Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Problems


  • Please log in to reply
8 replies to this topic

#1 j3r3my502

j3r3my502

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 01 August 2009 - 05:08 PM

Pc specs, AMD Athlon x-2 dual core, 3500, 3 gigs ram, 8500 gt nvidia card, win vista premium SP2.

Ok, im not a P2P type of person, i play mmo's and FPS type of games so i do download patches and or addons/map packs. Computer has worked fine, clean on the inside etc.

Till recently. All of the sudden my cores are constanly being "Pegged" and my mouse pointer will do the animation when you click on a icon every 10-15 seconds when idle or in use. Same with the cores, will be at 0% at idle then spike to 40-60% then right back down, over and over.

Ive ran every online scanner out there, tryed every free scanner, used the one i bought and everything says im perfectly fine, but im not.

I can post a HJT log if needed.

I can also re-format if something is horridly wrong.

Thank you in Advance

Jeremy

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:05 PM

Posted 01 August 2009 - 05:52 PM

Please download and run Processexplorer


http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under file and save as, create a log and post here

copy and paste into a reply
Chewy

No. Try not. Do... or do not. There is no try.

#3 j3r3my502

j3r3my502
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 01 August 2009 - 06:30 PM

Process PID CPU Description Company Name
System Idle Process 0 97.60
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 692 Windows Session Manager Microsoft Corporation
csrss.exe 1120 Client Server Runtime Process Microsoft Corporation
wininit.exe 1536 Windows Start-Up Application Microsoft Corporation
services.exe 628 Services and Controller app Microsoft Corporation
svchost.exe 1680 Host Process for Windows Services Microsoft Corporation
mobsync.exe 2860 Microsoft Sync Center Microsoft Corporation
nvvsvc.exe 1816 NVIDIA Driver Helper Service, Version 182.50 NVIDIA Corporation
rundll32.exe 2008 Windows host process (Rundll32) Microsoft Corporation
svchost.exe 2028 Host Process for Windows Services Microsoft Corporation
svchost.exe 968 Host Process for Windows Services Microsoft Corporation
Ati2evxx.exe 1696 ATI External Event Utility EXE Module ATI Technologies Inc.
Ati2evxx.exe 716 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 616 Host Process for Windows Services Microsoft Corporation
audiodg.exe 956 Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 1576 Host Process for Windows Services Microsoft Corporation
dwm.exe 708 Desktop Window Manager Microsoft Corporation
WUDFHost.exe 2192 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
svchost.exe 1968 Host Process for Windows Services Microsoft Corporation
taskeng.exe 1132 Task Scheduler Engine Microsoft Corporation
taskeng.exe 1044 Task Scheduler Engine Microsoft Corporation
taskeng.exe 4928 Task Scheduler Engine Microsoft Corporation
svchost.exe 1188 Host Process for Windows Services Microsoft Corporation
SLsvc.exe 1328 Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1704 Host Process for Windows Services Microsoft Corporation
svchost.exe 932 Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1148 Spooler SubSystem App Microsoft Corporation
svchost.exe 1676 Host Process for Windows Services Microsoft Corporation
CLMSServer.exe 1020 CLMSServer CyberLink
MemCheck.exe 196 MemCheck.Service
AppleMobileDeviceService.exe 1924 Apple Mobile Device Service Apple Inc.
avgwdsvc.exe 2372 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgrsx.exe 3408 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgnsx.exe 5064 AVG Network scanner Service AVG Technologies CZ, s.r.o.
isafe.exe 2768 CA ISafe Service Computer Associates International, Inc.
LSSrvc.exe 3420 Hewlett-Packard Company
PnkBstrA.exe 2900
svchost.exe 4080 Host Process for Windows Services Microsoft Corporation
RichVideo.exe 2528 RichVideo Module
svchost.exe 3320 Host Process for Windows Services Microsoft Corporation
vetmsg.exe 4064 CA Anti-Virus Realtime Messaging Service CA, Inc.
svchost.exe 124 Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 2892 Microsoft Windows Search Indexer Microsoft Corporation
SearchProtocolHost.exe 4280 Microsoft Windows Search Protocol Host Microsoft Corporation
SearchFilterHost.exe 6052 Microsoft Windows Search Filter Host Microsoft Corporation
avgemc.exe 3980 AVG E-Mail Scanner AVG Technologies CZ, s.r.o.
avgcsrvx.exe 2708 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
eRecoveryService.exe 3640 eRecoveryService Acer Inc.
SDWinSec.exe 3224 Spybot-S&D Security Center integration Safer Networking Ltd.
wmpnetwk.exe 3068 Windows Media Player Network Sharing Service Microsoft Corporation
iPodService.exe 1492 iPodService Module Apple Inc.
ccprovsp.exe 4816 CCProvSP CA, Inc.
lsass.exe 712 Local Security Authority Process Microsoft Corporation
lsm.exe 760 Local Session Manager Service Microsoft Corporation
csrss.exe 1544 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1192 Windows Logon Application Microsoft Corporation
explorer.exe 1944 Windows Explorer Microsoft Corporation
MSASCui.exe 3092 Windows Defender User Interface Microsoft Corporation
SysMonitor.exe 3820
sm56hlpr.exe 2436 Application executable file Motorola Inc.
jusched.exe 3756 Java™ Platform SE binary Sun Microsystems, Inc.
rundll32.exe 2160 Windows host process (Rundll32) Microsoft Corporation
RazerTray.exe 2648 Razer Mamba Configuration Utility Razer USA Ltd
RtHDVCpl.exe 2896 HD Audio Control Panel Realtek Semiconductor
cctray.exe 2068 CA Common Tray CA, Inc.
QOELoader.exe 3040 QOELoader Application CA
cavrid.exe 2516 CA Anti-Virus Realtime Infection Report CA, Inc.
iTunesHelper.exe 3308 iTunesHelper Module Apple Inc.
sidebar.exe 3932 Windows Sidebar Microsoft Corporation
sidebar.exe 156 Windows Sidebar Microsoft Corporation
wmpnscfg.exe 2716 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
btdna.exe 1928 DNA BitTorrent, Inc.
PCMMediaSharing.exe 3948
Ventrilo.exe 5648 2.32 Ventrilo Client Program Flagship Industries, Inc.
firefox.exe 5108 Firefox Mozilla Corporation
procexp.exe 4876 0.77 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
eRAgent.exe 3012 eRecovery agent Acer Inc.
nclauncher.copy.exe 420 NCSoft Launcher NCSoft

#4 j3r3my502

j3r3my502
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 01 August 2009 - 06:39 PM

Do i need to run this also in safe mode?

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:05 PM

Posted 01 August 2009 - 07:05 PM

Not a P2P but bittorrent's running?

:thumbsup:

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either CA or AVG.

also too many task schedulers and Acer utilities(not the best software ever written)
Chewy

No. Try not. Do... or do not. There is no try.

#6 j3r3my502

j3r3my502
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 01 August 2009 - 07:16 PM

The DNA came from a game i downloaded called Knight Online, its a Korean style game that required you to use torrents. It has been deleted.

And no i dont file share movies and music. Im a gamer not a music or movie buff. The Koreans force you to use bit torrent. Guess it saves thier servers from having to process so much.

I will get rid of AVG since i have CA, but Malware bytes i understood is not like a typical anti viri.

I could be wrong.

Again this machine worked fine till recently. Now its running like tar rolling down a mountain. I know i can just re-format, thats not a big issue.

I really dont want to do that IF i can get away with it. As with any nasty virus....some cannot be easily gotton rid of.

Thank you for your time though, i really do appreciate it.

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:05 PM

Posted 01 August 2009 - 07:37 PM

Since you had possible issues from too much protection let's look for a rootkit?

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Chewy

No. Try not. Do... or do not. There is no try.

#8 j3r3my502

j3r3my502
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 01 August 2009 - 07:45 PM

I found one issue
wmplayer.exe

Its a hack ino windows media player, in the process explorer you showed me its the process pinging my hard dive/cores. More than likely im part of a zombie/botnet.

I will follow the instructions above soon, my parents are due over soon.

Again, thank you so much fo your time and patience.

Jeremy

#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:05 PM

Posted 01 August 2009 - 07:49 PM

The newer versions of windows media player behave a lot like an infection.
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users