Any help is greatly appreciated. Cathie

Windows Media Player is all of a sudden using at least 50% cpu. Search on internet stated it is most likely a malware, trojan or spyware. Here is everything I did. I ran AVG, online Symantec, AdAware, Spybot Search & Destroy, Spyware Blaster, Spyware Terminator and nothing showed up. I also did a defrag of the hard drive. Just before this all started I installed Cyberlink Power DVD from cd and DivX from internet. I restored to before these installations, but this did not help. Windows Task Manager states 50 processes running (screen image attached) while HijackThis shows 41 processes running.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:19 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\power shutdown\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Paul & Cathie\Desktop\WindowClippings.exe
C:\Documents and Settings\Paul & Cathie\Desktop\WindowClippings.exe
C:\Documents and Settings\Paul & Cathie\Desktop\Computer Maintenance\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {3EB9C349-7473-48AC-A59B-42F31751974B} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [KennyKerr.WindowClippings.HotKey] "C:\Documents and Settings\Paul & Cathie\Desktop\WindowClippings.exe" /hotkey
O4 - HKCU\..\Run: [KennyKerr.WindowClippings.Icon] "C:\Documents and Settings\Paul & Cathie\Desktop\WindowClippings.exe" /icon
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: outlook.url
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35A276E6-FD25-4C49-85C4-8422DDB439EE}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Port Forward (Port Foward.exe) - Tucson Software Services - C:\Program Files\Tucson Software Services\Port Forward\Port Foward.exe
O23 - Service: Power Shutdown - Snowportion - c:\program files\power shutdown\svchost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10374 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Hi Cathie, if you still need help, please read the instructions I posted above which are also Pinned to the top of the forum.

I am concerned about this item, do you know what it is:
c:\program files\power shutdown\svchost.exe
O23 - Service: Power Shutdown - Snowportion - c:\program files\power shutdown\svchost.exe

If not it may be this: http://www.castlecops.com/startuplist-12304.html and you will want to view this information just to be safe:
http://www.castlecops.com/startuplist-12304.html

Use one or more of these free online scans to find out what that is, that file should not be running from that location.
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/

I suggest you stay offline unless you are troubleshooting until we clean you up. Post the results of the scans and a new HJT log. Include any new information you have, any error messages you recieve word for word and any comments you think will help.

Thanks...Phil

Hi Phil,

I just saw your reply about an hour ago. Thank you so much for trying to help me.

I scanned c:\program files\power shutdown\svchost.exe with the three online scans and it was okay, safe. I did delete it though.

I'm running the online virus scans right now.

Should I turn off system restore?

I'll let you know the results of the scans, spybot scan in safe mode & hjt.

Cathie

OK Cathie, I will not need to see the scan results unless there is a problem, let me know. Same with the Spybot log, waste of space unless there are issues. I must say I am surprised about this item:
c:\program files\power shutdown\svchost.exe because the valid svchost resides in the system32 folder, not C:\Program Files\ but I suppose anything is possible. Since that powershutdown program is running on your computer, would you tell me what it is, when you installed it. Have you installed any other new programs recently?

Open the program if you have to, should be in All Programs somewhere.

I would like you to do this:
Right click a blank spot on the Taskbar at the bottom of your monitor and click on Task Manager. Click the Processes tab and then click on Mem Usage until it brings you biggest users to the top. Let me know what is there, like I use MSN.exe which is nice but uses 56,072K, it is my biggest user. I am interested in anything there you do not know.

I'll also say I have WMP11 and I opened it and checked, it was using 36,500K and not even running.

Let's also have a look at your Unistall list like this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)

You have plenty of RAM, let's see what that information provides. Remember to post error messages word for word if you receive any, sometimes high CPU usage is caused by stuff other than malware.

This is a good troubleshooting site: http://kadaitcha.cx/high_cpu.html

Thanks...Phil

Hi Phil,

No viruses, malware, spyware or trackers left on my computer.

PowerShutDown was a utility to set timers to automatically shut down your computer. I no longer have it installed. As for new programs, I have only installed PowerDVD.

Results From Windows Task Manager: (does the cpu number represent how much memory is being used? If so, this is where I know Windows Media Player is definitely using more than about a week ago)

firefox.exe 61,060 cpu 02
wmplayer.exe (not playing anything) 31,992 cpu 02
wmplayer.exe (playing a song) 26,000 cpu 50
wmplayer.exe shut down/restart (not playing a song) 29,300 cpu 02
wmplayer.exe shut down/restart (playing a song) 36,624 cpu 03
wmplayer.exe (rip cd) 43,444 cpu 17
wmplayer.exe (rename cd title while cd in drive ready to be ripped) 26,872 cpu 02
svchost.exe 28,180 cpu 00
aawservice.exe 23,168 cpu 00 (Adaware is not open...why would this be running?)

Here is the uninstall list from Hijack this:

ABBYY FineReader 5.0 Sprint Plus
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe PDF IFilter 6.0
Adobe Reader 8.1.0
Adobe Shockwave Player
Advanced WindowsCare 2.50 Personal
Ares 2.0.8
ATI Control Panel
ATI Display Driver
AVG 7.5
AXIS Media Control SDK
Belarc Advisor 7.2
BitComet 0.91
Broadcom Advanced Control Suite 2
BUM
CardRd81
CCScore
Classic PhoneTools
Conexant D850 56K V.9x DFVc Modem
CR2
Crash Analysis Tool
Creative MediaSource
Creative PC-CAM Center Lite
Creative WebCam Monitor
Creative WebCam NX User's Guide (English)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell ResourceCD
Dell Solution Center
Dell Support 5.0.0 (766)
Digital Line Detect
DiscAPI (Studio 10)
DVD Decrypter (Remove Only)
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoStarter3.0
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ESPR320 Reference Guide
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
essvatgt
essvcpt
ESSvpaht
ESSvpot
Film Factory
FilmLoop Player
FUJIFILM USB Driver
Google Desktop
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPSFO
ImgBurn (Remove Only)
IncrediMail Xe
Ink Monitor
Intel Application Accelerator
Internet Explorer Developer Toolbar
InterVideo AVControlSDK
IObit SmartDefrag Beta3
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
Magentic
Magic DVD Ripper V5.0.1
Maxell CreateIt
Modem Helper
Mozilla Firefox (2.0.0.5)
MrSID Browser Plug-in 1.3
MSN Messenger 7.5
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
Musicmatch® Jukebox
NetWaiting
Notifier
OfotoXMI
OTtBP
OTtBPSDK
OverDrive Media Console
Photo Story 3 for Windows
Pixie registration fix
PowerDVD 5.1
Quicken 2002 Deluxe
QuickTime
RAPID
RAW FILE CONVERTER LE
RealPlayer
Sansa Updater
ScanToWeb
SFR
SHASTA
SKIN0001
SKINXSDK
SmartSound Quicktracks for Premiere
SmartSound Quicktracks Plugin
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony DVD Architect Studio 3.0b
Sony Vegas Movie Studio 6.0b
Sound Blaster Audigy 2
Spybot - Search & Destroy 1.4
Spyware Terminator
SpywareBlaster v3.5.1
SUPER © Version 2007.bld.23 (July 4, 2007)
Switch Off
Tabbed Browsing (Windows Live Toolbar)
TimeAfterTime
Tweak UI
VPRINTOL
WebCyberCoach 3.2 Dell
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows Workflow Foundation
Windows XP Creativity Fun Packs - Windows Movie Maker 2
WIRELESS
Xvid 1.1.2 final uninstall

I looked at http://kadaitcha.cx/high_cpu.html knowledge base articles and none were representative of my problem. I didn't perform anything from additional resources as I was nervous that I would ruin something.

Actually, windows media player appears to be running okay now, so the viruses, spyware, trackers I removed must have helped. Not sure why at some times the cpu usage will jump high though. Should I be concerned about this?

Thanks.

Cathie

Thanks for returning your information, to save us both time, I will comment only where I believe it is necessary or where you have asked a question.

http://www.google.com/search?hl=en&q=mem+usage&btnG=Search

Firefox: mine which I rarely use but opened to see is using 24,000. Even MSN which I know is a resource hog only uses 55,000. 61,000 seems high? Is the the newest version of Firefox?
(if you have several windows open in Firefox at the time, I suppose it could account to the resources)

WMPlayer seems about normal for what you are doing. If you have v10 or 11 it does use some resources.
C:\Program Files\Windows Media Player\WMPNSCFG.exe <<< it is running all of the time, I suggest you turn it off and start it manually in All Programs when you wish to use it.

svchost.exe: FYI >> http://support.microsoft.com/kb/314056

aawservice.exe: I am still running Ad-aware free and probably will not update to this new version (too many bad stories at this point)
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
The program is running all of the time, did you purchase this? Have a look at the Google, especially the CastleCops links.
http://www.google.com/search?hl=en&q=aawservice.exe&btnG=Search
Since I do not update beyond the free personal version, and will not, I can only supply information. I can also say their is much turmoil at the top of this company just now.

uninstall list:
Ares 2.0.8: http://forums.spybot.info/showthread.php?t=282

IncrediMail Xe: heavy user of you resources

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1
http://forums.spybot.info/showpost.php?p=12880&postcount=2
very dangerous as you have read. You should find an update, download it and then uninstall all old versions in Add Remove Programs.

As far as I can see the rest are safe, I do not know all of your programs. I suggest you make sure nothing is installed you do not know. If stuff is no longer used, uninstall it.

Not sure why at some times the cpu usage will jump high though. Should I be concerned about this?No...but when it happens you may want to have a look to see what is causing it so you can better understand why it happens.

Look over the information I posted, here are some links that might help:
http://www.castlecops.com/postitle175256-0-0-.html
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/atwork/getstarted/speed.mspx?wt_svl=20292a&mg_id=20292b

Optional but suggested would be a free diagnostic here: http://www.pcpitstop.com/
Help with results: http://pcpitstop.invisionzone.com/index.php?showforum=6
Tutorial: http://www.pcpitstop.com/techexpress/howto1.asp

I would be glad to take a look and advise you if you post a link to the test results.

Give yourself some time to look over the information and then post a new HJT log along with any comments or questions you think will help.

Thanks...Phil

Due to lack of feedback this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.