Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Running; probably infected


  • This topic is locked This topic is locked
54 replies to this topic

#1 dsc123

dsc123

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 09 October 2010 - 12:59 PM

I have 2 computers (same model laptop) and one was badly infected (backdoor trojan, I was told in the malware forum) and it is being addressed. The performance improvement has been so dramatic that I now think that the second computer is probabaly infected as well. Rather than address my 2nd computer problem in the malware forum or run combfix I was told to address it here.

Startup is quite slow and there are cases where it reallly bogs down with seemingly incessant disk access. Often Internet Explorer just dies an says it has to close. I ran kaspersky online scan and it found some errors I was able to clean up using Avira and a couple that it could no clean up.

C:\Debras stuff\Identities\{2216F3BB-A3A0-460D-A720-CC21367E034D}\Microsoft\Outlook Express\2001.dbx
Suspicious: Exploit.HTML.Iframe.FileDownload 4

C:\Debras stuff\Identities\{2216F3BB-A3A0-460D-A720-CC21367E034D}\Microsoft\Outlook Express\2001.dbx
Infected: Email-Worm.Win32.BadtransII 1


I run Avira as well as Superantispyware and on ocassion PC Doctor and Spyware Terminator. What can I do to determine if there is something running that is bad?


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:33 PM

Posted 09 October 2010 - 02:22 PM

Looking over your other thread I would assume this laptop is in similar state?

http://www.malwareremoval.com/tutorials/runningslowly.php

Are you taking the fact that you have disabled Avira into account?

The other computer shows excessive ram use from too many processes running and a critical shortage of disk space, please finish with that thread before attempting any repairs not specified by Myrti


Edited by DaChew, 09 October 2010 - 02:23 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 dsc123

dsc123
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 09 October 2010 - 06:06 PM

This computer has Avira running on it. From a usability point of view it is not in the same state as the other one -- compared to what Myrti was able to improve onthe other one this one seems relatively slow but it has been continuously protected by Avira. Myrti suggested that I open this thread for the 2nd computer. Please help.

Thanks

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:33 PM

Posted 09 October 2010 - 06:24 PM

Well too many cooks spoil the soup, please don't apply any fixes to the other computer until cleared by Myrti

I can't ask for an OTL report in this forum so we will attack the slow aspect first before investigating infections.

Would you Publish a Snapshot using Speccy

http://www.bleepingcomputer.com/forums/topic323892.html

Please download Malwarebytes Anti-Malware and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Edited by DaChew, 09 October 2010 - 06:27 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#5 dsc123

dsc123
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 10 October 2010 - 10:17 AM


Here is the speccy snapshot
http://speccy.piriform.com/results/ErBu4ZE45eZKiSo8mdyubfw



The Malwarebytes log is below too. Note that malwarebytes did detect and remove some stuff and I can notice some improvement in performance, but it did not address the Kaspersky online scan items:

C:\Debras stuff\Identities\{2216F3BB-A3A0-460D-A720-CC21367E034D}\Microsoft\Outlook Express\2001.dbx
Suspicious: Exploit.HTML.Iframe.FileDownload 4

C:\Debras stuff\Identities\{2216F3BB-A3A0-460D-A720-CC21367E034D}\Microsoft\Outlook Express\2001.dbx
Infected: Email-Worm.Win32.BadtransII 1

Thanks



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4788

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/10/2010 10:59:45 AM
mbam-log-2010-10-10 (10-59-45).txt

Scan type: Quick scan
Objects scanned: 163276
Time elapsed: 1 hour(s), 34 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appinit_dlls (Trojan.Witkinat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\crntdll (Trojan.Witkinat) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\TMP1CD.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TMP1ED.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TMP930.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TMPC33.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.


#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:33 PM

Posted 10 October 2010 - 11:29 AM

Time elapsed: 1 hour(s), 34 minute(s), 44 second(s)

This is a very slow result for a MBAM quick scan on a computer of your specs


Would you cleanup your Outlook Express, Kasp found something, probably an infector sent as an attachment or embedded in the email.

2001 dbx? Is this an archive of older OE?

Make sure the preview is OFF!!

http://www.onecomputerguy.com/app_info/outlook_express_6.htm

Even with
QUOTE
Free Space: 26.0GB (24%)
, we still need to get to 40% free which is the minimum optimum to let defrag work best.

Have you started applying the slow computer fixes from my link I posted?

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note how many megs are cleaned please

Let's run SAS from safe mode please

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Edited by DaChew, 10 October 2010 - 11:34 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#7 dsc123

dsc123
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 12 October 2010 - 07:54 AM



I am not sure what you mean by "Have you started applying the slow computer fixes from my link I posted?" I have done everything you mentioned in this postin and prior ones for this problem. Maybe I missed a permanent post I was supposed to look at?

I went into outlook and used the clean up function you mention as well as turning off the message preview. The file you asked about 2001 dbx is an archive of some infrequently accessed emails. I have a backup copy elsewhere so I deleted it.

Anyway, TFC eliminated 3,406MB. There is almost 29GB of 105 free. I can move some of these files to a backup USB drive to get the total to be less than 65GB but I am reluctant to do so without making sure that the scans are all clean -- I don't want to infect by backup drive.

I ran SAS in safe mode as you suggest. In addition to the log that is listed below, it also identified several corrupt files and said I should run CHKDSK. While still in safe mode I tried to do so and was told it cannot be run as it need exclusive access to windows files. It offered that it could be automatically run at startup and a chose the checkbox that indicated I wanted this to occur. After rebooting, out of safe mode, I saw no report generated from chkdsk or any indication that chkdsk was run and the bootup took a "normal" amount of time. I don't think it ran as I checked one of the files it listed as corrupt and it remains there and accessing it provides an error message saying is corrupt. I checked a directory it said was corrupt (c:\$mft) and I could not find this file even though my folder options are set to let me see all system and hidden files. Is there a way to know if chkdsk ran or to see it run?


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/11/2010 at 11:40 PM

Application Version : 4.44.1000

Core Rules Database Version : 5670
Trace Rules Database Version: 3482

Scan type : Complete Scan
Total Scan Time : 02:17:57

Memory items scanned : 234
Memory threats detected : 0
Registry items scanned : 8799
Registry threats detected : 0
File items scanned : 114580
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@test.coremetrics[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@lucidmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kontera[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a1.interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@csm.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt



#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:33 PM

Posted 12 October 2010 - 08:22 AM

http://www.malwareremoval.com/tutorials/runningslowly.php

In this link make sure those steps are done in order

QUOTE
Ideally you need at least 15-20% of your disk to be empty, if you don't have 15% then it's time to start freeing up some disk space.


My own experience and MS sources indicate 40% is ideal, not 20%


Chewy

No. Try not. Do... or do not. There is no try.

#9 dsc123

dsc123
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 12 October 2010 - 10:51 PM

Based on the lis of thinks in the last link you sent, I am up to 37% free space and have done everything except for the defrag. Defrag says that there is a CHKDSK operation scheduled for the next boot and this must be done before defrag can happen. I rebooted 3 times and got the same results. This brings us back to how do I get CHKDSK to run? It seems to be scheduled but it never runs....




#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:33 PM

Posted 12 October 2010 - 11:11 PM

http://help.lockergnome.com/windows/CHKDSK...pict537472.html

Do not force a safe boot by using the msconfig method
Chewy

No. Try not. Do... or do not. There is no try.

#11 dsc123

dsc123
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 13 October 2010 - 07:33 AM

none of these methods worked....

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:33 PM

Posted 13 October 2010 - 07:42 AM

Download process explorer

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Extract it to your desktop(make a new folder)

Under File and save as, copy and paste the contents of Procexp.txt into a reply please.

Maybe we can find a process that loads at bootup that's interfering.

Did you try the F8 method for loading safe mode when rebooting to run chkdsk?


Chewy

No. Try not. Do... or do not. There is no try.

#13 dsc123

dsc123
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 13 October 2010 - 08:56 AM

I did try in safe mode to no effect. I also tied unsuccessfully to start from Recovery Console but Windows was stopped with a oft of text indicating that there is someting probably virus related that would cause harm to the computer if the process continued. I had never run Recovery console on this computer before so I tried multiple times with the same outcome. I did't know if this is a new problem or one that had been there a long time or if I just did not know about it, so I reinstalled recovery console directly from the microsoft website vs CD or floppy and got the same error. Bottom line is that I could not run CHKDSK in any mode and there seems to be something that is preventing Recovery console from running also.

BTW, I am running the same antivirus software on my 2nd computer (Avira, Superantispyware, Spyware terminator) and Windows firewall as wel and the other computer runs recovery console fine and also runs chkdsk and defrag too.

Below is the process explorer info you asked about.


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 97.76 0 K 16 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 0 K 0 K Deferred Procedure Calls
System 4 0 K 220 K
smss.exe 944 168 K 404 K Windows NT Session Manager Microsoft Corporation
csrss.exe 992 1,728 K 3,996 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 1020 14,712 K 4,932 K Windows NT Logon Application Microsoft Corporation
services.exe 1064 1.49 1,920 K 3,684 K Services and Controller app Microsoft Corporation
svchost.exe 1252 3,156 K 5,192 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 2348 1,936 K 5,032 K WMI Microsoft Corporation
igfxext.exe 264 3,588 K 5,148 K igfxext Module Intel Corporation
igfxsrvc.exe 2540 1,456 K 3,668 K igfxsrvc Module Intel Corporation
svchost.exe 1336 1,940 K 4,476 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1388 20,904 K 31,524 K Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2116 6,568 K 9,276 K Windows Update Microsoft Corporation
wuauclt.exe 2336 2,540 K 4,304 K Windows Update Microsoft Corporation
svchost.exe 1428 2,400 K 3,380 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1548 1,364 K 3,632 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1576 6,056 K 7,708 K Generic Host Process for Win32 Services Microsoft Corporation
WLTRYSVC.EXE 1700 424 K 1,620 K
BCMWLTRY.EXE 1712 2,904 K 6,976 K Broadcom 802.11 Network Adapter Wireless Network Controller Broadcom Corporation
spoolsv.exe 1792 3,684 K 5,704 K Spooler SubSystem App Microsoft Corporation
sched.exe 1856 3,548 K 364 K Antivirus Scheduler Avira GmbH
svchost.exe 1896 1,328 K 3,756 K Generic Host Process for Win32 Services Microsoft Corporation
IPSSVC.EXE 2016 1,028 K 2,368 K IPS Core Service Lenovo Group Limited
AcPrfMgrSvc.exe 2032 2,116 K 5,824 K Access Connections Profile Manager Service Lenovo
avguard.exe 212 97,124 K 70,972 K Antivirus On-Access Service Avira GmbH
ApplicationUpdater.exe 232 808 K 2,792 K Application Updater Spigot, Inc.
DkService.exe 320 3,616 K 6,916 K DKSERVICE.EXE Diskeeper Corporation
DkIcon.exe 3524 3,316 K 4,276 K DKICON.EXE Diskeeper Corporation
DOZESVC.EXE 444 352 K 1,184 K Doze Mode Service Program Lenovo.
FnF5svc.exe 464 228 K 956 K Lenovo Fn+F5 Service Lenovo.
PresentationFontCache.exe 476 13,000 K 8,604 K PresentationFontCache.exe Microsoft Corporation
svchost.exe 752 1,596 K 3,488 K Generic Host Process for Win32 Services Microsoft Corporation
iviRegMgr.exe 764 584 K 2,240 K RegMgr Module InterVideo
jqs.exe 804 2,056 K 1,440 K Java™ Quick Starter Service Sun Microsystems, Inc.
SupServ.exe 864 1,632 K 2,764 K
PMSveH.exe 900 304 K 1,268 K PMSveH Lenovo
PSIService.exe 964 1,932 K 2,760 K nTitles PSIService
RichVideo.exe 996 816 K 2,968 K RichVideo Module
sp_rsser.exe 1272 3,172 K 3,060 K Spyware Terminator Realtime Shield Service Crawler.com
svchost.exe 1504 2,520 K 4,340 K Generic Host Process for Win32 Services Microsoft Corporation
tvt_reg_monitor_svc.exe 1528 1,408 K 3,424 K ThinkVantage Registry Monitor Service Lenovo Group Limited
rrpservice.exe 1612 1,744 K 3,776 K rrpservice Module
rrservice.exe 1648 4,012 K 6,668 K Rescue and Recovery Backup Service Lenovo Group Limited
tvtsched.exe 1660 3,504 K 5,928 K ThinkVantage Scheduler Lenovo Group Limited
UpdateMonitor.exe 1676 5,360 K 8,120 K Fast Restore Application Lenovo Group Limited
PWMDBSVC.exe 1904 960 K 3,712 K PWMDBSVC Module
SUService.exe 2092 13,816 K 10,416 K ThinkVantage System Update Service Lenovo Group Limited
wmpnetwk.exe 2160 5,796 K 8,220 K Windows Media Player Network Sharing Service Microsoft Corporation
AcSvc.exe 2212 5,876 K 9,884 K Access Connections Main Service Lenovo
SvcGuiHlpr.exe 288 3,008 K 6,628 K Access Connections SvcGuiHlpr Application Lenovo
nmsrvc.exe 2272 12,608 K 19,692 K Network Magic Service Pure Networks, Inc.
alg.exe 3744 1,176 K 3,624 K Application Layer Gateway Service Microsoft Corporation
lsass.exe 1076 5,156 K 8,828 K LSA Shell (Export Version) Microsoft Corporation
explorer.exe 2892 20,432 K 28,136 K Windows Explorer Microsoft Corporation
PMHandler.exe 3412 3,224 K 4,388 K PMHandler Lenovo
SynTPEnh.exe 3424 4,160 K 6,620 K Synaptics TouchPad Enhancements Synaptics, Inc.
RTHDCPL.exe 3436 19,752 K 19,072 K Realtek HD Audio Control Panel Realtek Semiconductor Corp.
WLTRAY.EXE 3628 3,416 K 6,352 K Broadcom 802.11 Network Adapter Wireless Network Tray Applet Broadcom Corporation
LPMGR.EXE 3740 6,296 K 8,544 K Lenovo Care Manager Lenovo Group Limited
nmapp.exe 3776 14,896 K 24,816 K Network Magic Application Pure Networks, Inc.
ACTray.exe 3924 4,840 K 6,884 K Access Connections Tray Application Lenovo
DEVDET~1.EXE 3944 3,008 K 4,568 K Device Detector ACD Systems, Ltd.
BrStsWnd.exe 4028 3,072 K 4,876 K brstswnd brother
BRNIPMON.exe 2716 3,624 K 5,224 K BrnIPMon Brother Industries, Ltd.
SpywareTerminatorShield.Exe 852 6,428 K 7,204 K Spyware Terminator Realtime Shield Crawler.com
TpWAudAp.exe 2788 3,072 K 3,568 K Volume controller launcher for Lenovo 3000 Lenovo Group Limited
tpfnf7sp.exe 740 2,876 K 3,660 K Presentation Director Fn+F7 handler Lenovo Group Limited
cssauth.exe 3532 11,264 K 17,060 K CSS Authentication Provider Lenovo Group Limited
password_manager.exe 884 5,004 K 7,692 K Password Manager Lenovo Group Limited
scheduler_proxy.exe 2404 2,844 K 5,044 K scheduler_proxy Application Lenovo Group Limited
MCPLaunch.exe 3812 264 K 1,008 K Message Center Plus Launcher
avgnt.exe 548 4,932 K 3,596 K Antivirus System Tray Tool Avira GmbH
rundll32.exe 3952 25,596 K 36,228 K Run a DLL as an App Microsoft Corporation
UnlockerAssistant.exe 3732 3,228 K 4,260 K
SUPERANTISPYWARE.EXE 4072 80,848 K 652 K SUPERAntiSpyware Application SUPERAntiSpyware.com
SEPCSuite.exe 1208 21,608 K 27,644 K Sony Ericsson PC Suite Sony Ericsson Mobile Communications AB
wmpnscfg.exe 2308 3,752 K 5,368 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
ctfmon.exe 2444 3,552 K 5,464 K CTF Loader Microsoft Corporation
GoogleToolbarNotifier.exe 2528 4,700 K 3,008 K GoogleToolbarNotifier Google Inc.
Catfood Weather.exe 3024 18,568 K 22,444 K Catfood Weather Catfood Software
procexp.exe 4564 0.75 17,600 K 23,396 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com



#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:33 PM

Posted 13 October 2010 - 10:31 AM

QUOTE
I follow your instruction to schedule a chkdsk and then reboot n safe mode


Did you try this?


http://en.wikipedia.org/wiki/Diskeeper

DkService.exe

http://www.diskeeper.com/defrag/dkservice.aspx

Edited by DaChew, 13 October 2010 - 10:44 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#15 dsc123

dsc123
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 13 October 2010 - 11:48 AM

I am using diskkeeper lite to defrag -- it is the program that starts when I try to defrag using system tools from control panel. It won't run as there is a chkdsk process scheduled to run which never runs.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users