Windows 8 and 8.1 Forums


processes taking up to 90% of disk, switch to max out help

  1. #1


    Posts : 2
    windows 8.1

    processes taking up to 90% of disk, switch to max out help


    alright so my computer has been running slow. my desktop has had small things messed with and ive been logged out of sites i never log out of. ive run mutiple scans (avast, avg, malewarebytes, and microsoft safety scanner) all of these turned up nothing. i also defraged and cleaned my C drive. on task manager system (NT kernal and system) seems to be taking up to 90% of my disk, is also lowers and swaps out usage with other programs like my killer network manager that goes from 10-50% depending on what system is at always maxing it out to 100% all of the scans ive down turned up nothing but tracking cookies that AVG says were healed but its still doing this. after hours of scans and work i ran one more AVG scan and it says i have 2 hidden driver rootkits witch i suspected it was a rootkit. it gives me a option to remove all and it said they were sucessfuly healed but my laptop is still running the high disk usage. i ran a Gmer scan and it tells me at the end that it cant access C:windows/system32/config/system because its already being used by another program then tells me the scan was succesful and says there is a "unknown MBR code. i dont know if that means it couldnt find anything or it couldnt acess what it needed to so it doesnt know? the rootkit is in c:/windows/system32/drivers/aswStm.sys. im running another malware bytes scan now to confirm but i doubt anything will turn up. any advice or help would be much appreciated. thank you in advance.
    Last edited by swashbucklingot; 11 Feb 2016 at 21:07.

      My System SpecsSystem Spec

  2. #2


    can you Restart the computer holding the Shift key? and if so.. select safe mode and run scans there..

    include a scan from hitman pro but run the "trial" and "one time only" just really read what you are clicking.. it's pretty easy..

    HitmanPro 3 - SurfRight


    here is safe mode..


    hold shift while restarting..


    otherwise, (god.. not again...) get team-viewer, and tell me when you are online and lets do this together....

    It may end with a reformat though.. Once you are breached, it's not smart to continue with that widows.. but most people don't care..




    5 Ways To Boot Into Safe Mode In Windows 8.1



    just let me know when you will be online..
    Last edited by derekimo; 13 Feb 2016 at 00:07. Reason: Cleaned up.
      My System SpecsSystem Spec

  3. #3


    Posts : 2
    windows 8.1


    hi. thanks for the response. i havent run hitman pro and i feel a bit uncomfortable using teamviewer. but for the last hour ive been running scans in safe mode. to update you on what ive done i used the remove option on my AVG scan to "remove" the rootkits. i had 2. it no longer detects them when i scan but it does still detect tracing cookies witch it was doing before. i ran a AVG scan and a Gmer scan in safe mode but because im an idiot the Gmer scan results i copied into a text file didnt make it through the restart because i forgot to save it... anyway this is the safe mode AVG scan. ive seen a lot of threads looking for Gmer results so thats why im posting them. i gotta go for a bit so ill check to see if you responded.


    AVG AntiVirus command line scanner
    Copyright (c) 1992 - 2016 AVG Technologies
    Program version 2016.0.7442, engine 2016.0.4522
    Virus Database: Version 4522/11613 2016-02-12
    C:\Documents and Settings\ Locked file. Not scanned. is OK.
    C:\hiberfil.sys Locked file. Not scanned. is OK.
    C:\pagefile.sys Locked file. Not scanned. is OK.
    C:\ProgramData\Desktop\ Locked file. Not scanned. is OK.
    C:\ProgramData\Documents\ Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\62ff6d7c3bd1b209970ce4f09ba8e995_e5bd8955-c590-4fa8-918b-3f120bbc9aa7 Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d49f8cd45d748509ca7e8bbc99f7f0ed_e5bd8955-c590-4fa8-918b-3f120bbc9aa7 Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f91eb4741d6ade428438d4a47d8f5106_e5bd8955-c590-4fa8-918b-3f120bbc9aa7 Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Diagnosis\events00.rbs Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Diagnosis\events01.rbs Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Diagnosis\events10.rbs Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Diagnosis\events11.rbs Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Diagnosis\users.dat Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Windows\LocationProvider\ Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Windows\SystemData\ Locked file. Not scanned. is OK.
    C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin Locked file. Not scanned. is OK.
    C:\ProgramData\Templates\ Locked file. Not scanned. is OK.
    C:\swapfile.sys Locked file. Not scanned. is OK.
    C:\System Volume Information\ Locked file. Not scanned. is OK.
    C:\Users\Default\AppData\Local\History\ Locked file. Not scanned. is OK.
    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\ Locked file. Not scanned. is OK.
    C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not scanned. is OK.
    C:\Users\Default\Cookies\ Locked file. Not scanned. is OK.
    C:\Users\Default\Documents\My Music\ Locked file. Not scanned. is OK.
    C:\Users\Default\Documents\My Pictures\ Locked file. Not scanned. is OK.
    C:\Users\Default\Documents\My Videos\ Locked file. Not scanned. is OK.
    C:\Users\Default\NetHood\ Locked file. Not scanned. is OK.
    C:\Users\Default\PrintHood\ Locked file. Not scanned. is OK.
    C:\Users\Default\Recent\ Locked file. Not scanned. is OK.
    C:\Users\Default\Templates\ Locked file. Not scanned. is OK.
    C:\Users\Public\Documents\My Music\ Locked file. Not scanned. is OK.
    C:\Users\Public\Documents\My Pictures\ Locked file. Not scanned. is OK.
    C:\Users\Public\Documents\My Videos\ Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Avg\av16\temp\avg-08364842-554e-4f4b-b343-515d52097f1f.tmp Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\History\ Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5\ Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Microsoft\Windows\WebCache\V01.log Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat Locked file. Not scanned. is OK.
    C:\Users\nameless\AppData\Local\Microsoft\Windows\WebCacheLock.dat Locked file. Not scanned. is OK.
    C:\Users\nameless\Documents\My Music\ Locked file. Not scanned. is OK.
    C:\Users\nameless\Documents\My Pictures\ Locked file. Not scanned. is OK.
    C:\Users\nameless\Documents\My Videos\ Locked file. Not scanned. is OK.
    C:\Users\nameless\NetHood\ Locked file. Not scanned. is OK.
    C:\Users\nameless\NTUSER.DAT Locked file. Not scanned. is OK.


    this is the new Gmer scan results. i did a rootkit/malware scan and a autostart scan.

    GMER 2.1.19357 - GMER - Rootkit Detector and Remover
    Rootkit scan 2016-02-12 21:43:18
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003b HGST_HTS721010A9E630 rev.JB0OA3J0 931.51GB
    Running: gmer.exe; Driver: C:\Users\nameless\AppData\Local\Temp\uwrdypob.sys




    ---- Threads - GMER 2.1 ----


    Thread C:\Windows\system32\csrss.exe [1460:3808] fffff960008842d0
    ---- Processes - GMER 2.1 ----


    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [8416] 000000000fe90000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [8416] 0000000050380000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [8416] 0000000054fa0000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 000000000fe90000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000077cd0000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000077bb0000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000050380000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000054fa0000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 00000000500f0000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1033\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000055110000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000050050000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000054f50000
    Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [8112] 0000000054ef0000


    ---- Disk sectors - GMER 2.1 ----


    Disk \Device\Harddisk0\DR0 unknown MBR code


    ---- EOF - GMER 2.1 ----








    GMER 2.1.19357 - GMER - Rootkit Detector and Remover
    Autostart scan 2016-02-12 21:44:59
    Windows 6.2.9200


    Apple Mobile Device Service@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
    avgfws@ = "C:\Program Files (x86)\AVG\Av\avgfws.exe"
    AVGIDSAgent@ = "C:\Program Files (x86)\AVG\Av\avgidsagent.exe"
    avgsvc@ = "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe"
    avgwd@ = "C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe"
    Bluetooth Device Monitor@ = "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
    Bluetooth OBEX Service@ = "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
    Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
    ETDService@ = C:\Program Files\Elantech\ETDService.exe
    EvtEng@ = "C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
    GfExperienceService@ = "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
    gupdate@ = "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
    HiPatchService@ = C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    IAStorDataMgrSvc@ = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
    iBtSiva@ = C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
    igfxCUIService1.0.0.0@ = %SystemRoot%\system32\igfxCUIService.exe
    Intel(R) Capability Licensing Service Interface@ = "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
    Intel(R) ME Service@ = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
    jhi_service@ = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
    LMS@ = "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
    MBAMScheduler@ = "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
    MBAMService@ = "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
    Micro Star SCM@ = C:\Program Files (x86)\SCM\MSIService.exe
    MSI_SuperCharger@ = C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
    NvNetworkService@ = "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
    NvStreamSvc@ = "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
    nvsvc@ = "C:\Windows\system32\nvvsvc.exe"
    Qualcomm Atheros Killer Service V2@ = "C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe"
    RegSrvc@ = "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
    ZeroConfigService@ = "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"


    HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @RTHDVCPL"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    @NvBackend"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    @IAStorIcon"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    @ETDCtrl%ProgramFiles%\Elantech\ETDCtrl.exe /*file not found*/ = %ProgramFiles%\Elantech\ETDCtrl.exe /*file not found*/
    @SCMC:\Program Files (x86)\SCM\SCM.exe = C:\Program Files (x86)\SCM\SCM.exe
    @iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"


    HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
    @Steam"C:\Program Files (x86)\Steam\steam.exe" -silent = "C:\Program Files (x86)\Steam\steam.exe" -silent
    @Skype"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun


    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WebCheck =


    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe@DisableExceptionChainValidation = 3 /*file not found*/


    HKLM\Software\Classes\.hta@ = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*


    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
    @{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
    @{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/(null) =
    @{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Program Files\NVIDIA Corporation\Display\nvui.dll = C:\Program Files\NVIDIA Corporation\Display\nvui.dll
    @{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} /*NVIDIA Play On My TV Context Menu Extension*/%SystemRoot%\system32\nvshext.dll = %SystemRoot%\system32\nvshext.dll
    @{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} /*NvAppShExt extension*/C:\Windows\system32\nv3dappshext.dll = C:\Windows\system32\nv3dappshext.dll
    @{E97DEC16-A50D-49bb-AE24-CF682282E08D} /*OpenGLShExt extension*/C:\Windows\system32\nv3dappshext.dll = C:\Windows\system32\nv3dappshext.dll
    @{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} /*ELAN Control Panel*/%ProgramFiles%\Elantech\ETDMcpl.dll /*file not found*/ = %ProgramFiles%\Elantech\ETDMcpl.dll /*file not found*/
    @{9D843851-50AA-46EE-829A-784DEBA4716C} /*Bluetooth Property Page Extension*/C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll = C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll
    @{B8DA2B41-7468-4E82-B62C-CB4A0C9158FE} /*Bluetooth Context Menu Extension*/C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll = C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll
    @{0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} /*Bluetooth Send To Wizard*/C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll = C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll
    @{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/c:\Program Files\WinZip\wzshls64.dll = c:\Program Files\WinZip\wzshls64.dll
    @{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/c:\Program Files\WinZip\wzshls64.dll = c:\Program Files\WinZip\wzshls64.dll
    @{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/c:\Program Files\WinZip\wzshls64.dll = c:\Program Files\WinZip\wzshls64.dll
    @{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/c:\Program Files\WinZip\wzshls64.dll = c:\Program Files\WinZip\wzshls64.dll
    @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/(null) =
    @{B41DB860-64E4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
    @{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
    @{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG Shell Extension*/C:\Program Files (x86)\AVG\Av\avgsea.dll = C:\Program Files (x86)\AVG\Av\avgsea.dll
    @{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG Find Extension*/(null) =


    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
    AVG Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files (x86)\AVG\Av\avgsea.dll
    WinRAR@{B41DB860-64E4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    WinRAR32@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =
    WinZip@{E0D79304-84BE-11CE-9641-444553540000} = c:\Program Files\WinZip\wzshls64.dll


    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = c:\Program Files\WinZip\wzshls64.dll


    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ >>>
    igfxcui@{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =
    igfxDTCM@{9B5F5829-A529-4B12-814A-E81BCB8D93FC} = C:\Windows\system32\igfxDTCM.dll
    igfxOSP@{FA507C3F-30C6-4DCA-9EE5-2656072EEC14} = C:\Windows\system32\igfxOSP.dll
    NvCplDesktopContext@{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = %SystemRoot%\system32\nvshext.dll


    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
    AVG Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files (x86)\AVG\Av\avgsea.dll
    WinRAR@{B41DB860-64E4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    WinRAR32@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =
    WinZip@{E0D79304-84BE-11CE-9641-444553540000} = c:\Program Files\WinZip\wzshls64.dll


    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{AA58ED58-01DD-4d91-8333-CF10577473F7} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll


    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.FPS1 = frapsv64.dll


    HKLM\Software\Microsoft\Internet Explorer\Main >>>
    @Default_Page_URLhttp://go.microsoft.com/fwlink/p/?LinkId=255141 = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    @Start Pagehttp://go.microsoft.com/fwlink/p/?LinkId=255141 = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    @Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm


    HKCU\Software\Microsoft\Internet Explorer\Main >>>
    @Default_Page_URLhttp://msi13.msn.com = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    @Start Pagehttp://msi13.msn.com = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    @Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm


    HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
    osf@CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} /*file not found*/
    wlpg@CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} /*file not found*/


    HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000 000008@LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll


    ---- EOF - GMER 2.1 ----
      My System SpecsSystem Spec

  4. #4


    Gmer is cool.. but its going to take a long time.. to really look up all those..
    Last edited by derekimo; 12 Feb 2016 at 23:50. Reason: Cleaned up.
      My System SpecsSystem Spec

  5. #5


    You need to stop asking people to use teamviewer, just help them out on the forum so everyone can benefit.
      My System SpecsSystem Spec

  6. #6


    well ooooook...
      My System SpecsSystem Spec

processes taking up to 90% of disk, switch to max out help
Related Threads
Screenshot first because it's required for context: http://i.imgur.com/PsVGq5S.png This is taken directly after reboot, so it's not a big issue at the moment. After about 16 hours of regular useage, enough of these processes appear that 4 of the 8 GB of RAM I have is used by them alone while the...
Solved Windows and Processes Opening in General Support
Hello, I'm experiencing odd crashes with my Windows 8.1 box, where I will experience a spike of lag followed by tray and application forms becoming active windows. It's hard to explain so here's an Image : 55244 As you can see, there are some pretty odd windows open. The only applications I...
Solved Windows 8 updates taking up too much disk space in Windows Updates & Activation
I just did a clean install of windows 8 without all the Dell software being installed on my Dell Inspiron 7720 17R SE Laptop. When the installation was finished I had 179GB of free space showing on the 200GB drive C: partion. I just finished downloading and installing 111 recommended Windows...
Hello. I am currently using Windows 8 Professional (x64) as an administrator. My issue is that often certain programs or software do not exit properly and show up on Task manager as background processes. The issue is that I cannot end these processes because "Access is Denied" and must therefore...
Check Disk taking a long time in Performance & Maintenance
Hi I tried to run Check Disk in W8 but it did not complete saying it could not complete the scan, so I tried to run Chksdk from the CMD prompt, I got a message that could run Chkdsk and repair errors on the next boot, I select Y and the scan started on the next re-boot. It went okay until...
Bandwidth limit on processes. in Network & Sharing
Hey. I am downloading games for different services. But I like to to play games while downloading but the ping is high. I have tried netbalancer but the free limit is too low and paying for such software is dump so are there any free software to controll bandwidth?
Self appearing processes in BSOD Crashes and Debugging
Hello, Just week ago installed Windows 8. From the beginning noticed, that in the task bar appear blank processes, didn't pay any attention then, I just clicked on them and they disappeared. But if you don't click on them, there appear more and more. Here I have took some screens imgur: the...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook