75 replies to this topic

[Jacee]

Did you reboot? If you did, I'd like you to run a free diagnostic test. located here:
http://www.pcpitstop.com/betapit/

Sign up with your email account and a password of your choice. Click on the full scan, download the active X , then click 'let's go' (after active X has been downloaded)
When the test is done, copy and paste the results link (in the address bar) back here.

[Angel2121]

Indeed I did reboot. Here's a link to the PC Pitstop results:

http://www.pcpitstop...?conid=23360595

[Jacee]

Every one of those red X's need to be attended to. Just click on the item and follow the instructions. Don't worry about the drivers just yet.

First, Let's clean up your Hosts file and flush your DNS cache:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the .bat file to run it.

next,
Download ATF cleaner http://www.atribune.org/
Click "Main" > check 'select all' (Except "Prefetch") this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.

Now,
Download Auslogics Disk Defrag and run it:
http://www.auslogics...re/disk-defrag/

Reboot, and tell me how your computer is behaving.

[Angel2121]

Okay, I have done all of that. Thanks! My computer is still being slow and still works only in Safe Mode. If I allow the computer to start up normally, everything loads up but then if I try to open up a program nothing really works. Task Manager says that my CPU usage is 100%, and svchost.exe still produces quite a bit of that percentage. I attempted to do Startup Repair, and that still doesn't work. It gives me the same error message that I summarized earlier in this thread. So, all in all, the computer is still behaving the same way. Oh, oops, I just realized that I forgot to follow the instructions on the red X's. I'll do that.

Edited by Angel2121, 28 February 2010 - 05:01 PM.

[Jacee]

After you follow instructions regarding the red x's, download Process Explorer. And let's take a look a which svchost.exe is causing the 100% CPU usage.
http://technet.micro...s/bb896653.aspx

[Angel2121]

I think that I took care of the red x's for the most part, although my computer keeps stalling when it tries to install Windows Service Pack 2. I guess I'll do that whenever my computer gets back to normal. Here's the info. from the svchost.exe that is causing the high CPU usage: svchost.exe 964 98.46 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe

Edited by Angel2121, 28 February 2010 - 06:55 PM.

[Jacee]

The problem may be caused by µTorrent ... please uninstall that program.

In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools.... as a tremendous amount of prospective victims can be reached through it!

It is pretty much certain that if you continue to use P2P programs, then you will get infected again.

[Angel2121]

Okay, I uninstalled the torrent thing. However, I don't think that it could be causing the problem. I only downloaded it whenever I was instructed to make the recovery disk because it was part of the instructions for doing so. So, I had the slowness problem before I even downloaded it. Earlier, I did delete a different P2P thing I had on my computer, and then I still had the problem. Right now, the same svchost.exe file is still taking up a lot of the CPU usage. Is there something else that could be causing the problem? Edit: I just ran the process explorer again, and now the svchost.exe file that's taking up CPU usage is different: svchost.exe 976 98.46 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe

Edited by Angel2121, 28 February 2010 - 07:58 PM.

[Jacee]

I'm at a loss ...
is your computer over heating?
Have you checked the memory?
Do you have more programs running in the back ground that you could start manually, instead of at start up?

Run the script "WhoamI" here and post it back for me
http://spyware-free..../02/whoami.html

[Angel2121]

Hmm. How do you check the memory? I do think the computer is sometimes overheating, yes. There are probably some programs I could start manually, but those programs don't automatically start at startup when the computer is in safe mode, and I have only been able to operate in safe mode for the past two weeks+, therefore I don't think that's causing the problem. The WhoamI results: WhoAmI by wng_z3r0 3/1/2010 12:23 AM ****************** Operating system: Microsoft® Windows Vista™ Home Basic Ram: 1978 mb Accounts on this computer: Administrator Angela M ASPNET Backup Guest Current User: Angela M User is an admin UAC is enabled ****************** System Privileges: SeIncreaseQuotaPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeSystemProfilePrivilege SeSystemtimePrivilege SeProfileSingleProcessPrivilege SeIncreaseBasePriorityPrivilege SeCreatePagefilePrivilege SeBackupPrivilege SeRestorePrivilege SeShutdownPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeChangeNotifyPrivilege SeRemoteShutdownPrivilege SeUndockPrivilege SeManageVolumePrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SeIncreaseWorkingSetPrivilege SeTimeZonePrivilege SeCreateSymbolicLinkPrivilege End of file

[arTech]

Hi Angel2121, Jacee

If I may step in here for a bit.
I’ll be honest, didn’t read detailed last Posts, but I’m switched on when saw CPU usage is 100%.

Think that the Process Explorer is nice tool which can help us to find culprit for a lot of the CPU usage.

Please do following:

Run Process Explorer

When notice CPU spike – high % , double-click on the svchost.exe (or other process of interest), than switch to the Threads page.

Here is detailed list of the threads running in the selected process. Click on the CSwitch Delta. Select thread with the highest value (usually on top).

Press the Module button to launch Explorer's file properties dialog box for the image file that contains the start address of the currently selected thread.

Press the Stack button to see the current stack of the selected thread (hold down CTRL+SHIFT, and press END. Click the Copy button, and paste the results).

Please repeat that a few times.

Tell us what you found.

Edited by arTech, 01 March 2010 - 12:32 PM.

[Angel2121]

Okay. I hope I did this right. The one with the highest usage was always TID 1336. I clicked on module, and this is what it said: cryptsvc.dll First stack: ESENT.dll!JetEscrowUpdate+0x7cf4 ESENT.dll!JetSetSystemParameterA+0x1488 ESENT.dll!JetCreateIndex2A+0x3012 ESENT.dll!JetSetSystemParameterA+0xb17 ESENT.dll!JetDelete+0xd40 ESENT.dll!JetDelete+0x93f ESENT.dll!JetCreateIndex2A+0x3802 ESENT.dll!JetMove+0x18e ESENT.dll!JetMove+0x9b cryptsvc.dll+0x360f cryptsvc.dll+0x34ca cryptsvc.dll+0x3391 cryptsvc.dll+0x3224 cryptsvc.dll+0x2f3a kernel32.dll!BaseThreadInitThunk+0x12 ntdll.dll!RtlInitializeExceptionChain+0x63 ntdll.dll!RtlInitializeExceptionChain+0x36 Occasionally, for a brief second, a second 1336 would pop up under the first 1336, and they'd both have high CPU usages. One of the second 1336 stacks: cryptsvc.dll+0x1470 cryptsvc.dll+0x1449 cryptsvc.dll+0x305b cryptsvc.dll+0x3640 cryptsvc.dll+0x34ca cryptsvc.dll+0x3391 cryptsvc.dll+0x3224 cryptsvc.dll+0x2f3a kernel32.dll!BaseThreadInitThunk+0x12 ntdll.dll!RtlInitializeExceptionChain+0x63 ntdll.dll!RtlInitializeExceptionChain+0x36 Another stack from the first: ntdll.dll!RtlInitUnicodeStringEx+0xf1 ntdll.dll!RtlDetermineDosPathNameType_U+0xf7 ntdll.dll!RtlInitUnicodeStringEx+0x297 ntdll.dll!RtlInitUnicodeStringEx+0x402 ntdll.dll!RtlDosPathNameToNtPathName_U+0x18 kernel32.dll!GetFileAttributesW+0x1a cryptsvc.dll+0x3655 cryptsvc.dll+0x34ca cryptsvc.dll+0x3391 cryptsvc.dll+0x3224 cryptsvc.dll+0x2f3a kernel32.dll!BaseThreadInitThunk+0x12 ntdll.dll!RtlInitializeExceptionChain+0x63 ntdll.dll!RtlInitializeExceptionChain+0x36 Another from when a second 1336 popped up: ESENT.dll!JetUpdate+0x501d ESENT.dll!JetCommitTransaction+0xcfa ESENT.dll!JetCommitTransaction+0xc01 ESENT.dll!JetRollback+0xaea3 ESENT.dll!JetCreateIndex2A+0x3012 ESENT.dll!JetSetSystemParameterA+0xb17 ESENT.dll!JetDelete+0xd40 ESENT.dll!JetDelete+0x93f ESENT.dll!JetCreateIndex2A+0x3802 ESENT.dll!JetMove+0x18e ESENT.dll!JetMove+0x9b cryptsvc.dll+0x360f cryptsvc.dll+0x34ca cryptsvc.dll+0x3391 cryptsvc.dll+0x3224 cryptsvc.dll+0x2f3a kernel32.dll!BaseThreadInitThunk+0x12 ntdll.dll!RtlInitializeExceptionChain+0x63 ntdll.dll!RtlInitializeExceptionChain+0x36 Another from the first: ESENT.dll!JetRetrieveColumn+0x176 ESENT.dll!JetRetrieveColumn+0xab cryptsvc.dll+0x328c cryptsvc.dll+0x3626 cryptsvc.dll+0x34ca cryptsvc.dll+0x3391 cryptsvc.dll+0x3224 cryptsvc.dll+0x2f3a kernel32.dll!BaseThreadInitThunk+0x12 ntdll.dll!RtlInitializeExceptionChain+0x63 ntdll.dll!RtlInitializeExceptionChain+0x36 Wait . . . I suddenly got confused and am not sure if the last two are in the right order, but they both did come up with stock at some point. Another stack: ntdll.dll!RtlDetermineDosPathNameType_U+0x2cf ntdll.dll!RtlInitUnicodeStringEx+0x297 ntdll.dll!RtlInitUnicodeStringEx+0x402 ntdll.dll!RtlDosPathNameToNtPathName_U+0x18 kernel32.dll!GetFileAttributesW+0x1a cryptsvc.dll+0x3655 cryptsvc.dll+0x34ca cryptsvc.dll+0x3391 cryptsvc.dll+0x3224 cryptsvc.dll+0x2f3a kernel32.dll!BaseThreadInitThunk+0x12 ntdll.dll!RtlInitializeExceptionChain+0x63 ntdll.dll!RtlInitializeExceptionChain+0x36

Edited by Angel2121, 01 March 2010 - 12:41 PM.

[arTech]

Turn off Automatic Updates.

[Jacee]

Whose accounts are these.....

Accounts on this computer:
Administrator
Angela
M <---------
ASPNET<--------
Backup
Guest

[Angel2121]

Jacee--I think the M is supposed to be part of "Angela M," which is an account on my computer. I don't know anything about the ASPNET account. I didn't put it there nor do I know how it got there. Is that something I should try to delete? Also, it is not an option for me to log into when I turn on my computer and it lists the users I can log in under. arTech--Is there a way that I can turn off automatic updates in Safe Mode? I can't figure it out if there is one. I tried to do it in normal mode, but my computer doesn't work long enough in normal mode for me to do that.

Edited by Angel2121, 01 March 2010 - 02:19 PM.