Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


CPU Usage Always Around 50%

  • This topic is locked This topic is locked
2 replies to this topic

#1 Kent9000


  • Members
  • 2 posts
  • Local time:04:29 AM

Posted 29 January 2009 - 11:20 PM


Just to start right off and say. Thanks for having a look over my log. Any and all help will be greatly appreciated.

I have recently experienced slower than normal computer speeds. I like to think I am slightly tech saavy but who knows. I had a infected .dll's in my system32 folder: bwcdpn.dll, cbXPjGAs.dll(only .dll I couldn't delete), ssqNFYQh.dll, nybwovlq.dll. Each of those .dll's was detected when yesterday I decided to get BitDefender. The .dll were infected Trojans. I then used autoruns in SafeMode to delete 3/4 of those infected files. Then today, I decided to run, Spy-Bot S&D which found some other things which were deleted and removed. I then proceeded to spend about 5 hours looking for ways of deleting this .dll. When I stumbled upon reports of ComboFix, fixing a lot of users problems. Furthermore in regards to my CPU usage, it fluctuates alot! From as low as 0-50%. I decided to have a look through my processes and found out that lsass.exe, was using a lot of the CPU. So I googled it. It turns out that there is this and that about it being a MS thing. Although that it is commonly used for this type of thing.

Anyways, here is my log,
Thanks a lot for any and all help,

Here is the log:

DDS (Ver_09-01-19.01) - NTFSx86
Run by Kentaro Chiba at 22:29:40.78 on Thu 01/29/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Kentaro Chiba\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kentaro Chiba\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {24FD5544-732B-4428-B265-37F8D0ED219E} - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {96e02abf-5633-4902-93af-63c610d15b88} - c:\windows\system32\cbXPjGAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\documents and settings\kentaro chiba\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221861429520
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\windows\system32\lehebofi.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXPjGAs
LSA: Notification Packages = scecli c:\windows\system32\lehebofi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kentar~1\applic~1\mozilla\firefox\profiles\zbftit0a.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll

============= SERVICES / DRIVERS ===============

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328]
R4 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]

=============== Created Last 30 ================

2009-01-29 22:20 <DIR> --d----- c:\program files\Trend Micro
2009-01-29 21:38 <DIR> --d----- c:\windows\pss
2009-01-29 21:26 121 a------- c:\windows\bdagent.INI
2009-01-29 21:01 1,102 a--sh--- c:\windows\system32\sAGjPXbc.ini
2009-01-29 20:09 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-29 20:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-28 19:00 81,984 a------- c:\windows\system32\bdod.bin
2009-01-28 18:54 850 a------- c:\windows\system32\ProductTweaks.xml
2009-01-28 18:54 385 a------- c:\windows\system32\user_gensett.xml
2009-01-28 18:48 <DIR> --d----- c:\windows\system32\logs
2009-01-28 18:47 <DIR> --d----- c:\docume~1\kentar~1\applic~1\BitDefender
2009-01-28 18:47 <DIR> --d----- C:\Binaries
2009-01-28 18:46 <DIR> --d----- c:\program files\BitDefender
2009-01-28 18:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-01-28 18:41 <DIR> --d----- c:\windows\system32\URTTemp
2009-01-28 18:40 <DIR> --d----- c:\program files\common files\BitDefender
2009-01-27 23:11 1,102 a--sh--- c:\windows\system32\sAGjPXbc.ini2
2009-01-27 23:11 315,904 a------- c:\windows\system32\cbXPjGAs.dll
2009-01-27 20:27 1,920,920 a----r-- c:\windows\system32\drivers\lvpopflt.sys
2009-01-27 20:25 127,034 -----r-- c:\windows\bwUnin-
2009-01-26 16:41 2,297,552 a------- c:\windows\system32\d3dx9_26.dll

==================== Find3M ====================

2009-01-29 19:54 34 a------- c:\documents and settings\kentaro chiba\jagex_runescape_preferences.dat
2009-01-29 19:11 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-12-10 19:42 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys

============= FINISH: 22:35:08.83 ===============

Attached Files

  • Attached File  DDS.txt   9.77KB   16 downloads

Edited by Kent9000, 29 January 2009 - 11:41 PM.

BC AdBot (Login to Remove)


#2 Kent9000

  • Topic Starter

  • Members
  • 2 posts
  • Local time:04:29 AM

Posted 30 January 2009 - 08:43 AM

I decided to try a program called. Trojan Remover. Ran it in Windows as normal, and didn't work. Therefore I booted into SafeMode and ran the program. It then worked like a charm! Sorry about wasting or inconveniencing anyones time.


#3 KoanYorel


    Bleepin' Conundrum

  • Staff Emeritus
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:29 AM

Posted 30 January 2009 - 01:22 PM

Thanks for telling us what you have done. Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users