Computer Hope
Microsoft => Microsoft Windows => Windows Vista and 7 => Topic started by: p1tty on April 03, 2009, 12:19:02 PM
-
Hello,
A friend referred me to this website, hope you guys can help me out!
I'm running on Windows Vista and just the other day it started giving me trouble, running really slow. It happened after I uploaded a few gb's of videos to my computer from my camera. I have 16GB's free of the 109GB's so running low on space isn't the problem. I ran lavasoft's ad-aware scanner, did a full computer scan for viruses a couple times, I defragged, I ran a hijack this log and found a few things I needed to delete, I also used CCleaner and cleaned things up a bit. However I'm still having problems. I turned everything off at startup in case something was slowing it down. As soon as I start up, my CPU is running at 30% and spikes up to 50, 70, 90%. In firefox, if I just let it sit here it runs at around 30%-60% until I start scrolling and clicking on other tabs it spikes up to 70%+ and lags my computer a bit.
I checked out my processes and now I see a lot of svchost.exe's, one in particular was taking up a lot of my CPU so I just ended it and my taskbar is the old fashion windows XP style, except for the start button. If you have any ideas please let me know!
SS of my processes: (http://img207.imageshack.us/img207/1390/67871020.th.jpg) (http://img207.imageshack.us/my.php?image=67871020.jpg)
Hijack This Log
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
-
Someone will be along shortly to check your logs but free space is getting close o being an issue...
Windows likes approx. 15% free for comfort so 16G free on 109 is close.
-
The log has a header missing, but appears to be clean.
I'd definitely go with patio's advice, and get some more free space.
How much RAM do you have?
I don't like that svchost.exe using 49% of CPU cycles.
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
Not to hijack op's post, but I am wondering how much minimum free space would you recommend that I save on the pc? I know that too little free space can make your pc slow ....
-
Windows likes approx. 15% free for comfort
-
Windows likes approx. 15% free for comfort
oh the minimum required for the built in windows defragmenter to work without that "disk space too low, please clean up or delete some files on computer to increase disk space" type message appears.
-
It seems to be running a little bit easier, but still lags a bit and spikes up to 80-90% when I open a folder or click between tabs in firefox. Just typing fast in this reply box causes it to lag. Here is that log you asked for.
Process PID CPU Description Company Name Command Line
System Idle Process 0 27.68
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 460 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 520 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe 560 Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 604 2.18 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 792 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 856 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k rpcss
svchost.exe 984 1.46 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 1148 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x2e4
svchost.exe 1016 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 2408 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 1052 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 3148 Task Scheduler Engine Microsoft Corporation taskeng.exe {5DFABFEC-8AE4-42E0-AB86-BEA2A46635C9}
taskeng.exe 3996 0.73 Task Scheduler Engine Microsoft Corporation taskeng.exe {686FDAE8-6600-4B73-AAE2-39E4BFB5A3EC}
wuauclt.exe 4308 Windows Update Automatic Updates Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
svchost.exe 1180 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
SLsvc.exe 1244 Microsoft Software Licensing Service Microsoft Corporation C:\Windows\system32\SLsvc.exe
svchost.exe 1292 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1456 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
aawservice.exe 1628 Ad-Aware Service Lavasoft "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
spoolsv.exe 1804 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 1836 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
AppleMobileDeviceService.exe 2016 Apple Mobile Device Service Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
mDNSResponder.exe 120 Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
svchost.exe 304 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k bthsvcs
jqs.exe 392 Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
ccSvcHst.exe 840 Symantec Service Framework Symantec Corporation "C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll" /prefetch:1
ccSvcHst.exe 3824 Symantec Service Framework Symantec Corporation "C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" /c /a /s UserSession
PnkBstrA.exe 976 C:\Windows\system32\PnkBstrA.exe
svchost.exe 1988 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
rpcnet.exe 1992 rpcnet Absolute Software Corp. C:\Windows\system32\rpcnet.exe
svchost.exe 2052 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
dllhost.exe 2116 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75}
svchost.exe 2208 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k WerSvcGroup
winvnc4.exe 2248 VNC Server Free Edition for Win32 RealVNC Ltd. "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
SearchIndexer.exe 2300 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
tcsd_win32.exe 2516 "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe"
dllhost.exe 2952 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
wmpnetwk.exe 3508 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
msdtc.exe 3564 MS DTCconsole program Microsoft Corporation C:\Windows\System32\msdtc.exe
iPodService.exe 4876 iPodService Module Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe"
lsass.exe 616 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 624 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 572 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 764 Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 2472 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
rundll32.exe 2928 Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
rundll32.exe 3028 Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\nvHotkey.dll,Start
jusched.exe 3052 Java(TM) Platform SE binary Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jusched.exe"
WavXDocMgr.exe 3068 WavX Document Manager Application Wave Systems Corp. "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe"
SecureUpgrade.exe 3076 Check For Later Product Line Wave Systems Corp. "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
iTunesHelper.exe 3108 iTunesHelper Module Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
wmpnscfg.exe 3272 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe"
SetPoint.exe 3304 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. "C:\Program Files\Logitech\SetPoint\SetPoint.exe"
KHALMNPR.exe 3924 Logitech KHAL Main Process Logitech, Inc. KHALMNPR.EXE /API
procexp.exe 5964 3.64 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Bob\Documents\Process Explorer\procexp.exe"
Ventrilo.exe 3444 Ventrilo by Flagship Industries, Inc. "C:\Program Files\Ventrilo\Ventrilo.exe"
iTunes.exe 3144 0.73 iTunes Apple Inc. "C:\Program Files\iTunes\iTunes.exe"
AppleMobileDeviceHelper.exe 5464 AppleMobileDeviceHelper "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\29996413-1993606544175843144 --parentPipe
distnoted.exe 1592 distnoted.exe "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe"
WINWORD.EXE 2628 Microsoft Office Word Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE"
rundll32.exe 3180 Windows host process (Rundll32) Microsoft Corporation rundll32 NVSVC.DLL,nvsvcInitialize
firefox.exe 4452 64.09 Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
I also just deleted some stuff and now I have 21.6GB's of 109 free. This laptop has 2GB's of ram and has a 2.2GHz dual core. I've had the space down to just a couple of GB's free and it was faster than it is now. That svchost that was taking up a lot of the CPU I ended it and restarted and it's not taking up that amount of CPU anymore. I'm so confused now with why it's running so slow. Just typing here, every several seconds it freezes up and takes a second to catch up with what I'm typing. Arg, this is frustrating lol.
-
Firefox is using over 64% of your CPU cycles, which is not normal.
You're not opening any new pages, while running Process Explorer?
Did you try to free some HD space?
You never said, how much RAM you have.
Do this.
Close Firefox. Wait a few moments, because sometimes it takes some time to close FF process.
Post new PE log.
Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
Post new PE log.
-
I did as you said, when I closed firefox my CPU cycles went down to 5-10%, I am running firefox in safemode now and it seems a whole lot better. No lag so far. It does spike up to 60-70% sometimes, but this is much better. It is steadily running at around 30% which is pretty smooth. So does this mean one of my plugins or scripts is lagging my laptop? My specs are at the bottom of my previous post, I was modifying it while you wrote your last response. Thanks for your help so far!
Process PID CPU Description Company Name Command Line
System Idle Process 0 59.77
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 460 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 520 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe 560 Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 604 2.37 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 792 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
mobsync.exe 6064 Microsoft Sync Center Microsoft Corporation C:\Windows\System32\mobsync.exe -Embedding
svchost.exe 856 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k rpcss
svchost.exe 984 2.96 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 1148 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x2e4
svchost.exe 1016 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 2408 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 1052 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 3148 Task Scheduler Engine Microsoft Corporation taskeng.exe {5DFABFEC-8AE4-42E0-AB86-BEA2A46635C9}
taskeng.exe 3996 Task Scheduler Engine Microsoft Corporation taskeng.exe {686FDAE8-6600-4B73-AAE2-39E4BFB5A3EC}
wuauclt.exe 4308 Windows Update Automatic Updates Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
svchost.exe 1180 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
SLsvc.exe 1244 Microsoft Software Licensing Service Microsoft Corporation C:\Windows\system32\SLsvc.exe
svchost.exe 1292 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1456 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
aawservice.exe 1628 Ad-Aware Service Lavasoft "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
spoolsv.exe 1804 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 1836 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
AppleMobileDeviceService.exe 2016 Apple Mobile Device Service Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
mDNSResponder.exe 120 Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
svchost.exe 304 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k bthsvcs
jqs.exe 392 Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
ccSvcHst.exe 840 Symantec Service Framework Symantec Corporation "C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll" /prefetch:1
ccSvcHst.exe 3824 Symantec Service Framework Symantec Corporation "C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe" /c /a /s UserSession
PnkBstrA.exe 976 C:\Windows\system32\PnkBstrA.exe
svchost.exe 1988 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
rpcnet.exe 1992 rpcnet Absolute Software Corp. C:\Windows\system32\rpcnet.exe
svchost.exe 2052 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
dllhost.exe 2116 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75}
svchost.exe 2208 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k WerSvcGroup
winvnc4.exe 2248 VNC Server Free Edition for Win32 RealVNC Ltd. "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
SearchIndexer.exe 2300 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 4180 Microsoft Windows Search Protocol Host Microsoft Corporation "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe21_ Global\UsGthrCtrlFltPipeMssGthrPipe21 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
SearchFilterHost.exe 5172 Microsoft Windows Search Filter Host Microsoft Corporation "C:\Windows\system32\SearchFilterHost.exe" 0 644 648 656 65536 652
tcsd_win32.exe 2516 "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe"
dllhost.exe 2952 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
wmpnetwk.exe 3508 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
msdtc.exe 3564 MS DTCconsole program Microsoft Corporation C:\Windows\System32\msdtc.exe
iPodService.exe 4876 iPodService Module Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe"
lsass.exe 616 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 624 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 572 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 764 Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 2472 2.96 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
rundll32.exe 2928 Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
rundll32.exe 3028 Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\nvHotkey.dll,Start
jusched.exe 3052 Java(TM) Platform SE binary Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jusched.exe"
WavXDocMgr.exe 3068 WavX Document Manager Application Wave Systems Corp. "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe"
SecureUpgrade.exe 3076 Check For Later Product Line Wave Systems Corp. "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
iTunesHelper.exe 3108 iTunesHelper Module Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
wmpnscfg.exe 3272 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe"
SetPoint.exe 3304 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. "C:\Program Files\Logitech\SetPoint\SetPoint.exe"
KHALMNPR.exe 3924 Logitech KHAL Main Process Logitech, Inc. KHALMNPR.EXE /API
procexp.exe 5964 10.06 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Bob\Documents\Process Explorer\procexp.exe"
Ventrilo.exe 3444 Ventrilo by Flagship Industries, Inc. "C:\Program Files\Ventrilo\Ventrilo.exe"
iTunes.exe 3144 iTunes Apple Inc. "C:\Program Files\iTunes\iTunes.exe"
AppleMobileDeviceHelper.exe 5464 AppleMobileDeviceHelper "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\29996413-1993606544175843144 --parentPipe
distnoted.exe 1592 distnoted.exe "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe"
WINWORD.EXE 2628 Microsoft Office Word Microsoft Corporation "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE"
firefox.exe 5904 21.90 Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
rundll32.exe 3180 Windows host process (Rundll32) Microsoft Corporation rundll32 NVSVC.DLL,nvsvcInitialize
-
30% is better, but still high. My FF never uses more than 2-3% of CPU at the most.
Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).
Click on Startup tab.
Click Disable all
Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.
Click OK.
Restart computer in Normal Mode.
NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.
Run FF with no-adds, and post new PE log.
P. S. I'll be gone for couple of hours...
-
Sorry it's taken so long. I did as you said and this is the PE log when I'm running firefox in safemode.
Process PID CPU Description Company Name Command Line
System Idle Process 0 93.39
procexp.exe 1984 2.99 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "c:\Users\Bob\Documents\Process Explorer\procexp.exe"
svchost.exe 1008 2.24 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
services.exe 608 1.49 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
wuauclt.exe 2796 Windows Update Automatic Updates Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
wmpnscfg.exe 3164 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe"
wmpnetwk.exe 3200 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
winlogon.exe 704 Windows Logon Application Microsoft Corporation winlogon.exe
wininit.exe 564 Windows Start-Up Application Microsoft Corporation wininit.exe
TrustedInstaller.exe 1784 Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe 2784 Task Scheduler Engine Microsoft Corporation taskeng.exe {169456CF-BB5B-4D12-AA77-1B76038A520C}
taskeng.exe 2144 Task Scheduler Engine Microsoft Corporation taskeng.exe {BD59BD6B-5C28-409B-AED2-B5F4885BA333}
System 4
svchost.exe 1040 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe 1060 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 1500 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 1324 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 864 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k rpcss
svchost.exe 808 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 1228 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
svchost.exe 1760 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 1948 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k bthsvcs
svchost.exe 2028 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 280 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 1480 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k WerSvcGroup
spoolsv.exe 1724 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
smss.exe 388 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
SLsvc.exe 1284 Microsoft Software Licensing Service Microsoft Corporation C:\Windows\system32\SLsvc.exe
SearchIndexer.exe 860 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
OrbTray.exe 2836 Orb Orb Networks "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"
Orb.exe 3436 Orb Application Orb Networks, Inc. "C:\Program Files\Orb Networks\Orb\bin\Orb.exe"
msdtc.exe 2492 MS DTCconsole program Microsoft Corporation C:\Windows\System32\msdtc.exe
msconfig.exe 2960 System Configuration Utility Microsoft Corporation "C:\Windows\System32\msconfig.exe" /auto
lsm.exe 632 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
lsass.exe 620 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
Interrupts n/a Hardware Interrupts
firefox.exe 3136 Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe" "-safe-mode"
explorer.exe 2808 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
dwm.exe 2752 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
DPCs n/a Deferred Procedure Calls
dllhost.exe 652 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75}
dllhost.exe 2236 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
csrss.exe 576 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
csrss.exe 524 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
audiodg.exe 1192 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x304
This is the PE log when I run firefox normally, it's down to only a few %
Process PID CPU Description Company Name Command Line
System Idle Process 0 96.66
procexp.exe 1984 2.25 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "c:\Users\Bob\Documents\Process Explorer\procexp.exe"
services.exe 608 1.50 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
wuauclt.exe 2796 Windows Update Automatic Updates Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
wmpnscfg.exe 3164 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe"
wmpnetwk.exe 3200 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
winlogon.exe 704 Windows Logon Application Microsoft Corporation winlogon.exe
wininit.exe 564 Windows Start-Up Application Microsoft Corporation wininit.exe
TrustedInstaller.exe 1784 Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe 2784 Task Scheduler Engine Microsoft Corporation taskeng.exe {169456CF-BB5B-4D12-AA77-1B76038A520C}
taskeng.exe 2144 Task Scheduler Engine Microsoft Corporation taskeng.exe {BD59BD6B-5C28-409B-AED2-B5F4885BA333}
System 4
svchost.exe 1500 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 1040 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe 808 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 1760 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 1008 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 1060 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 1324 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 864 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k rpcss
svchost.exe 1228 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
svchost.exe 1948 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k bthsvcs
svchost.exe 2028 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 280 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 1480 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k WerSvcGroup
spoolsv.exe 1724 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
smss.exe 388 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
SLsvc.exe 1284 Microsoft Software Licensing Service Microsoft Corporation C:\Windows\system32\SLsvc.exe
SearchIndexer.exe 860 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
OrbTray.exe 2836 Orb Orb Networks "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"
Orb.exe 3436 Orb Application Orb Networks, Inc. "C:\Program Files\Orb Networks\Orb\bin\Orb.exe"
notepad.exe 3432 Notepad Microsoft Corporation "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Bob\Documents\Process Explorer\ProcexpFFsafemode.txt
msdtc.exe 2492 MS DTCconsole program Microsoft Corporation C:\Windows\System32\msdtc.exe
msconfig.exe 2960 System Configuration Utility Microsoft Corporation "C:\Windows\System32\msconfig.exe" /auto
lsm.exe 632 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
lsass.exe 620 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
Interrupts n/a Hardware Interrupts
firefox.exe 3308 Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
explorer.exe 2808 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
dwm.exe 2752 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
DPCs n/a Deferred Procedure Calls
dllhost.exe 652 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75}
dllhost.exe 2236 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
csrss.exe 576 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
csrss.exe 524 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
audiodg.exe 1192 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x304
-
Now, it looks normal.
Repeat same procedure, but this time disable Norton's entries only.
Restart, and run PE again.
-
Ok, I enabled everything else besides Norton, here it is again.
Process PID CPU Description Company Name Command Line
System Idle Process 0 88.32
svchost.exe 1080 5.20 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
procexp.exe 4428 2.97 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "c:\Users\Bob\Documents\Process Explorer\procexp.exe"
services.exe 640 1.48 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
Orb.exe 3816 0.74 Orb Application Orb Networks, Inc. "C:\Program Files\Orb Networks\Orb\bin\Orb.exe"
DPCs n/a 0.74 Deferred Procedure Calls
YStart.exe 2176 Application Starter CASIO COMPUTER CO.,LTD. "C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe"
wuauclt.exe 4140 Windows Update Automatic Updates Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
wmpnscfg.exe 2412 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe"
wmpnetwk.exe 2264 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
WmiPrvSE.exe 2856 WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
winvnc4.exe 2136 VNC Server Free Edition for Win32 RealVNC Ltd. "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
winlogon.exe 808 Windows Logon Application Microsoft Corporation winlogon.exe
wininit.exe 596 Windows Start-Up Application Microsoft Corporation wininit.exe
WavXDocMgr.exe 3696 WavX Document Manager Application Wave Systems Corp. "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe"
tcsd_win32.exe 2228 "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe"
taskeng.exe 3440 Task Scheduler Engine Microsoft Corporation taskeng.exe {8BE1F400-0A23-453E-B2B7-12C676B3B61C}
taskeng.exe 2524 Task Scheduler Engine Microsoft Corporation taskeng.exe {55A89D85-AC86-4F30-B8E9-65066E8F11BD}
System 4
svchost.exe 1512 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 832 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 1048 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 1108 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 1348 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 896 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k rpcss
svchost.exe 1240 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
svchost.exe 1892 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 476 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k bthsvcs
svchost.exe 1000 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 352 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 2112 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k WerSvcGroup
spoolsv.exe 1856 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
smss.exe 452 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
SLsvc.exe 1296 Microsoft Software Licensing Service Microsoft Corporation C:\Windows\system32\SLsvc.exe
SetPoint.exe 2336 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. "C:\Program Files\Logitech\SetPoint\SetPoint.exe"
SecureUpgrade.exe 3744 Check For Later Product Line Wave Systems Corp. "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
SearchProtocolHost.exe 4696 Microsoft Windows Search Protocol Host Microsoft Corporation "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
SearchIndexer.exe 2184 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchFilterHost.exe 4728 Microsoft Windows Search Filter Host Microsoft Corporation "C:\Windows\system32\SearchFilterHost.exe" 0 644 648 656 65536 652
rundll32.exe 3800 Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\nvHotkey.dll,Start
rundll32.exe 1140 Windows host process (Rundll32) Microsoft Corporation rundll32 NVSVC.DLL,nvsvcInitialize
rundll32.exe 3792 Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
rpcnet.exe 1308 rpcnet Absolute Software Corp. C:\Windows\system32\rpcnet.exe
reader_sl.exe 1232 Adobe Acrobat SpeedLauncher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe"
PnkBstrA.exe 892 C:\Windows\system32\PnkBstrA.exe
OrbTray.exe 3516 Orb Orb Networks "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"
msdtc.exe 2736 MS DTCconsole program Microsoft Corporation C:\Windows\System32\msdtc.exe
msconfig.exe 3684 System Configuration Utility Microsoft Corporation "C:\Windows\System32\msconfig.exe" /auto
mDNSResponder.exe 388 Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
lsm.exe 664 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
lsass.exe 652 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
KHALMNPR.exe 976 Logitech KHAL Main Process Logitech, Inc. KHALMNPR.EXE /API
jusched.exe 3708 Java(TM) Platform SE binary Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jusched.exe"
jqs.exe 564 Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
iTunesHelper.exe 4088 iTunesHelper Module Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
iPodService.exe 3164 iPodService Module Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe"
Interrupts n/a Hardware Interrupts
firefox.exe 4660 Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
explorer.exe 3496 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
dwm.exe 3452 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
dllhost.exe 2036 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75}
dllhost.exe 2476 COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
csrss.exe 608 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
csrss.exe 556 Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
audiodg.exe 1208 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x2e0
AppleMobileDeviceService.exe 384 Apple Mobile Device Service Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
aawservice.exe 1680 Ad-Aware Service Lavasoft "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
-
See? Excellent!
Get rid of Norton, using this: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
Replace it with one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/index.html
- free PC Tools Firewall Plus: http://www.pctools.com/firewall/
- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.
If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use PC Tools Firewall Plus.
If you decide to install Comodo, make sure, Windows firewall is turned off.
IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.