Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU usage constantly spiking up to 100


  • This topic is locked This topic is locked
2 replies to this topic

#1 McMonk84

McMonk84

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 03 June 2009 - 02:12 PM

Hi,

I am new to this forum. Thanks in advance for any help people can provide. My computer started slowing down last night. I believe it has to do with an installation of Photodex ProShow Gold. Doing a little research I am also concerned about csrss.exe file.

Some processes I manually closed becuase they were slowing down the computer so much I couldn't get into a web browser:
ntmulti.exe - for Lotus Notes
scsiaccess.exe - for Proshow Gold
nslservce.exe - for Lotus Notes

I am using the program to create a slideshow for a wedding so do not want to remove it unless absolutely necessary. Below is my attached DDS.txt. Thanks!!!


DDS (Ver_09-05-14.01) - NTFSx86
Run by WANGA at 12:06:54.53 on Wed 06/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.810 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\nsl.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\NetMotion Client\messerv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program files\P-Synch\pssso\service\pssso.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\CMPWI.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\wanga.DIAMONDCLUSTER\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.google.com/mail/?account_id=andrew.ge.wang%40gmail.com#inbox
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: diamondcluster.com
Trusted Zone: diamondcluster.com\password
Trusted Zone: diamondcluster.net
Trusted Zone: diamondconsultants.com
Trusted Zone: diamondconsultants.net
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://chgmail2.diamondcluster.com/iNotes6W.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150364632140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150449660828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C312947E-E0A5-40F0-9D4E-79ED66D51423} - hxxps://home.diamondconsultants.com/passwordchange/Find_PSynch_Install.dll
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://themeetingson.webex.com/client/v_mywebex-pso-themeetingson/webex/ieatgpc.cab
TCP: {DB1B3737-2FEA-4533-9B20-C47C9BBE3C0A} = 68.28.50.91 68.28.58.92
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wanga~1.dia\applic~1\mozilla\firefox\profiles\jlgocbbt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|http://mail.google.com/mail/?shva=1#inbox|http://www.google.com/reader/view/#stream/feed%2Fhttp%3A%2F%2Fwww.bay12games.com%2Fdwarves%2Fdev_now.rss
FF - plugin: c:\documents and settings\wanga.diamondcluster\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\npatgpc.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-3 64160]
R1 fsclm;FIPS Driver;c:\program files\netmotion client\fsclm.sys [2005-10-27 97760]
R1 NMDRV;NetMotion Client Driver;c:\program files\netmotion client\nmdrv.sys [2005-10-27 724480]
R1 NMRoam;NetMotion Roaming Detection Daemon;c:\windows\system32\drivers\nmroam.sys [2005-10-27 19456]
R1 NMutilnt;NetMotion Utility Driver;c:\windows\system32\drivers\nmutilnt.sys [2005-10-27 17408]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-7-1 4442]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 MESSERV;NetMotion Client;c:\program files\netmotion client\messerv.exe [2005-10-27 311296]
R2 pssso;P-Synch/SSO;c:\program files\p-synch\pssso\service\pssso.exe [2005-9-19 692224]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090601.003\naveng.sys [2009-6-1 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090601.003\navex15.sys [2009-6-1 876144]
R3 nmvnic;NMVNIC Network Adapter;c:\windows\system32\drivers\nmvnic.sys [2005-10-27 37376]
S3 EraserUtilDrv10620;EraserUtilDrv10620;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10620.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10620.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S3 tpflhlp;tpflhlp;c:\drivers\79uj17us\tpflhlp.sys [2006-12-13 13616]

=============== Created Last 30 ================

2009-06-03 11:43 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 11:24 <DIR> --d----- C:\Rustbfix
2009-06-03 10:46 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-03 10:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-03 10:29 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-02 22:10 0 a------- C:\1694457529
2009-06-02 22:10 57,344 a------- C:\lsass.exe
2009-06-02 22:10 9,216 a------- C:\xbmqgeyn.exe
2009-06-02 22:09 57,344 a------- C:\udwnxe.exe
2009-06-02 22:09 20,703 a------- C:\lhkeufwk.exe
2009-06-02 22:08 212 a------- C:\487656.bat
2009-06-02 22:08 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-06-02 22:08 13,824 ----h--- c:\windows\pp10.exe
2009-06-02 22:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\92023276
2009-06-02 22:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12013284
2009-06-02 22:07 2 ----h--- c:\windows\sonce122730.dat
2009-06-02 22:07 <DIR> --d----- c:\windows\system32\sysloc
2009-06-02 22:06 <DIR> --d----- c:\program files\Microsoft Common
2009-06-02 22:06 213,024 a------- c:\windows\system32\drivers\str.sys
2009-06-02 22:06 184 a------- C:\345678.bat
2009-06-02 22:06 14,848 ----h--- c:\windows\ld08.exe
2009-06-01 19:51 <DIR> --d----- c:\docume~1\wanga~1.dia\applic~1\CVS
2009-06-01 19:51 <DIR> --dsh--- c:\windows\ftpcache
2009-05-30 19:07 <DIR> --d----- c:\program files\Lame for Audacity
2009-05-28 18:33 43 a------- c:\windows\gswin32.ini
2009-05-26 22:55 <DIR> --d----- c:\program files\Photodex Presenter
2009-05-25 18:27 <DIR> --d----- c:\documents and settings\wanga.diamondcluster\.freemind
2009-05-25 18:27 <DIR> --d----- c:\program files\FreeMind
2009-05-21 14:39 <DIR> --d----- c:\program files\Photodex
2009-05-21 14:39 <DIR> --d----- c:\docume~1\wanga~1.dia\applic~1\Photodex

==================== Find3M ====================

2009-04-24 17:30 96,384 a------- c:\windows\system32\drivers\sptd2461.sys
2009-04-24 17:13 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-15 21:38 22,328 ac------ c:\docume~1\wanga~1.dia\applic~1\PnkBstrK.sys
2009-03-15 21:38 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-03-15 21:37 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-03-15 21:37 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-03-13 23:42 52,736 a------- c:\windows\ipuninst.exe
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll

============= FINISH: 12:08:55.23 ===============

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:47 PM

Posted 10 June 2009 - 12:38 PM

Hello McMonk84,

NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of the SmitfraudFix report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:47 PM

Posted 16 June 2009 - 10:42 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users