x64-7mar14.cab Error 42127 {CAB archive is corrupted.}
File C:\8ac1431f9109642a775ccf\$dpx$.tmp\73e66357f88bf4428b897e1a441e66ce.tmp|>windows6.1-rtm-client-neutral-amd64.cab|>winsxs\manifests\amd64_microsoft-windows-t..alservices-lsmproxy_31bf3856ad364e35_6.1.7600.16385_none_678126e1e50e6208.manifest Error 42127 {CAB archive is corrupted.}
File C:\8ac1431f9109642a775ccf\$dpx$.tmp\73e66357f88bf4428b897e1a441e66ce.tmp|>windows6.1-rtm-client-neutral-amd64.cab Error 42127 {CAB archive is corrupted.}
Number of searched folders: 33928
Number of tested files: 6445008
Number of infected files: 0

#50
RKinner

Posted 15 August 2016 - 11:05 AM

Malware Expert

Expert
24,625 posts

Avast just found some corrupt update downloads. No viruses.

Did you get a chance to work on my last post?

#51
its_chele

Posted 15 August 2016 - 04:28 PM

Member

Topic Starter
Member
91 posts

yeah I thought I posted that one before the avast scan sorry It did say WMI repository is consistent after both

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
procexp64.exe   25.31   22,660 K   41,996 K   3188   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   16.93   0 K   24 K   0
firefox.exe   12.31   400,436 K   433,076 K   3376   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
dwm.exe   5.71   52,316 K   28,800 K   2952   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   5.67   9,264 K   13,588 K   1416   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
Interrupts   4.73   0 K   0 K   n/a   Hardware Interrupts and DPCs
svchost.exe   4.65   4,720 K   9,552 K   3068   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   4.17   22,092 K   38,956 K   980   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   3.47   109,788 K   117,004 K   932   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
FlashPlayerPlugin_22_0_0_209.exe   3.27   19,848 K   21,892 K   3808   Adobe Flash Player 22.0 r0   Adobe Systems, Inc.   (Verified) Adobe Systems Incorporated
svchost.exe   2.90   13,908 K   15,480 K   1060   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   2.53   2,228 K   11,344 K   504   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
plugin-container.exe   1.51   11,380 K   14,160 K   3688   Plugin Container for Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
svchost.exe   1.43   17,356 K   17,880 K   884   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
System   1.38   304 K   8,224 K   4
FlashPlayerPlugin_22_0_0_209.exe   1.02   4,404 K   9,984 K   3716   Adobe Flash Player 22.0 r0   Adobe Systems, Inc.   (Verified) Adobe Systems Incorporated
AvastSvc.exe   0.78   81,340 K   40,960 K   1208   avast! Service   AVAST Software   (Verified) AVAST Software a.s.
lsass.exe   0.78   5,500 K   13,276 K   616   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.29   7,132 K   11,876 K   956   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.25   3,884 K   7,720 K   804   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
explorer.exe   0.20   36,180 K   61,028 K   2240   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
audiodg.exe   0.19   17,044 K   17,420 K   2984   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe   0.10   6,152 K   10,988 K   1364   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
lsm.exe   0.10   2,336 K   4,132 K   624   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.08   3,672 K   8,908 K   712   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe   0.07   15,176 K   15,376 K   2536   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   0.04   2,740 K   6,544 K   1624   NService Application   Nero AG   (Verified) Nero AG
taskhost.exe   0.03   7,024 K   11,304 K   1340   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
avastui.exe   0.02   11,956 K   20,268 K   3168   avast! Antivirus   AVAST Software   (Verified) AVAST Software a.s.
WLIDSVC.EXE   0.02   6,264 K   14,820 K   2004   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
SearchIndexer.exe   0.02   23,100 K   15,600 K   704   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   0.02   2,368 K   6,948 K   468   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,344 K   4,540 K   1824   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe       3,660 K   7,744 K   3512   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       2,240 K   6,224 K   1248   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       996 K   3,196 K   2064   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,460 K   6,896 K   548   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,308 K   4,256 K   512   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
unsecapp.exe       1,468 K   5,408 K   4064   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
TosCoSrv.exe       2,220 K   4,736 K   1868   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
svchost.exe       2,336 K   5,772 K   1484   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,344 K   5,636 K   596   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,520 K   10,068 K   1644   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       412 K   1,092 K   340   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
services.exe       5,364 K   8,872 K   608   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,216 K   7,328 K   4044   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
MotoHelperService.exe       3,216 K   7,984 K   1676   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,560 K   6,884 K   2820   MotoHelperAgent       (Verified) Motorola Mobility Inc.
igfxtray.exe       1,772 K   6,020 K   2456   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,092 K   7,992 K   2608   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,480 K   9,824 K   1656   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
conhost.exe       1,344 K   5,104 K   2488   Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows
cmd.exe       1,828 K   2,932 K   1308   Windows Command Processor   Microsoft Corporation   (Verified) Microsoft Windows
cAudioFilterAgent64.exe       1,632 K   5,436 K   400   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       1,976 K   7,224 K   1532   BelkinService   Affinegy, Inc.   (Verified) Affinegy

Edited by its_chele, 15 August 2016 - 04:31 PM.

#52
RKinner

Posted 15 August 2016 - 04:58 PM

Malware Expert

Expert
24,625 posts

Are you doing something like watching a video on FIREFOX?

Can you close Firefox and make a new Process Explorer log?

#53
its_chele

Posted 15 August 2016 - 07:38 PM

Member

Topic Starter
Member
91 posts

I didn't have anything open when I did last processor log but will do another :0

#54
its_chele

Posted 15 August 2016 - 07:45 PM

Member

Topic Starter
Member
91 posts

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
procexp64.exe   47.12   22,336 K   41,888 K   3996   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   21.57   0 K   24 K   0
AvastSvc.exe   6.99   61,444 K   4,600 K   1248   avast! Service   AVAST Software   (Verified) AVAST Software a.s.
dwm.exe   6.90   42,580 K   23,196 K   1340   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
Interrupts   5.65   0 K   0 K   n/a   Hardware Interrupts and DPCs
explorer.exe   3.45   23,212 K   41,924 K   1352   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
System   3.13   216 K   3,596 K   4
svchost.exe   2.38   88,920 K   92,280 K   992   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   1.55   2,472 K   11,988 K   516   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
lsass.exe   0.66   4,180 K   11,896 K   624   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.15   3,108 K   6,960 K   816   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.08   3,700 K   8,896 K   740   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.08   6,764 K   11,132 K   1020   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.05   13,484 K   15,144 K   1080   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
lsm.exe   0.04   2,224 K   4,028 K   632   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.03   9,328 K   12,884 K   1564   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   0.03   19,400 K   13,040 K   3032   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe   0.03   14,448 K   5,528 K   2272   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
services.exe   0.03   4,924 K   8,788 K   608   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.03   21,104 K   36,956 K   376   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   0.02   2,640 K   6,456 K   1808   NService Application   Nero AG   (Verified) Nero AG
avastui.exe   0.02   10,300 K   9,644 K   1280   avast! Antivirus   AVAST Software   (Verified) AVAST Software a.s.
WLIDSVC.EXE   0.01   6,216 K   14,824 K   1288   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
csrss.exe   0.01   2,284 K   7,024 K   444   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,300 K   4,596 K   1260   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
BelkinService.exe   < 0.01   1,924 K   7,260 K   1756   BelkinService   Affinegy, Inc.   (Verified) Affinegy
WmiPrvSE.exe       4,076 K   9,008 K   3496   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       2,556 K   6,440 K   1420   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       980 K   3,180 K   2208   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,444 K   6,908 K   552   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,276 K   4,324 K   508   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
unsecapp.exe       1,460 K   5,324 K   3412   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
TosCoSrv.exe       2,176 K   4,796 K   1500   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
taskhost.exe       3,308 K   7,976 K   1580   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
taskeng.exe       1,512 K   5,176 K   1536   Task Scheduler Engine   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       17,456 K   19,416 K   912   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,568 K   9,448 K   3560   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,044 K   5,572 K   2616   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,136 K   5,572 K   812   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,640 K   5,372 K   1992   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,408 K   10,304 K   1856   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,012 K   11,092 K   1528   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       412 K   1,096 K   340   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,216 K   7,324 K   1868   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
MotoHelperService.exe       3,164 K   8,036 K   1896   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,552 K   6,760 K   2324   MotoHelperAgent       (Verified) Motorola Mobility Inc.
igfxtray.exe       1,776 K   5,868 K   2064   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,096 K   7,912 K   2120   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,484 K   9,704 K   2072   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
cAudioFilterAgent64.exe       1,636 K   5,440 K   2184   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
audiodg.exe       16,152 K   16,476 K   2608   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows

#55
RKinner

Posted 15 August 2016 - 10:45 PM

Malware Expert

Expert
24,625 posts

Try deleting your current Process Explorer program and getting a new one.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

#56
its_chele

Posted 16 August 2016 - 06:10 PM

Member

Topic Starter
Member
91 posts

Deleted and reinstalled

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
procexp64.exe   50.08   22,640 K   42,188 K   4844   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   31.41   0 K   24 K   0
Interrupts   7.24   0 K   0 K   n/a   Hardware Interrupts and DPCs
dwm.exe   4.38   56,728 K   29,388 K   1640   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   2.58   2,484 K   13,608 K   504   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
System   1.62   216 K   3,628 K   4
AvastSvc.exe   1.14   75,068 K   40,964 K   1204   avast! Service   AVAST Software   (Verified) AVAST Software a.s.
explorer.exe   0.48   31,084 K   53,372 K   1656   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.23   89,020 K   97,228 K   960   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.17   3,652 K   8,936 K   704   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe   0.16   14,200 K   7,868 K   3440   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
avastui.exe   0.13   13,012 K   26,752 K   2708   avast! Antivirus   AVAST Software   (Verified) AVAST Software a.s.
lsass.exe   0.11   4,232 K   12,012 K   612   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   0.08   20,500 K   14,712 K   912   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   0.07   2,680 K   6,492 K   1692   NService Application   Nero AG   (Verified) Nero AG
svchost.exe   0.04   22,460 K   38,908 K   1016   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.04   13,084 K   15,056 K   1060   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.03   6,904 K   11,720 K   992   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   0.01   2,264 K   7,020 K   444   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   9,412 K   13,344 K   1368   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,300 K   4,604 K   1168   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe       5,176 K   10,260 K   3140   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       2,480 K   6,416 K   1344   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       992 K   3,200 K   2084   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
WLIDSVC.EXE       4,856 K   11,480 K   1472   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,444 K   6,916 K   540   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,292 K   4,316 K   496   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
unsecapp.exe       1,456 K   5,448 K   228   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
TosCoSrv.exe       2,176 K   4,812 K   1892   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
taskhost.exe       3,448 K   8,632 K   1540   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       3,528 K   7,416 K   780   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       16,844 K   17,344 K   836   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,604 K   9,496 K   828   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,644 K   5,412 K   1040   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,312 K   5,660 K   396   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,244 K   5,808 K   3404   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,568 K   10,296 K   1752   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       5,956 K   11,188 K   1324   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       420 K   1,096 K   340   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
services.exe       5,048 K   8,836 K   596   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,204 K   7,320 K   4828   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
MotoHelperService.exe       3,152 K   8,028 K   1800   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,548 K   6,860 K   1900   MotoHelperAgent       (Verified) Motorola Mobility Inc.
lsm.exe       2,232 K   4,036 K   620   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
igfxtray.exe       1,772 K   6,004 K   2240   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,080 K   7,940 K   2256   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,444 K   9,724 K   2248   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
cAudioFilterAgent64.exe       1,628 K   5,408 K   2268   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       1,924 K   7,260 K   1492   BelkinService   Affinegy, Inc.   (Verified) Affinegy

#57
RKinner

Posted 18 August 2016 - 12:07 PM

Malware Expert

Expert
24,625 posts

See if you can run DPC Latency Checker:

http://www.thesycon....ncy_check.shtml

The download is:

http://www.thesycon....clat/dpclat.exe

Just download, save and run it by right click and run as admin.

I assume you will see some red columns as in the second picture.

If that is the case try their section on

Analysing drop-out problems with DPC Latency Checker

and see if you can find which driver is causing the red columns. Note their warning about which drivers you should not disable.

If you find one, leave ti disabled and run a process explore log. Remember to wait 60 seconds to let it settle before saving the log. If you have to renable the driver to post that's OK.

#58
its_chele

Posted 18 August 2016 - 05:29 PM

Member

Topic Starter
Member
91 posts

Ok I dl & ran it had 6 red bars so I disabled some the only one I seen decrease bar was the wireless network adapter and I left it disabled -- here is new log

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
procexp64.exe   62.87   22,400 K   39,304 K   5952   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   15.28   0 K   24 K   0
dwm.exe   6.38   49,176 K   23,564 K   2940   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
AvastSvc.exe   4.78   62,008 K   43,032 K   1252   avast! Service   AVAST Software   (Verified) AVAST Software a.s.
explorer.exe   4.14   29,724 K   43,148 K   2988   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
Interrupts   2.59   0 K   0 K   n/a   Hardware Interrupts and DPCs
csrss.exe   1.56   2,356 K   11,956 K   488   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
System   1.14   168 K   848 K   4
lsass.exe   0.78   4,180 K   9,464 K   596   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.13   3,888 K   7,236 K   784   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.06   3,744 K   7,980 K   708   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.05   6,956 K   10,356 K   964   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
AvastUI.exe   0.03   12,252 K   23,120 K   2636   avast! Antivirus   AVAST Software   (Verified) AVAST Software a.s.
svchost.exe   0.03   110,004 K   113,660 K   940   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe   0.03   14,872 K   15,492 K   3468   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   0.03   6,220 K   10,492 K   2128   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
NServiceEntry.exe   0.02   2,648 K   4,832 K   1580   NService Application   Nero AG   (Verified) Nero AG
svchost.exe   0.02   10,336 K   12,436 K   1376   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
services.exe   0.02   5,096 K   7,224 K   580   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.02   28,220 K   43,220 K   992   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe   0.02   5,556 K   10,548 K   3352   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   13,176 K   13,296 K   1180   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
csrss.exe   0.01   2,404 K   6,320 K   436   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   < 0.01   22,348 K   14,000 K   932   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,352 K   3,968 K   1268   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe       2,212 K   6,016 K   2164   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       988 K   2,744 K   2288   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,484 K   5,588 K   524   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,336 K   3,604 K   476   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
unsecapp.exe       1,448 K   5,404 K   3760   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
TrustedInstaller.exe       37,736 K   43,288 K   420   Windows Modules Installer   Microsoft Corporation   (Verified) Microsoft Windows
TosCoSrv.exe       2,228 K   3,608 K   1588   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
taskhost.exe       3,492 K   7,484 K   2884   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       15,424 K   13,980 K   832   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,340 K   5,480 K   2576   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,216 K   4,828 K   600   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,624 K   9,440 K   2520   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,860 K   5,268 K   688   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,532 K   8,988 K   1628   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,660 K   8,312 K   1344   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       412 K   956 K   340   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,564 K   6,940 K   5932   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
MotoHelperService.exe       2,368 K   6,044 K   1660   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,552 K   5,620 K   3036   MotoHelperAgent       (Verified) Motorola Mobility Inc.
mmc.exe       11,788 K   14,208 K   2752   Microsoft Management Console   Microsoft Corporation   (Verified) Microsoft Windows
lsm.exe       2,288 K   3,712 K   604   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
igfxtray.exe       1,776 K   4,936 K   2892   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,132 K   6,888 K   3000   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,620 K   8,488 K   2960   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
cAudioFilterAgent64.exe       1,820 K   5,164 K   2300   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       1,972 K   5,628 K   1500   BelkinService   Affinegy, Inc.   (Verified) Affinegy
audiodg.exe       16,084 K   16,352 K   5732   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows

#59
RKinner

Posted 18 August 2016 - 11:27 PM

Malware Expert

Expert
24,625 posts

That reduced the Interrupts from 7.24 to 2.59 so clearly the Wireless driver is bad. What other drivers did you stop?

Run FRST, click on the Drivers MD5 under Optional Scan and then hit SCAN. Besides the usual frst log you should get one called drivers. Please post it.

#60
its_chele

Posted 19 August 2016 - 08:23 AM

Member

Topic Starter
Member
91 posts

I disabled those under network adapters and sound the only one that got rid of rid was the wireless

Page 4 of 10
2
3
4
5
6

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Malware, Sluggish

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,726 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,789 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,863 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,783 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,600 views	DR M 03 Feb 2022