Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: CPU suddenly goes 100%. always requiring hard reboot. Please help

  1. #1
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default CPU suddenly goes 100%. always requiring hard reboot. Please help

    Hi
    My systems CPU goes to 100% suddenly / randomly even though I would not be doing something( but browsers open).
    After that it would be impossible to bring it down unless I do a hard reboot.
    I think some malware is causing this. Please help.
    Attach.zip and DDS log below.

    DDS Log
    -----------------
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Sanjana at 4:07:11 on 2012-04-09
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.2142 [GMT -4:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\system32\java.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Iomega Storage Manager\pCloudd.exe
    C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
    C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\Sanjana\AppData\Roaming\Aventail\ewpca\ewpca.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = local;*.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
    uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRunOnce: [BetProxy] c:\users\sanjana\appdata\roaming\aventail\ewpca\ewpca.exe -cleanup
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
    mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [PDF Converter Elite Print Dispatcher] c:\program files\pdfconverter.com\pdf converter elite\2009\pcSONPrnDisp.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [PivotSoftware] "c:\program files\portrait displays\pivot pro plugin\Pivot_startup.exe" -delay=10
    mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    Trusted Zone: barcap.com\connect
    Trusted Zone: google.com
    Trusted Zone: google.com\local
    Trusted Zone: google.com\maps
    Trusted Zone: google.com\www
    Trusted Zone: google.com.sg\www
    DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://connect.barcap.com/workplace/webifiers/wficat.cab
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mcpuk1.jpmorgan.com/llclient/myonedesk-amer/winnt/AXNTEE.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn-rd02.jpmorganchase.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6
    TCP: Interfaces\{4BD72912-5353-4380-BBB1-55120742B277} : DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6
    TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E} : DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6
    TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\3524D203931313 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\3524D213031303 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\3524D213131313 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\373735563657275646 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\75759514D485 : DhcpNameServer = 64.119.80.100 216.143.135.12 202.156.1.68
    TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\C696E6B6379737 : DhcpNameServer = 202.156.1.68 202.156.1.58 218.186.1.38
    TCP: Interfaces\{BE2D882E-7030-4C79-91F3-32BF5CC8E77E}\E65647765616272333 : DhcpNameServer = 64.119.80.100 216.143.135.12
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\sanjana\appdata\roaming\mozilla\firefox\profiles\lps6crmv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\sanjana\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
    R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 PCloudd;PCloudd;c:\program files\iomega storage manager\pCloudd.exe [2011-2-17 206336]
    R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-10-22 109168]
    R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-10-5 76288]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-1-31 260648]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-31 122368]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-31 6114816]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1caaec57f5ab489;Google Update Service (gupdate1caaec57f5ab489);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253600]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-31 29472]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-21 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 133104]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-31 47104]
    S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-1-31 49152]
    S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-1-31 38400]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-12 52224]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-26 1343400]
    S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.30128\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30128\wpf\WPFFontCache_v0400.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-04-09 06:56:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-09 03:08:33 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{796379e7-ad4c-4807-b789-901c3185abb1}\mpengine.dll
    2012-03-14 18:54:28 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-14 18:54:26 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 13:37:31 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 13:37:29 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 13:36:37 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 13:36:37 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 13:36:37 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 13:36:36 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 13:36:36 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-14 13:36:36 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ==================== Find3M ====================
    .
    2012-04-09 07:22:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    .
    ============= FINISH: 4:08:34.06 ===============
    Hello sanjupan,

    Your topic Nov 26th, 2011 "My CPU is going 100" http://forums.spybot.info/showthread...682#post417682

    A helper responded but the topic was closed because you did not respond to his last instructions.

    Please let us know why there was no follow up. Also, has combofix been used again?
    It looks like you have run Combofix many times before, its a very powerful tool, lets hope you did not damage anything.
    Also of note, there was no follow up to this four page thread either: http://forums.spybot.info/showthread...348#post398348
    April 12th 2012

    Apologies for earlier posts being archived / closed. The first post - 4 page - was initial one where i missed reading the 3 day rule (my bad) and it got archived. I restarted a new post indicating my earlier was archived but had to travel on unscheduled visit and that got archived too.

    After that I had decided to wait and post only when I am fairly certain that I would be with my machine for long enough period of time to get the issues resolved.
    I realize that you people spend considerable effort on the whole forum. Please consider my case. Not sure how I should make it up to you guys.

    I havent used combo fix since those posts. There were some windows auto updates - not much has changed.

    Thanks and regards
    sanjupan
    Attached Files Attached Files
    Last edited by tashi; 2012-04-12 at 16:20. Reason: Merged posts

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,607

    Default

    Hi,

    Not really looking at anything earthshattering on your log, with the amount of times you have run Combofix, lets hope again that you didnt cause any damage.


    If your going to be away and cant respond for a few days, let me know so that I wont close this thread


    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please





    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default malwarebytes and avast log

    Thanks. The aswMBR prompted for virus definition update - i clicked yes.

    Posting both the logs below.
    Thanks
    sanjupan

    ------------------------------------------------------------------------
    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.26.02

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Sanjana :: SANJPC [administrator]

    Protection: Enabled

    4/26/2012 9:48:31 AM
    mbam-log-2012-04-26 (09-48-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 255785
    Time elapsed: 16 minute(s), 53 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ------------------------------------------------------------------------


    aswMBR log
    ------------------------------------------------------------------------

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-26 10:07:14
    -----------------------------
    10:07:14.178 OS Version: Windows 6.1.7601 Service Pack 1
    10:07:14.178 Number of processors: 2 586 0x170A
    10:07:14.180 ComputerName: SANJPC UserName:
    10:07:15.421 Initialize success
    10:09:03.775 AVAST engine defs: 12042600
    10:10:46.545 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    10:10:46.547 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
    10:10:46.567 Disk 0 MBR read successfully
    10:10:46.570 Disk 0 MBR scan
    10:10:46.573 Disk 0 Windows VISTA default MBR code
    10:10:46.576 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    10:10:46.589 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
    10:10:46.603 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
    10:10:46.608 Disk 0 scanning sectors +488395120
    10:10:46.683 Disk 0 scanning C:\Windows\system32\drivers
    10:11:04.519 Service scanning
    10:11:46.872 Modules scanning
    10:12:02.647 Disk 0 trace - called modules:
    10:12:02.679 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    10:12:02.684 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87054648]
    10:12:02.689 3 CLASSPNP.SYS[8cc9a59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86200028]
    10:12:03.714 AVAST engine scan C:\Windows
    10:12:08.157 AVAST engine scan C:\Windows\system32
    10:16:59.571 AVAST engine scan C:\Windows\system32\drivers
    10:17:28.266 AVAST engine scan C:\Users\Sanjana
    10:34:15.619 Disk 0 MBR has been saved successfully to "C:\Data\MalwareRemoval\9thApr2012\MBR.dat"
    10:34:15.669 The log file has been saved successfully to "C:\Data\MalwareRemoval\9thApr2012\aswMBR.txt"

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,607

    Default

    Logs look fine

    If ESET doesn't find anything that I will link you to a windows forum for help

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default Unable to do ESET

    Hi, whenever I try to run the online scan, it takes a long time(its scanning for viruses stage) my CPU goes 100% mid-way and I have to reboot the PC. I retried that 2 times without luck.

    I was trying the alternative step for other browsers
    "Click on to download the ESET Smart Installer. Save it to your desktop.
    Double click on the icon on your desktop."
    ...But was unable to locate it on the ESET webage. I m hoping it's an offline tool. Can you please let me know the link. Also should I run this by staring windows in safe mode or something? I m afraid if it takes a longer time my PC may again slip into the 100% CPU issue.

    Thanks
    Sanjupan

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,607

    Default

    Good Morning,

    You can try running ESET in Safemode with Networkworking


    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
    • Then press the Enter Key on your Keyboard

    Tutorial if you need it How to boot into Safemode


    If it still give you problems you can try this other scanner
    http://housecall.trendmicro.com/
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default ESET logs

    Hi I was able to run the ESET Scanner successfully in safe mode.

    It identified 4 threats but apparently also quarantined it.
    I still have the ESET Window open.

    Should I restore back files (identified as infected )by clicking on "Manage Quarantined files" --> "Restore" button on the ESET window?

    The log is below

    ---------------------------------------------------

    C:\Qoobox\Quarantine\C\Users\Sanjana\AppData\Local\ayetaciw.dll.vir a variant of Win32/Cimag.FT trojan cleaned by deleting - quarantined
    C:\Users\Public\Documents\Server\hlp.dat probably a variant of Win32/Agent.JCVPCMR trojan cleaned by deleting - quarantined
    C:\Users\Sanjana\Desktop\HSS-1.58-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application deleted - quarantined
    C:\Users\Sanjana\Downloads\cnet_TuneAid_3_76_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    ----------------------------------------------------------




    Also should I run the trend scanner too?

    Please advise.

    Thanks
    Sanjupan

  8. #8
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,607

    Default

    No, dont restore them, one was in Quarantine from what Combofix removed, one is a dat file and the other two look like they are something that you downloaded that could be infected.


    No need for Trendmicro.

    Still the same problem ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member sanjupan's Avatar
    Join Date
    Sep 2010
    Posts
    45

    Default

    Looks like the issue is resolved. I had my PC on the whole night with perfmon tracking.
    Please let me know the next steps.
    Thanks for all the help!
    sanjupan

  10. #10
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,607

    Default

    One thing we may want to check is your Master Boot Record, the latest threats are targeting it, aswMBR is showing its ok but lets make sure, now that your saying everything is ok I am sure its fine so this is a doublecheck.

    Download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •