Welcome to TechSpot! (Image courtesy animationplayhouse.com) I try and help you find those mystery processes! I need you to do the following: Prepare the system as you would for shutdown, but don't shutdown. Do a right click on the Taskbar Click on Task Manager Processes tab Double click on the top frame above the CPU Column: at this point, you should only see usage for 3 processes: taskmgr, System & System Idle. These should add up to 100%. Ignore any process that shows 1-2 in the CPU column.
Paste the name of any process other than those 3 which shows CPU use and how much it's using. I see a lot of processes running which do not need to run unless they are being used at that time. They are probably on the Startup menu to start on boot and run in the background. A big user, one you have running, is the HP Digital Imaging program and it's related processes. We will take that off of startup because all you need to do when you want to print is click on File Print!
Feb 3, 2011 - The computer runs really slow when this happens. R3 osppsvc;Office Software Protection Platform;C: Program. S3 WatAdminSvc;Windows Activation Technologies Service. O9 - Extra 'Tools' menuitem: @C: Program Files (x86) Windows Live Writer WindowsLiveWriterShortcuts.dll,-1003. Ok, so I'm seeing the Microsoft Software Protection Platform Service putting a lot of load on my CPU. I haven't noticed it before and I got a forced update reboot about a week ago. I can stop the service but not disable it.
I also see some malware, so please Run Eset NOD32 Online AntiVirus scan. Tick the box next to YES, I accept the Terms of Use. Click Start.
When asked, allow the Active X control to install. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock. Click Start.
Make sure that the option 'Remove found threats' is Unchecked, and the option 'Scan unwanted applications' is checked. Click Scan. Wait for the scan to finish. Re-enable your Antivirus software. A logfile is created and located at C: Program Files EsetOnlineScanner log.txt.
Please include this on your post. NOTE: you will have to uninstall AVG to run Combofix it's a nuisance but worth it because Combofix is a good program: Download Combofix to your desktop from one of these locations:. Double click combofix.exe & follow the prompts. If you do not have the Microsoft Windows Recovery Console installed, Combofix will give you the opportunity to install it. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Query- Recovery Console image. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:.Click on Yes, to continue scanning for malware.If Combofix asks you to update the program, allow. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Close any open browsers.Double click combofix.exe & follow the prompts to run.
When the scan completes it will open a text window. Please paste that log in your next reply.
Do not mouse-click Combofix's window while it is running. That may cause it to stall. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please tell your helper. CF disconnects your machine from the internet.
The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Restart the antivirus program when finished. Paste in log when finished. Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
Click to expand.There are some other entries I can remove with script through Combofix. A primer for using the mconfig utility to remove entries for the Startup menu:. Click on the Windows 7 start icon in the bottom left corner of your screen. Type MSCONFIG in the search box press enter or double-click on the MSCONFIG program that appears in the search results. Click on Selective Startup. Click on the Startup tab. You will now see the System Msconfig Utility Windows 7 loads almost all of Windows' essential programs are loaded through Windows Services.
So most of the startup items you see here are optional and can be turned off. When in doubt, leave it on-or- use a Startup database to identify a process you are not sure of. Uncheck any process you don't want to start on boot.
When finished click on OK Reboot the computer. When you see this message come up: Check 'don't show this message again' then Restart. Images courtesy NetSquirrel The only processes that need to start on boot are the antivirus program, third party firewall if you have one, touchpad if on laptop and network processes if using third party software for network. Any other entries in this section can be Unchecked.
This does not remove a process or program- it can still be accessed when needed through All Programs. And you can go back at a later time and reset the default programs if needed. NOTE: When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.
A NOTE for you: When you did the JDownloader download, it came bundled with a plkug-in named kikin plugin 2.3. You weren't asked if you wanted it, nor did you give your permission to put it on the system. Per description: 'Kikin Inc is reportedly 'an internet advertising company whose goal is to enhance a user’s search experience without changing the user's search behavior' I am removing it. Please run this Custom CFScript:.
1. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad click on Format Uncheck 'Word Wrap' and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines. Click to expand.All computer manufacturers preload programs, trials, and apps and they put them all on the Startup menu. Anytime you get a new computer, you should do this: 1.
Look on the Startup menu and see what is checked. If you don't know what it's for, search Google or other search engine. If it's not for the antivirus, the firewall if you have a 3rd party firewall, touchpad processes if it's a laptop or network processes if you use Pure/Cisco Network 2. Look at the installed program in the Control Panel Add/Remove Programs. Same thing here if you don't know what it's for, do a search.
But here, if it's something you won't use, uninstall it. Most programs you download give you a choice of something like Normal install vs Custom Install. Always check Custom Install. To the question 'do you want this on the Start menu click on No. Do you remember back in Reply #2, I asked you to do this? Click to expand. Did you ever do it?
Even if you weren't prepared for shutdown, any processes using high CPU would be suspect. For instance I have Firefox open with 3 tabs.
I have Outlook Express minimized on the Taskbar. I have 2 Notepads minimized. My CPU usage is 5-7% with System Idle the highest, followed by Firefox and taskmgr.
Finding processes using a high CPU isn't difficult and if they can be identified, that's half the battle! Thank you for filling me in about the Zumo Drive. I see the IconOverlay entries fairly frequently and know there are legitimate- but I hadn't been able to fine what they went with.
Let's finish up with the following scan. After I check it, I'll have you remove the cleaning tools. HijackThis doesn't scan the Services section well on a 64bit system, but I may be able to spot entries on the other lines that you can stop: Download and save to your desktop. Extract it to a directory on your hard drive called c: HijackThis. Then navigate to that directory and double-click on the hijackthis.exe file.
When started click on the Scan button and then the Save Log button to create a log of your information. The log file and then the log will open in notepad. Be sure to click on Format Uncheck Word Wrap when you open Notepad.
Click on 'Edit Select All' then click on 'Edit Copy' to copy the entire contents of the log. Come back here to this thread and paste (Ctrl+V) the log in your next reply. NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required. Crazy thing that unfinished, unchecked reply is still open in the Preview Mode on another Firefox tab! I don't know how it got posted!