Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Malware Expert
Run Process Monitor (right click and Run As Admin) then under Options, click Enable Boot Logging. Close Process Monitor and reboot.
Open Process Monitor and it should tell you it has a boot log for you to look at.
File, Save the boot log then you will have to upload it to a file sharing service like Dropbox and post the link to the file.
https://www.computer...e-and-more.html
Member
here are 8 out of 11
https://www.dropbox....tlog-1.pml?dl=0
https://www.dropbox....tlog-2.pml?dl=0
https://www.dropbox....tlog-3.pml?dl=0
https://www.dropbox....tlog-4.pml?dl=0
https://www.dropbox....tlog-5.pml?dl=0
https://www.dropbox....tlog-6.pml?dl=0
https://www.dropbox....tlog-7.pml?dl=0
https://www.dropbox....tlog-8.pml?dl=0
the Dropbox storage is full. Can't upload the last 3 logs
Edited by mraskin, 07 January 2018 - 07:54 PM.
Malware Expert
Go in to Process Explorer and find wmiprvse.exe. Right click on it and SUSPEND or PAUSE. It seems to be in a loop where it keeps checking to see if logging is turned on. Does that have any effect on slowness or on Interrupts?
Member
suspended wmiprvse.exe it didn't effect Interrupts (jumps up to 27)
Malware Expert
OK. Create another process monitor log. Not a boot log. Just turn on Process Monitor then let it run for a minute and save the whole log and upload it to Dropbox.
Malware Expert
This time there is a svchost.exe file that is causing us grief. Unfortunately I need more info to see which one it is. Let's try again but this time save the file as .pml ( the default process monitor log) also give me a Process Explorer log and a junk file:
Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a full minute then:
File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.
Copy the next 2 lines:
TASKLIST /SVC > \junk.txt
notepad \junk.txt
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.
Member
here is the link to the process monitor log
https://www.dropbox....ogfile.PML?dl=0
below is the process explorer log:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer SearchIndexer.exe 43.97 36,596 K 23,324 K 3716 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows Interrupts 15.26 0 K 0 K n/a Hardware Interrupts and DPCs chrome.exe 14.23 60,016 K 67,440 K 3836 Google Chrome Google Inc. (Verified) Google Inc procexp.exe 13.02 20,504 K 37,964 K 2600 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation System Idle Process 7.49 0 K 12 K 0 csrss.exe 2.31 12,004 K 9,044 K 408 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows System 1.80 52 K 556 K 4 chrome.exe 0.87 47,368 K 76,096 K 2672 Google Chrome Google Inc. (Verified) Google Inc explorer.exe 0.39 23,172 K 41,192 K 2232 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows AvastSvc.exe 0.17 88,768 K 49,040 K 1252 Avast Service AVAST Software (Verified) AVAST Software s.r.o. svchost.exe 0.12 6,544 K 12,244 K 896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 0.09 30,728 K 33,808 K 928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows lsass.exe 0.08 3,248 K 7,776 K 512 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows lsm.exe 0.07 1,236 K 2,940 K 520 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows AvastUI.exe 0.04 15,800 K 36,824 K 4092 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o. svchost.exe 0.02 8,004 K 10,344 K 4728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows aswidsagent.exe 0.02 12,408 K 23,916 K 2736 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o. svchost.exe 0.01 17,072 K 16,260 K 1184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 0.01 5,376 K 9,824 K 3692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 0.01 75,788 K 78,540 K 856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows chrome.exe 0.01 20,964 K 26,380 K 3516 Google Chrome Google Inc. (Verified) Google Inc wmpnetwk.exe < 0.01 11,268 K 1,040 K 1408 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows WmiPrvSE.exe 2,096 K 5,084 K 2660 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows winlogon.exe 1,452 K 4,756 K 444 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows wininit.exe 912 K 3,032 K 396 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows TrustedInstaller.exe 7,516 K 11,528 K 3400 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows taskhost.exe 2,732 K 6,848 K 4016 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows taskeng.exe 1,168 K 3,932 K 3576 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows svchost.exe 2,732 K 5,444 K 700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 2,824 K 6,208 K 632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 9,728 K 11,608 K 1392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 17,504 K 16,384 K 752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 3,796 K 7,260 K 1536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows spoolsv.exe 5,204 K 8,232 K 1352 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows smss.exe 220 K 692 K 260 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows services.exe 4,108 K 6,592 K 504 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows msiexec.exe 2,980 K 8,544 K 2152 Windows® installer Microsoft Corporation (Verified) Microsoft Windows GoogleUpdate.exe 1,700 K 892 K 2988 Google Installer Google Inc. (Verified) Google Inc FXSSVC.exe 2,020 K 5,012 K 296 Fax Service Microsoft Corporation (Verified) Microsoft Windows dwm.exe 1,408 K 4,944 K 2376 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows DSAService.exe 18,808 K 22,456 K 1572 DSAService Intel (Verified) Intel(R) Driver & Support Assistant csrss.exe 1,656 K 3,628 K 348 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Crypserv.exe 1,976 K 3,500 K 1500 CrypKey License Service CrypKey (Canada) Ltd. (No signature was present in the subject) CrypKey (Canada) Ltd. chrome.exe 42,592 K 57,796 K 5380 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 21,052 K 24,756 K 5532 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 74,672 K 65,216 K 3388 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 1,384 K 4,572 K 2292 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 1,448 K 5,096 K 3004 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 112,912 K 97,672 K 4204 Google Chrome Google Inc. (Verified) Google Inc AvastBrowserCrashHandler.exe 1,272 K 796 K 3596 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o. audiodg.exe 16,520 K 15,492 K 2624 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
Edited by mraskin, 28 January 2018 - 12:20 AM.
Member
here is Command Prompt log:
Malware Expert
SearchIndexer.exe 43.97 36,596 K 23,324 K 3716 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
This is eating up too much CPU. Right click on it and Suspend.
The SVCHOST file that I see the most is PID 744 which does not show up in PE or the Junk file. This may indicate a hidden rootkit.
See if you can run MBAR:
https://www.malwareb...om/antirootkit/
Also try Powerliks removal tool:
https://www.symantec...-111020-0511-99
Member
I suspended SearchIndexer.exe , no effect on Interrupts runs up to 26.
Downloaded and ran MBAR and Powerliks, both did not reveal anything.
Malware Expert
See if you can download and run CPU-Z
https://www.cpuid.co...ares/cpu-z.html
Once you install it, it creates a desktop icon. Right click on it and Run As Admin.
Then go to the Bench Test and Bench Cpu. What does it say for This Processor? (There may be two - in that case give me both numbers)
Member
Hello RKinner
I have been away. Just ran CPU-Z. The processor is Intel Pentium M 1.86 Ghz
Malware Expert
I need for you to run the beach tests. It will give you some performance data.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
