CPU constant at 30-40% Kernel Times 90% of that

No changes after uncheck QOS or after running all the commands agen.

And no changes after uninstalling the Network Ethernet adapter and restarting.

But it still goes to zero when i disable the Local Area Connection.

 

OK Drag

Pretty much proves it is something to do with networking.

We need to see this issue in a striped envoronment so boot to safe mode networking.

Run ATF-Cleaner and CCleaner both cleaner and registry just to clear the temps etc.

This is similar to what we have done before but not from safe mode.

Post me a HJT and DSS log.

XP Home does not have the XP Pro Tasklist but can be added.

D/L http://www.computerhope.com/download/winxp/tasklist.exe

Once downloaded this program must be placed in the windows\system32 folder so get it there.

Then do the below!

Need to see all but especially the SVCHOSTS.

SVCHOST can run many times, can also run many processes within a single entry.

To see what svchost is running hidden from you copy the text between the lines but not the lines.

----------------------------------------------------------
%SystemRoot%\system32\cmd.exe /c %windir%\system32\tasklist.exe /svc >> "%USERPROFILE% "\Desktop\Tasklist.txt
----------------------------------------------------------

then
Start-Run
type cmd
hit enter or click OK

rt click in the open cmd screen and rt then paste
hit enter twice
close cmd prompt

Now there is a new icon on the desktop Tasklist.txt.

This will show what each svchost is running.

Remember this is from safe mode.

Once I see your post from above hopefully I will see your issse and my next post will ask you to End the process of certain tasks also from safe mode.

Mike

 

Something hapend when i tried to restart end login via safe mode whid networking i got to the screen where i shouse Admin or my normal user clicking the admin use sends me to a black screen whid the text Safe Mode in each corner and the pointer in the middle (i can move the pointer) then it yust stands there fore houers when i trie to do a normal boot i get so i can see the desktop pickture and the pointer and it yust stands there.

Normal safe mode is the same as whid Networking.

I'm going to makea clean Install of win xp this time pro (found my dads old key he uses vista now)

So tanxs fore all your help and if i get the same problem i'l be back.

 

Hawe yust reinstalled windows and only installed the driver fore the aodio network and SP3 (in that order)

And after insalling SP3 i got the same problem as before (only had SP2 last time)

-:EDIT:-

Like this

Installed windows
Checkt CPU (no problem)
Installed Aodio Driver
Checkt CPU (no problem)
Restart
Checkt CPU (no problem)
Installed Network Devise
Checkt CPU (no problem)
Restart
Checkt CPU (no problem)
Installed SP3
Checkt CPU (no problem)
Restart
Checkt CPU (problem)

 

Now i hawe done #22

hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:49:22, on 2008-06-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

--
End of file - 1521 bytes

main.txt

Deckard's System Scanner v20071014.68
Run by Administratör on 2008-06-08 01:50:00
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 4 Restore Point(s) --
4: 2008-06-07 23:09:13 UTC - RP4 - Installerade Windows XP Service Pack 3.
3: 2008-06-07 22:57:39 UTC - RP3 - Uppdatera till en osignerad drivrutin
2: 2008-06-07 22:41:20 UTC - RP2 - Installed Windows XP KB888111WXP.
1: 2008-06-07 22:37:13 UTC - RP1 - Systemkontrollpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administratör.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:50:13, on 2008-06-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Installer\Programm\dss.exe
C:\Program\TRENDM~1\HIJACK~1\Administratör.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

--
End of file - 1507 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1 ",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - c:\windows\system32\drivers\yk51x86.sys <Not Verified; Marvell; Marvell Yukon Ethernet Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Videostyrenhet (VGA-kompatibel)
Device ID: PCI\VEN_1002&DEV_9501&SUBSYS_E620174B&REV_00\4&178951BB&0&0008
Manufacturer:
Name: Videostyrenhet (VGA-kompatibel)
PNP Device ID: PCI\VEN_1002&DEV_9501&SUBSYS_E620174B&REV_00\4&178951BB&0&0008
Service:


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 02:17:21 0 d-------- C:\Program\Delade filer\ODBC
2008-06-08 02:17:18 0 dr------- C:\Program
2008-06-08 02:17:18 0 d-------- C:\Program\Delade filer
2008-06-08 02:17:18 0 d-------- C:\Program\Delade filer\SpeechEngines
2008-06-08 02:17:01 0 dr------- C:\Documents and Settings\Default User\Start-meny
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\Default User\Skrivbord
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\Default User\Skrivare
2008-06-08 02:17:01 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\Default User\Nätverket
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\Default User\Mina dokument
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\Default User\Mallar
2008-06-08 02:17:01 0 dr-h----- C:\Documents and Settings\Default User\Lokala inställningar
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\Default User\Favoriter
2008-06-08 02:17:01 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-08 02:17:01 0 dr------- C:\Documents and Settings\All Users\Start-meny
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\All Users\Skrivbord
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\All Users\Mallar
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\All Users\Favoriter
2008-06-08 02:17:01 0 dr------- C:\Documents and Settings\All Users\Dokument
2008-06-08 02:16:23 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-08 02:16:23 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-08 02:16:18 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-08 02:16:18 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-08 02:16:18 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-08 02:16:18 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-08 02:16:06 0 d-------- C:\Documents and Settings
2008-06-08 02:12:13 0 d-------- C:\WINDOWS
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\WinSxS
2008-06-08 02:12:13 0 dr------- C:\WINDOWS\Web
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\twain_32
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\wins
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\wbem
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\usmt
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\spool
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\Setup
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\ras
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\oobe
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\npp
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\mui
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\IME
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\ias
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\export
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\drivers
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-08 02:12:13 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\config
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\3076
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\2052
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1054
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1053
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1042
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1041
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1037
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1033
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1031
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1028
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1025
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\security
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Resources
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\repair
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\mui
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\msapps
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\msagent
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Media
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\java
2008-06-08 02:12:13 0 d--h----- C:\WINDOWS\inf
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\ime
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Help
2008-06-08 02:12:13 0 dr--s---- C:\WINDOWS\Fonts
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Driver Cache
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Debug
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Cursors
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Config
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\AppPatch
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\addins
2008-06-08 01:48:54 0 dr-h----- C:\Documents and Settings\Administratör\Recent
2008-06-08 01:44:39 0 dr------- C:\Documents and Settings\Administratör\Start-meny
2008-06-08 01:44:39 0 d-------- C:\Documents and Settings\Administratör\Skrivbord
2008-06-08 01:44:39 0 d--h----- C:\Documents and Settings\Administratör\Skrivare
2008-06-08 01:44:39 0 dr-h----- C:\Documents and Settings\Administratör\SendTo
2008-06-08 01:44:39 0 d--h----- C:\Documents and Settings\Administratör\Nätverket
2008-06-08 01:44:39 524288 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT
2008-06-08 01:44:39 0 d-------- C:\Documents and Settings\Administratör\Mina dokument
2008-06-08 01:44:39 0 d--h----- C:\Documents and Settings\Administratör\Mallar
2008-06-08 01:44:39 0 d--h----- C:\Documents and Settings\Administratör\Lokala inställningar
2008-06-08 01:44:39 0 d-------- C:\Documents and Settings\Administratör\Favoriter
2008-06-08 01:44:39 0 d---s---- C:\Documents and Settings\Administratör\Cookies
2008-06-08 01:44:39 0 dr-h----- C:\Documents and Settings\Administratör\Application Data
2008-06-08 01:43:16 0 d-------- C:\WINDOWS\CSC
2008-06-08 01:39:12 0 d-------- C:\Program\Trend Micro
2008-06-08 01:38:53 0 d-------- C:\Program\CCleaner
2008-06-08 01:25:16 0 d-------- C:\Documents and Settings\LocalService\Start-meny
2008-06-08 01:19:09 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-08 01:18:21 0 d-------- C:\WINDOWS\Prefetch
2008-06-08 01:12:51 0 d-------- C:\WINDOWS\system32\sv-se
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\system32\sv
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\system32\bits
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\provisioning
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\peernet
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\l2schemas
2008-06-08 01:11:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-08 01:09:44 0 d-------- C:\WINDOWS\network diagnostic
2008-06-08 01:07:44 0 d-------- C:\WINDOWS\EHome
2008-06-08 00:58:39 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-08 00:57:40 223104 -ra------ C:\WINDOWS\system32\drivers\yk51x86.sys <Not Verified; Marvell; Marvell Yukon Ethernet Controller>
2008-06-08 00:54:46 0 d-------- C:\WINDOWS\system32\Lang
2008-06-08 00:41:53 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-08 00:41:51 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-08 00:41:48 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-08 00:41:14 0 d-------- C:\Program\Realtek
2008-06-08 00:41:14 0 d--h----- C:\Program\InstallShield Installation Information
2008-06-08 00:41:08 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-08 00:41:08 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-08 00:41:05 0 d-------- C:\Program\Delade filer\InstallShield
2008-06-08 00:37:07 0 d--hs---- C:\WINDOWS\Installer
2008-06-08 00:37:05 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Identities
2008-06-08 00:36:53 0 dr------- C:\Documents and Settings\Dr. Drago\Start-meny
2008-06-08 00:36:53 0 d-------- C:\Documents and Settings\Dr. Drago\Skrivbord
2008-06-08 00:36:53 0 d--h----- C:\Documents and Settings\Dr. Drago\Skrivare
2008-06-08 00:36:53 0 dr-h----- C:\Documents and Settings\Dr. Drago\SendTo
2008-06-08 00:36:53 0 dr-h----- C:\Documents and Settings\Dr. Drago\Recent
2008-06-08 00:36:53 0 d--h----- C:\Documents and Settings\Dr. Drago\Nätverket
2008-06-08 00:36:53 786432 --ah----- C:\Documents and Settings\Dr. Drago\NTUSER.DAT
2008-06-08 00:36:53 0 dr------- C:\Documents and Settings\Dr. Drago\Mina dokument
2008-06-08 00:36:53 0 d--h----- C:\Documents and Settings\Dr. Drago\Mallar
2008-06-08 00:36:53 0 d--h----- C:\Documents and Settings\Dr. Drago\Lokala inställningar
2008-06-08 00:36:53 0 dr------- C:\Documents and Settings\Dr. Drago\Favoriter
2008-06-08 00:36:53 0 d---s---- C:\Documents and Settings\Dr. Drago\Cookies
2008-06-08 00:36:53 0 dr-h----- C:\Documents and Settings\Dr. Drago\Application Data
2008-06-08 00:36:53 0 d---s---- C:\Documents and Settings\Dr. Drago\Application Data\Microsoft
2008-06-08 00:36:25 0 d--hs---- C:\System Volume Information
2008-06-08 00:36:24 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-08 00:36:24 0 d--h----- C:\Documents and Settings\NetworkService\Lokala inställningar
2008-06-08 00:36:24 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-08 00:36:24 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-08 00:36:24 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-08 00:36:24 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-08 00:36:24 0 d--h----- C:\Documents and Settings\LocalService\Lokala inställningar
2008-06-08 00:36:24 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-06-08 00:36:24 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-08 00:36:24 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-08 00:33:53 0 d-------- C:\WINDOWS\system32\xircom
2008-06-08 00:33:53 0 d-------- C:\Program\microsoft frontpage
2008-06-08 00:33:44 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-08 00:33:38 0 -rahs---- C:\MSDOS.SYS
2008-06-08 00:33:38 0 -rahs---- C:\IO.SYS
2008-06-08 00:33:38 0 --a------ C:\CONFIG.SYS
2008-06-08 00:33:38 0 --a------ C:\AUTOEXEC.BAT
2008-06-08 00:33:02 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-08 00:32:55 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-08 00:32:55 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-08 00:32:36 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-08 00:32:01 0 d---s---- C:\WINDOWS\Tasks
2008-06-08 00:31:59 0 d-------- C:\Program\Delade filer\MSSoap
2008-06-08 00:31:56 0 d-------- C:\WINDOWS\srchasst
2008-06-08 00:31:55 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-08 00:31:54 0 d-------- C:\Program\Movie Maker
2008-06-08 00:31:51 0 d-------- C:\WINDOWS\system32\Restore
2008-06-08 00:31:51 0 d-------- C:\WINDOWS\PCHealth
2008-06-08 00:31:26 21700 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-08 00:31:24 0 d-------- C:\WINDOWS\Registration
2008-06-08 00:31:22 0 d--h----- C:\Program\WindowsUpdate
2008-06-08 00:31:20 0 d-------- C:\Program\Messenger
2008-06-08 00:31:16 0 d-------- C:\Program\MSN Gaming Zone
2008-06-08 00:30:48 0 d-------- C:\Program\Windows NT
2008-06-08 00:30:46 40960 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Operativsystemet Microsoft® Windows®>
2008-06-08 00:30:46 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-08 00:30:45 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-06-08 02:17:01 62 --ahs---- C:\Documents and Settings\Administratör\Application Data\desktop.ini
2008-06-08 01:30:52 315006 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-06-08 01:30:52 47784 --a------ C:\WINDOWS\system32\perfc01D.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut "= "HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan "= "SOUNDMAN.EXE" [2006-07-21 16:14 C:\WINDOWS\SoundMan.exe]
"AlcWzrd "= "ALCWZRD.EXE" [2006-05-04 16:26 C:\WINDOWS\alcwzrd.exe]
"Alcmtr "= "ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2008-06-08 01:55:03 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: Swedish

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 1023.23 MiB / 837.59 MiB
Pagefile Memory (total/avail): 2461.95 MiB / 2388.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.77 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 48.83 GiB total, 44.55 GiB free.
D: is Fixed (NTFS) - 465.76 GiB total, 16.42 GiB free.
E: is Fixed (NTFS) - 279.47 GiB total, 13.34 GiB free.
F: is Fixed (NTFS) - 149.05 GiB total, 67.36 GiB free.
G: is Fixed (NTFS) - 184.05 GiB total, 105.77 GiB free.
H: is CDROM (CDFS)
I: is Fixed (FAT32) - 74.51 GiB total, 16.88 GiB free.

\\.\PHYSICALDRIVE3 - Maxtor 6L300S0 - 279.47 GiB - 1 partition
\PARTITION0 - Installerbart filsystem - 279.47 GiB - E:

\\.\PHYSICALDRIVE0 - SAMSUNG HD160JJ - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installerbart filsystem - 149.05 GiB - F:

\\.\PHYSICALDRIVE2 - ST3500320AS - 465.76 GiB - 1 partition
\PARTITION0 - Installerbart filsystem - 465.76 GiB - D:

\\.\PHYSICALDRIVE1 - WDC WD2500JS-60NCB1 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installerbart filsystem - 48.83 GiB - C:
\PARTITION1 - Utökat med XInt 13 - 184.05 GiB - G:

\\.\PHYSICALDRIVE4 - WDC WD80 0UE-22HCT0 USB Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 74.53 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administratâ€r\Application Data
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=DRAGO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administratâ€r
LOGONSERVER=\\DRAGO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp
USERDOMAIN=DRAGO
USERNAME=Administratâ€r
USERPROFILE=C:\Documents and Settings\Administratâ€r
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dr. Drago (admin)
Administratör (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
CCleaner (remove only) --> "C:\Program\CCleaner\uninst.exe "
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe "
HijackThis 2.0.2 --> "C:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Realtek High Definition Audio Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x1d -removeonly
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "


-- Application Event Log -------------------------------------------------------

Event Record #/Type53 / Warning
Event Submitted/Written: 06/08/2008 01:28:37 AM
Event ID/Source: 5603 / WinMgmt
Event Description:
En provider, Rsop Planning Mode Provider, har registrerats i WMI-namnområdet, root\RSOP, men angav inte egenskapen HostingModel. Providern kommer att köras under kontot LocalSystem. Detta konto har höga privilegier och providern kan orsaka säkerhetsproblem om den inte personifierar begäranden från användare korrekt. Kontrollera att providern har testats så att den inte har några säkerhetshål och uppdatera egenskapen HostingModel så att ett konto med så låga privilegier som är praktiskt möjligt används.

Event Record #/Type52 / Warning
Event Submitted/Written: 06/08/2008 01:28:37 AM
Event ID/Source: 5603 / WinMgmt
Event Description:
En provider, Rsop Planning Mode Provider, har registrerats i WMI-namnområdet, root\RSOP, men angav inte egenskapen HostingModel. Providern kommer att köras under kontot LocalSystem. Detta konto har höga privilegier och providern kan orsaka säkerhetsproblem om den inte personifierar begäranden från användare korrekt. Kontrollera att providern har testats så att den inte har några säkerhetshål och uppdatera egenskapen HostingModel så att ett konto med så låga privilegier som är praktiskt möjligt används.

Event Record #/Type30 / Warning
Event Submitted/Written: 06/08/2008 01:13:17 AM
Event ID/Source: 63 / WinMgmt
Event Description:
En provider, HiPerfCooker_v1, har registrerats i WMI-namnområdet Root\WMI för att använda kontot Lokalt system. Detta konto har privilegier och providern kan därför orsaka en säkerhetsöverskridning om den inte personifierar användarbegäranden korrekt.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3193 / Error
Event Submitted/Written: 06/08/2008 00:41:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 0, funktion 1.
Kontakta återförsäljaren för teknisk support.

Event Record #/Type3192 / Error
Event Submitted/Written: 06/08/2008 00:41:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 0, funktion 1.
Kontakta återförsäljaren för teknisk support.

Event Record #/Type3191 / Error
Event Submitted/Written: 06/08/2008 00:41:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 0, funktion 1.
Kontakta återförsäljaren för teknisk support.

Event Record #/Type3190 / Error
Event Submitted/Written: 06/08/2008 00:41:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 0, funktion 1.
Kontakta återförsäljaren för teknisk support.

Event Record #/Type3189 / Error
Event Submitted/Written: 06/08/2008 00:41:25 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS har inte någon IRQ för enheten i PCI-fack 0, funktion 1.
Kontakta återförsäljaren för teknisk support.



-- End of Deckard's System Scanner: finished at 2008-06-08 01:55:03 ------------

Tasklist.txt


Avbildningsnamn PID Tj„nster
========================= ====== =============================================
System Idle Process 0 Saknas
System 4 Saknas
smss.exe 524 Saknas
csrss.exe 592 Saknas
winlogon.exe 616 Saknas
services.exe 660 Eventlog, PlugPlay
lsass.exe 672 Saknas
svchost.exe 832 DcomLaunch, TermService
svchost.exe 904 RpcSs
svchost.exe 1052 Browser, CryptSvc, Dhcp, dmserver, helpsvc,
lanmanserver, lanmanworkstation, Netman,
SharedAccess, srservice, winmgmt, WZCSVC
svchost.exe 1064 Dnscache
svchost.exe 1204 LmHosts
explorer.exe 1864 Saknas
iexplore.exe 384 Saknas
cmd.exe 588 Saknas
cmd.exe 584 Saknas
tasklist.exe 480 Saknas
wmiprvse.exe 1528 Saknas

 

If below is correct then do you have a real Administrator account also.

USERNAME=Administrat”r
USERPROFILE=C:\Documents and Settings\Administrat”r

Sorry Drago anything you did in the prior post I have never heard if causing a problem at all.

This is not good to have a clean install do the sane thing. This means it is likely hardware or BIOS.

Do the DSS an HJT in normal not safe mode and post back.

Also do the below seperately.

To see what svchost is running hidden from you copy the text between the lines but not the lines.

----------------------------------------------------------
%SystemRoot%\system32\cmd.exe /c %windir%\system32\tasklist.exe /svc >> "%USERPROFILE% "\Desktop\Tasklist.txt
----------------------------------------------------------

then
Start-Run
type cmd
hit enter or click OK

rt click in the open cmd screen and rt then paste
hit enter twice
close cmd prompt

Now there is a new icon on the desktop Tasklist.txt. Post it back to this thread.

This will show what each svchost is running.

Mike

 

1 thing i forgot to mention that is that in normal mode it is the second core that is at 30-40% but in safemode networking it is the first


Deckard's System Scanner v20071014.68
Run by Dr. Drago on 2008-06-08 11:41:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dr. Drago.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:34, on 2008-06-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
E:\Installer\Programm\dss.exe
C:\Program\TRENDM~1\HIJACK~1\Dr. Drago.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

--
End of file - 1460 bytes

-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 02:17:21 0 d-------- C:\Program\Delade filer\ODBC
2008-06-08 02:17:18 0 dr------- C:\Program
2008-06-08 02:17:18 0 d-------- C:\Program\Delade filer
2008-06-08 02:17:18 0 d-------- C:\Program\Delade filer\SpeechEngines
2008-06-08 02:17:01 0 dr------- C:\Documents and Settings\Default User\Start-meny
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\Default User\Skrivbord
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\Default User\Skrivare
2008-06-08 02:17:01 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\Default User\Nätverket
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\Default User\Mina dokument
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\Default User\Mallar
2008-06-08 02:17:01 0 dr-h----- C:\Documents and Settings\Default User\Lokala inställningar
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\Default User\Favoriter
2008-06-08 02:17:01 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-08 02:17:01 0 dr------- C:\Documents and Settings\All Users\Start-meny
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\All Users\Skrivbord
2008-06-08 02:17:01 0 d--h----- C:\Documents and Settings\All Users\Mallar
2008-06-08 02:17:01 0 d-------- C:\Documents and Settings\All Users\Favoriter
2008-06-08 02:17:01 0 dr------- C:\Documents and Settings\All Users\Dokument
2008-06-08 02:16:23 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-08 02:16:23 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-08 02:16:18 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-08 02:16:18 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-08 02:16:18 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-08 02:16:18 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-08 02:16:06 0 d-------- C:\Documents and Settings
2008-06-08 02:12:13 0 d-------- C:\WINDOWS
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\WinSxS
2008-06-08 02:12:13 0 dr------- C:\WINDOWS\Web
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\twain_32
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\wins
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\wbem
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\usmt
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\spool
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\Setup
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\ras
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\oobe
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\npp
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\mui
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\IME
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\ias
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\export
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\drivers
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-08 02:12:13 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\config
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\3076
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\2052
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1054
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1053
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1042
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1041
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1037
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1033
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1031
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1028
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system32\1025
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\system
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\security
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Resources
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\repair
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\mui
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\msapps
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\msagent
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Media
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\java
2008-06-08 02:12:13 0 d--h----- C:\WINDOWS\inf
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\ime
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Help
2008-06-08 02:12:13 0 dr--s---- C:\WINDOWS\Fonts
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Driver Cache
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Debug
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Cursors
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\Config
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\AppPatch
2008-06-08 02:12:13 0 d-------- C:\WINDOWS\addins
2008-06-08 01:57:32 0 d-------- C:\WINDOWS\pss
2008-06-08 01:48:54 0 dr-h----- C:\Documents and Settings\Administratör\Recent
2008-06-08 01:44:39 0 dr------- C:\Documents and Settings\Administratör\Start-meny
2008-06-08 01:44:39 0 d-------- C:\Documents and Settings\Administratör\Skrivbord
2008-06-08 01:44:39 0 d--h----- C:\Documents and Settings\Administratör\Skrivare
2008-06-08 01:44:39 0 dr-h----- C:\Documents and Settings\Administratör\SendTo
2008-06-08 01:44:39 0 d--h----- C:\Documents and Settings\Administratör\Nätverket
2008-06-08 01:44:39 524288 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT
2008-06-08 01:44:39 0 d-------- C:\Documents and Settings\Administratör\Mina dokument
2008-06-08 01:44:39 0 d--h----- C:\Documents and Settings\Administratör\Mallar
2008-06-08 01:44:39 0 d--h----- C:\Documents and Settings\Administratör\Lokala inställningar
2008-06-08 01:44:39 0 d-------- C:\Documents and Settings\Administratör\Favoriter
2008-06-08 01:44:39 0 d---s---- C:\Documents and Settings\Administratör\Cookies
2008-06-08 01:44:39 0 dr-h----- C:\Documents and Settings\Administratör\Application Data
2008-06-08 01:44:39 0 d---s---- C:\Documents and Settings\Administratör\Application Data\Microsoft
2008-06-08 01:43:16 0 d-------- C:\WINDOWS\CSC
2008-06-08 01:39:12 0 d-------- C:\Program\Trend Micro
2008-06-08 01:38:53 0 d-------- C:\Program\CCleaner
2008-06-08 01:25:16 0 d-------- C:\Documents and Settings\LocalService\Start-meny
2008-06-08 01:19:09 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-08 01:18:21 0 d-------- C:\WINDOWS\Prefetch
2008-06-08 01:12:51 0 d-------- C:\WINDOWS\system32\sv-se
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\system32\sv
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\system32\bits
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\provisioning
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\peernet
2008-06-08 01:12:50 0 d-------- C:\WINDOWS\l2schemas
2008-06-08 01:11:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-08 01:09:44 0 d-------- C:\WINDOWS\network diagnostic
2008-06-08 01:07:44 0 d-------- C:\WINDOWS\EHome
2008-06-08 00:58:39 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-08 00:57:40 223104 -ra------ C:\WINDOWS\system32\drivers\yk51x86.sys <Not Verified; Marvell; Marvell Yukon Ethernet Controller>
2008-06-08 00:54:46 0 d-------- C:\WINDOWS\system32\Lang
2008-06-08 00:41:53 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-08 00:41:51 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-08 00:41:48 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-08 00:41:14 0 d-------- C:\Program\Realtek
2008-06-08 00:41:14 0 d--h----- C:\Program\InstallShield Installation Information
2008-06-08 00:41:08 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-08 00:41:08 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-08 00:41:05 0 d-------- C:\Program\Delade filer\InstallShield
2008-06-08 00:37:07 0 d--hs---- C:\WINDOWS\Installer
2008-06-08 00:37:05 0 d-------- C:\Documents and Settings\Dr. Drago\Application Data\Identities
2008-06-08 00:36:53 0 dr------- C:\Documents and Settings\Dr. Drago\Start-meny
2008-06-08 00:36:53 0 d-------- C:\Documents and Settings\Dr. Drago\Skrivbord
2008-06-08 00:36:53 0 d--h----- C:\Documents and Settings\Dr. Drago\Skrivare
2008-06-08 00:36:53 0 dr-h----- C:\Documents and Settings\Dr. Drago\SendTo
2008-06-08 00:36:53 0 dr-h----- C:\Documents and Settings\Dr. Drago\Recent
2008-06-08 00:36:53 0 d--h----- C:\Documents and Settings\Dr. Drago\Nätverket
2008-06-08 00:36:53 786432 --ah----- C:\Documents and Settings\Dr. Drago\NTUSER.DAT
2008-06-08 00:36:53 0 dr------- C:\Documents and Settings\Dr. Drago\Mina dokument
2008-06-08 00:36:53 0 d--h----- C:\Documents and Settings\Dr. Drago\Mallar
2008-06-08 00:36:53 0 d--h----- C:\Documents and Settings\Dr. Drago\Lokala inställningar
2008-06-08 00:36:53 0 dr------- C:\Documents and Settings\Dr. Drago\Favoriter
2008-06-08 00:36:53 0 d---s---- C:\Documents and Settings\Dr. Drago\Cookies
2008-06-08 00:36:53 0 dr-h----- C:\Documents and Settings\Dr. Drago\Application Data
2008-06-08 00:36:25 0 d--hs---- C:\System Volume Information
2008-06-08 00:36:24 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-08 00:36:24 0 d--h----- C:\Documents and Settings\NetworkService\Lokala inställningar
2008-06-08 00:36:24 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-08 00:36:24 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-08 00:36:24 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-08 00:36:24 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-08 00:36:24 0 d--h----- C:\Documents and Settings\LocalService\Lokala inställningar
2008-06-08 00:36:24 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-06-08 00:36:24 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-08 00:36:24 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-08 00:33:53 0 d-------- C:\WINDOWS\system32\xircom
2008-06-08 00:33:53 0 d-------- C:\Program\microsoft frontpage
2008-06-08 00:33:44 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-08 00:33:38 0 -rahs---- C:\MSDOS.SYS
2008-06-08 00:33:38 0 -rahs---- C:\IO.SYS
2008-06-08 00:33:38 0 --a------ C:\CONFIG.SYS
2008-06-08 00:33:38 0 --a------ C:\AUTOEXEC.BAT
2008-06-08 00:33:02 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-08 00:32:55 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-08 00:32:55 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-08 00:32:36 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-08 00:32:01 0 d---s---- C:\WINDOWS\Tasks
2008-06-08 00:31:59 0 d-------- C:\Program\Delade filer\MSSoap
2008-06-08 00:31:56 0 d-------- C:\WINDOWS\srchasst
2008-06-08 00:31:55 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-08 00:31:54 0 d-------- C:\Program\Movie Maker
2008-06-08 00:31:51 0 d-------- C:\WINDOWS\system32\Restore
2008-06-08 00:31:51 0 d-------- C:\WINDOWS\PCHealth
2008-06-08 00:31:26 21700 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-08 00:31:24 0 d-------- C:\WINDOWS\Registration
2008-06-08 00:31:22 0 d--h----- C:\Program\WindowsUpdate
2008-06-08 00:31:20 0 d-------- C:\Program\Messenger
2008-06-08 00:31:16 0 d-------- C:\Program\MSN Gaming Zone
2008-06-08 00:30:48 0 d-------- C:\Program\Windows NT
2008-06-08 00:30:46 40960 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Operativsystemet Microsoft® Windows®>
2008-06-08 00:30:46 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-08 00:30:45 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-06-08 02:17:01 62 --ahs---- C:\Documents and Settings\Dr. Drago\Application Data\desktop.ini
2008-06-08 01:30:52 315006 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-06-08 01:30:52 47784 --a------ C:\WINDOWS\system32\perfc01D.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut "= "HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan "= "SOUNDMAN.EXE" [2006-07-21 16:14 C:\WINDOWS\SoundMan.exe]
"AlcWzrd "= "ALCWZRD.EXE" [2006-05-04 16:26 C:\WINDOWS\alcwzrd.exe]
"Alcmtr "= "ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebClient "=2 (0x2)
"upnphost "=3 (0x3)
"UPS "=3 (0x3)
"RemoteRegistry "=2 (0x2)
"RSVP "=3 (0x3)
"mnmsrvc "=3 (0x3)
"Netlogon "=3 (0x3)
"CiSvc "=3 (0x3)
"PolicyAgent "=2 (0x2)
"FastUserSwitchingCompatibility "=3 (0x3)
"Dnscache "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42379571-34ef-11dd-ab48-806d6172696f}]
AutoRun\command- H:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2008-06-08 11:45:42 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:32, on 2008-06-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

--
End of file - 1402 bytes

 

Avbildningsnamn PID Tj„nster
========================= ====== =============================================
System Idle Process 0 Saknas
System 4 Saknas
smss.exe 600 Saknas
csrss.exe 676 Saknas
winlogon.exe 700 Saknas
services.exe 744 Eventlog, PlugPlay
lsass.exe 756 ProtectedStorage, SamSs
svchost.exe 936 DcomLaunch, TermService
svchost.exe 1004 RpcSs
svchost.exe 1096 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem, helpsvc, HidServ,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv, WZCSVC
svchost.exe 1260 LmHosts, SSDPSRV
spoolsv.exe 1352 Spooler
alg.exe 1748 ALG
wscntfy.exe 420 Saknas
explorer.exe 444 Saknas
SoundMan.exe 1048 Saknas
alcwzrd.exe 1056 Saknas
cmd.exe 1068 Saknas
iexplore.exe 848 Saknas
cmd.exe 328 Saknas
tasklist.exe 1708 Saknas
wmiprvse.exe 412 Saknas

 

Good morning Drago

At least from here 10:45 am EST.

OK the DSS and HJT look clean as it should be on a clean install.

The Tasklist is also clean.

OK lets update the Intel Chipset.

Go here Download and install. http://www.majorgeeks.com/download1667.html

Reboot retest.

Report back.

If problem still exists get me the name of your computer mfg so I can visit their web site.

For detailed system info on all of your computer

Download install and run SIW
http://majorgeeks.com/SIW_System_Info_d4387.html

Once it has run go to the top File-Create Report file CHose HTML accept default name click OK. Give it a couple of minutes to complete.

Once it completes browse the the SIW folder in Program Files and click the HTML file it will open in IE to view it.

This file is huge it is too big to attach or to post over multilple posts would require 15 or 20 posts.

So click my name on the left of this post and send it to me by email. Zip up if you can.


Mike

 

Hi Drag

Go here D/L Process explorer

http://download.sysinternals.com/Files/ProcessExplorer.zip

Unzip to a folder and run.

Once running click the CPU tab at the top until System Idle process stays at the top.

Now look for the processes around it that are consuming CPU Cycles.

You want "System idle process" to have a high number. A System idle process 98% is good.

Now on all other lower is better so look for what procees is high all the time.

The processes should add up to 100%. So if you have System idle process of 75% then the running programs are using 25%.

Let me know what process pr processes seem to stay high!

Mike

EDIT: especially look for programs that jump to the top over System idle process!

 

See my edit at bottom of post #30.

Mike

 

I hawe uninstalled SP3 now and is running SP1 and there is no problem then and i'm going to uppgrade my coputer in the end of the munth and getting vista.
So i just hawe to tank you agen for all the help. Sorry to hawe taken up so much off your time.

 

You are very welcome Drago.

Mike