Very slow pc, multiple processes

[fonziesponzie]

Hi,

I was just workin on my pc when suddenly it started going really slow, after checking task manger I saw there where 82 processes running, some where in there more then once ( scvhost.exe),

On the forums is showed that this is normal, and scvhost always has more then one process running.

There's definitely something wrong because my Process usage is Either running round 85% and staying there, OR dropping from 17 - 20 to 60 - 70, really weird

I restarted my PC in safe mode, and scanned which found 2 trojans, i deleted those succesfully but the problem is still there,

Here's a screen shot of my Taskmanager View photo | DumpYourPhoto - A free and easy photo hosting service

Ill post a Hijack log to i dont know if this would be usefull, but the more info the better look you guys can get i think ( dont know al that much about pc's), been looking around for 2 days, only found this problem solution for Windows XP,

Hijack:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:05:06, on 29/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Felix\AppData\Local\ATI Drivers\ATI_MainBoard.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ATI MainBoard] C:\Users\Felix\AppData\Local\ATI Drivers\ATI_MainBoard.exe
O4 - HKCU\..\Run: [0x017] 0x017
O4 - HKCU\..\Run: [upd.exe] C:\windows\upd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\[URL="http://excel.exe/3000"]EXCEL.EXE/3000[/URL]
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13950 bytes

Please help me, because this is an irritating problem, even more so i need lots of memeory to run 3DS max, which is lagging like hell right now

 

[kucing13]

boot in safemode and run Malwarebytes or Spybot

 

[Bill2]

Well you have decent memory but also a lot of processes running.

In Task Manager, click on "Processes" tab, then click twice on "Mem usage" so that processes are listed in descending order of RAM consumption. Post a screen shot here. Again, in task manager, click on "Performance" tab and note down the figure under Physical Memory-Available. Post that figure here.

As for cpu usage, those may be occasional spikes or consistently high usage. Wait for it to happen, then in Task Manager-Processes tab, click twice on "CPU" to list processes in descending order. Post a screenie here.

Check in MSCONFIG-Startup tab, what processes you have set up to start at boot. Disable any that can be started later or are not essential. Reboot.

 

[fonziesponzie]

Thanks for fast respons!,

here's the screenshots you requested,

View photo | DumpYourPhoto - A free and easy photo hosting service

Startup programs where already down to minimum, its really strange, when i Boot theres only round 20 processes running, 2 or 3 min after that they go way up to 80-90 ish, i dont know why or how, and if i dont check in taskmangr there would be no way i would see it, theres no programs opening.
Could this be a Mem leak ( seen it on other forums where they had same problem with CPU going to 100% couple minutes after reboot)

After posting the first post, I started having warnings For Trojans, moved and deleted them right away, but its strange i got there, havent downloaded anything in last days

Furthermore, The svchost exe's have different names before and after a reboot

 

[Bill2]

A few things I noticed.

1) The top memory consumer (as per attached picture) is ATI_MAINBOARD.EXE. Now, personally i have never heard of such a thing. Google tells me that the malware called DH8FBPYRBXUF.EXE also uses this name. See this page.

DH8FBPYRBXUF.EXE, Prevx

2) Again as per attached picture, you have the following apps running- Google Sketchup, Autocad, MSN Messenger, firefox, WMP and Word among others. Dude, 4gb is decent memory but its not a magician. If you really want so many apps running simultaneously, buy a supercomputer.

3) Your Sony in-built services like Power management and Entertainment seem to be consuming quite a lot of RAM. Review these and decide what you actually need, disable the others.

Run malware scans with Prevx and Malwarebytes. If that makes your computer infection free, review everything running on your computer. Shutdown or disable everything unnecessary. And upgrade your RAM to max.

 

[fonziesponzie]

Thanks, Yes i know have them all running, hasnt been problem before, normaly I run 3DS max or photoshop with this as well never been a real problem ,
So you recommend i delete the DH8FBPYRBXUF.EXE which cause the memory lagging with prevx ?,
Ill scan with Prevx and Malwarebytes.

 

[fonziesponzie]

Ok its getting lot worse,

Processe are popping up, havind weird names and/or in weird locations

View photo | DumpYourPhoto - A free and easy photo hosting service

View photo | DumpYourPhoto - A free and easy photo hosting service

View photo | DumpYourPhoto - A free and easy photo hosting service

Also Prevx Found the Ati and other trhreads in no time, cant delete them till I buy the program, do you know any free sotfware that will do the trick,

I could be in real trouble if this doesnt get fixed, got couple deadlines to meet by monday,
really apreciate the time and effort you put in this,

thanks, Ill keep looking and googling processes which look weird.

 

[Bill2]

Not sure about the additional processes in the attached pictures. smss.exe is a valid windows exe but can also be malware. ACDaemon and ACService are installed by Arcsoft, I think you have some of that software installed. Searchprotocolhost is related to the Windows search service.

I think Prevx removes only adware for free, more complicated infections require purchase of a license. Download and run free Malwarebytes from this page Malwarebytes' Anti-Malware: Malwarebytes.

 

[fonziesponzie]

Espacially Smss.exe is worrying me, google it comes up quite alot as worm,
but there called smss32.exe, Scanning with Malware full scan of alldrives, I'll post results afeter this, I'm not scanning in safe mode, does this matter ?

 

[fonziesponzie]

Yes next to the Prevx infections has a symbol which tells me i need to buy it,

I was wondering if i couldnt Use Hijack?, This seem to solve programs very fast, if found the ATI in the scna wth Hijack

 

[Bill2]

Use whatever you want to but make sure you only use apps or run processes from trusted sources.

 

[fonziesponzie]

Thanks, If the scan of malware is done, ill chek the winnet.exe and others that popped up, just hapoing Smss.exe is nothing bad, anything else i find i will delete with Hijack, and do extra scan in safemode with malware afterwards,

Hope this well solve my porblem thanks for help ill keep you updateed via this thread

 

[Borg 386]

This is a link to d/l a handy tool called Process Explorer. It shows all processes going on and if you r click on the process it offers a Search Online option, as well as other useful options.

Windows Sysinternals: Documentation, downloads and additional resources

SMSS.exe is part of the system files, as long as it's located in the C:\Windows\System32 folder.

If it's located in another folder, then I would investigate, it's probably malware/spyware/virus.

 

[fonziesponzie]

the strange thin is it says, located in ' \SystemRoot\System32\smss.exe and not C:\Windows\System32
Does this matter ?

 

[malexous]

Hitman Pro might find and fix the problem. It's a small download and takes a few minutes to scan so it's worth trying. If the default scan finds nothing, try the EWS scan.

 

[fonziesponzie]

Ok ill try hitman pro, scanning with spybot had no results,
Meawhile i deleted ATI_mainboard Via Hijack this, couldnt find serials for Prevx, to bad cause it looks like a good program, now I wanna check those other processes which had weird names and locations(winnit.exe location - winnit.exe And Winlogin.exe location winlogin.exe both use round 2500Kb )

I scanned with Spyboy, AVG, Malware, and ill try hitman ( I deinstall every scanner before trying another),

CPU use is now stayin at 100%, so problem not solved
THe number of processes is staying steady on 76, which is still way to much

If you want i can show a Screenshot of my taksmanager.

 

[fonziesponzie]

Scanned with hitman, showed A rootkit and malware, cant delete them tho cause its not activated -.-
Any other suggestions are welcome

heres a screen of my Taskmngr now
looks better, but still runnin gvery high

View photo | DumpYourPhoto - A free and easy photo hosting service

ATM there where no programs running, nothing running in background

CPU was at 80% proces number 76

 

[Bill2]

You need to upload a screenie of your task manager showing cpu usage in descending order. What you have uploaded right now shows your RAM usage. Remember, CPU usage and memory usage are 2 different things. try to sort them out one by one.

You still havent told us what the "Available" RAM is.

Have you run a scan with MBAM to get rid of the malware you mentioned?

 

[fonziesponzie]

Ok, ill try, not an english speaker and dont know much bout computers, ill try to give you what you need

I have 4GB of ram, how do i see the amount used ?

Hope this is what you need, let me know whats missing

View photo | DumpYourPhoto - A free and easy photo hosting service

Thanks

 

[Bill2]

1) Out of your 4gb RAM, 1.44gb is being used right now. Thats about 35%. So thats OK.

2) Your CPU graph shows 81% but adding up the cpu usage figures for individual processes totals to only 11% leaving 89% free. So, my guess is that 81% is a momentary spike. Thats normal. When one opens any app- WMP, IE, anything, theres the momentary spike then it goes down. Unless the spike continues for a while, it shoudnt be reason for worry.

3) What about your malware?