Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU Usage 100%


  • This topic is locked This topic is locked
2 replies to this topic

#1 mayank240

mayank240

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 26 August 2009 - 05:20 AM

Hi,I am using Dell Latitude 610 Laptop with XP.My PC was working good but after i installed HP hosts my CPU usage became 100 %.I uninstalled the prog and also restored my PC to earlier date but still PC slow with SVCHOST.EXE using almost 100 % always.I scanned using MBAM,Super Antivirus,Housecall,Dr. Web. , but didn't found any virus.As suggested in this forum i am posting dds logs.Please guide me further.If I have done any mistake in scanning, i really apoligise for that,please guide me.


DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 12:26:13.56 on Wed 08/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.458 [GMT 4:00]

AV: Total Protection *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINNT\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://in.yahoo.com/
uSearch Page = www.google.de
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6173\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: India Radio TV Toolbar: {48f081da-c563-4c45-8413-dae38ec5cf1d} - c:\program files\india_radio_tv\tbInd1.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6173\SiteAdv.dll
TB: India Radio TV Toolbar: {48f081da-c563-4c45-8413-dae38ec5cf1d} - c:\program files\india_radio_tv\tbInd1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\winnt\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\winnt\system32\hkcmd.exe
mRun: [igfxpers] c:\winnt\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\agent\Splash.exe"
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [SiteAdvisor] c:\program files\siteadvisor\6173\SiteAdv.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\winnt\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printc~1.lnk - c:\documents and settings\administrator.lisec\application data\microsoft\installer\{311ced86-3cdb-4cdc-bf30-7609d67c1a81}\NewShortcut10_FBB862E34F8F4C7C8D151A9FB16A3E41.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoStrCmpLogica = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 1
mPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.566.dll
Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6173\SiteAdv.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxsrvc.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\bfcdn2rq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\winnt\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
R1 awlegacy;awlegacy;c:\winnt\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
R1 mfehidk;McAfee Inc. mfehidk;c:\winnt\system32\drivers\mfehidk.sys [2008-8-2 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R1 xlkfs;xlkfs;c:\winnt\system32\drivers\xlkfs.sys [2009-6-18 18432]
R2 CP_OMDRV;Check Point Office Mode Module;c:\winnt\system32\drivers\omdrv.sys [2005-6-19 36400]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-8-2 14144]
R2 KeyP;KeyP;c:\winnt\system32\drivers\KeyP.sys [2008-5-14 14232]
R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2008-8-2 144704]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-8-2 169280]
R2 PBUS;PBUS;c:\winnt\system32\drivers\PBus.sys [2007-1-26 3904]
R2 Peakcan;Peakcan;c:\winnt\system32\drivers\PEAKCAN.SYS [2007-1-26 177296]
R2 SIGMA16;SIGMA16;c:\winnt\system32\drivers\Sigma16.sys [2007-1-26 3444]
R2 Sigma32;Sigma32;c:\winnt\system32\drivers\Sigma32.SYS [2007-1-26 25344]
R2 sprtsvc_etisalat;SupportSoft Sprocket Service (etisalat);c:\program files\etisalat\esupport\bin\sprtsvc.exe [2009-8-4 200384]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\winnt\system32\drivers\vnasc.sys [2005-6-19 109072]
R2 VPN-1;VPN-1 Module;c:\winnt\system32\drivers\vpn.sys [2005-6-19 671408]
R3 CANLPT;CANLPT;c:\winnt\system32\drivers\canlpt2.sys [2005-7-13 40704]
R3 FW1;SecuRemote Miniport;c:\winnt\system32\drivers\fw.sys [2005-6-19 2234320]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\winnt\system32\drivers\hssdrv.sys [2009-7-10 33840]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\winnt\system32\drivers\MfeAVFK.sys [2008-8-2 79304]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\winnt\system32\drivers\MfeBOPK.sys [2008-8-2 35240]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
R3 SIGMA;SIGMA;c:\winnt\system32\drivers\sigma.sys [2003-4-30 20979]
R3 tap0901;TAP-Win32 Adapter V9;c:\winnt\system32\drivers\tap0901.sys [2009-7-15 28592]
S2 CanIpcNT1;CanIpcNT1;c:\winnt\system32\drivers\CanIpcNT1.sys [2003-4-30 37016]
S2 Com+ Event System Log;Com+ Event System Log;c:\program files\common files\microsoft shared\msinfo\twunk_64.aaa [2008-6-4 0]
S2 gupdate1c9eb41d0a2c6a0;Google Update Service (gupdate1c9eb41d0a2c6a0);c:\program files\google\update\GoogleUpdate.exe [2009-6-12 133104]
S2 HssSrv;Hotspot Shield Helper Service;c:\mayank\hotspot shield\hsswpr\hsssrv.exe --> c:\mayank\hotspot shield\hsswpr\hsssrv.exe [?]
S3 awhost32;pcAnywhere Host-Modul;c:\program files\symantec\pcanywhere\awhost32.exe [2004-11-5 106496]
S3 DIASIPC;DIASIPC;c:\winnt\system32\drivers\diasipc.sys [2004-4-13 16896]
S3 GTIPCI21;GTIPCI21;c:\winnt\system32\drivers\gtipci21.sys [2007-1-25 88192]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-8-11 57640]
S3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [2006-10-23 36352]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\winnt\system32\drivers\MfeRKDK.sys [2008-8-2 33832]
S3 OKAMAI;OKAMAI Service;c:\winnt\system32\cmd.exe [2007-1-26 389120]
S3 Ssfdcstk;Ssfdcstk;c:\winnt\system32\drivers\ssfdcstk.sys [2003-9-10 20736]
S4 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\common files\siemens\s7iepg\s7oiehsx.exe [2004-7-7 200769]

=============== Created Last 30 ================

2009-08-25 23:00 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-25 18:47 <DIR> --d----- c:\winnt\system32\wbem\Repository
2009-08-25 14:55 <DIR> --d----- c:\program files\Nero
2009-08-25 14:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-08-25 11:02 <DIR> --d----- c:\program files\hpHosts
2009-08-24 22:25 <DIR> --d----- c:\docume~1\admin\applic~1\gnupg
2009-08-24 12:53 <DIR> --d----- c:\program files\Safer Networking
2009-08-22 22:32 <DIR> --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-08-22 22:32 38,160 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-08-22 22:32 19,096 a------- c:\winnt\system32\drivers\mbam.sys
2009-08-22 22:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 22:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-21 22:59 <DIR> --d----- c:\documents and settings\admin\.housecall6.6
2009-08-21 18:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2009-08-21 17:28 <DIR> --d----- c:\winnt\Globalization
2009-08-19 15:21 <DIR> --d----- c:\program files\NT Registry Optimizer
2009-08-19 15:07 <DIR> --d----- c:\docume~1\admin\applic~1\RoamDrive
2009-08-17 14:49 <DIR> --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-16 22:34 <DIR> --d----- C:\oldver
2009-08-15 16:35 <DIR> --dsh--- c:\documents and settings\admin\IECompatCache
2009-08-15 16:32 <DIR> --dsh--- c:\documents and settings\admin\PrivacIE
2009-08-15 16:30 <DIR> --dsh--- c:\documents and settings\admin\IETldCache
2009-08-15 13:47 <DIR> --d----- c:\winnt\ie8updates
2009-08-15 13:35 <DIR> -cd-h--- c:\winnt\ie8
2009-08-15 13:33 <DIR> --d-h--- c:\winnt\msdownld.tmp
2009-08-15 13:23 246,272 -c------ c:\winnt\system32\dllcache\ieproxy.dll
2009-08-15 13:23 12,800 -c------ c:\winnt\system32\dllcache\xpshims.dll
2009-08-15 13:21 101,376 -c------ c:\winnt\system32\dllcache\iecompat.dll
2009-08-14 14:26 <DIR> --d----- c:\docume~1\admin\applic~1\HouseCall 6.6
2009-08-11 21:39 <DIR> --d----- c:\documents and settings\admin\DoctorWeb
2009-08-11 11:59 244 a---h--- C:\sqmnoopt05.sqm
2009-08-11 11:59 232 a---h--- C:\sqmdata05.sqm
2009-08-10 21:27 25 a------- c:\winnt\cdplayer.ini
2009-08-09 19:25 0 a---h--- c:\winnt\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-09 16:09 54,156 a---h--- c:\winnt\QTFont.qfn
2009-08-09 16:09 1,409 a------- c:\winnt\QTFont.for
2009-08-09 09:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\71F
2009-08-09 08:51 <DIR> --d----- c:\docume~1\admin\applic~1\ICAClient
2009-08-09 08:49 <DIR> --d----- c:\docume~1\admin\applic~1\CoCreate
2009-08-08 22:26 483,328 a------- c:\winnt\system32\actskn45.ocx
2009-08-08 19:56 0 a---h--- c:\winnt\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-08 19:56 0 a---h--- c:\winnt\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-08 19:54 26,112 ac------ c:\winnt\system32\dllcache\usbser.sys
2009-08-08 19:54 26,112 a------- c:\winnt\system32\drivers\usbser.sys
2009-08-08 19:54 0 a---h--- c:\winnt\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-08 19:54 0 a---h--- c:\winnt\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-08 19:53 14,640 -------- c:\winnt\system32\spmsgXP_2k3.dll
2009-08-08 19:41 <DIR> --d----- c:\program files\common files\PCSuite
2009-08-08 19:40 <DIR> --d----- c:\program files\common files\Nokia
2009-08-08 19:40 18,816 a------- c:\winnt\system32\drivers\pccsmcfd.sys
2009-08-08 19:40 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-08-08 19:39 7,808 a------- c:\winnt\system32\drivers\usbser_lowerfltj.sys
2009-08-08 19:39 7,808 a------- c:\winnt\system32\drivers\usbser_lowerflt.sys
2009-08-08 19:39 22,016 a------- c:\winnt\system32\drivers\ccdcmbo.sys
2009-08-08 19:39 659,968 a------- c:\winnt\system32\nmwcdcocls.dll
2009-08-08 19:39 17,664 a------- c:\winnt\system32\drivers\ccdcmb.sys
2009-08-08 19:39 1,112,288 a------- c:\winnt\system32\wdfcoinstaller01007.dll
2009-08-08 19:17 0 a---h--- c:\winnt\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-08 09:41 114 a------- c:\winnt\wininit.ini
2009-08-07 20:18 120,056 -------- c:\winnt\system32\pxcpyi64.exe
2009-08-07 20:18 118,520 -------- c:\winnt\system32\pxinsi64.exe
2009-08-04 23:27 5,214 a------- c:\winnt\opera.ini
2009-08-04 22:00 <DIR> --d----- c:\program files\common files\SupportSoft
2009-08-04 21:58 <DIR> --d----- c:\program files\Etisalat
2009-08-04 21:41 2,702 a------- C:\WirelessDiagLog.csv
2009-08-04 20:22 155 a------- C:\version.ini
2009-08-04 20:21 21,425 a------- c:\winnt\system32\drivers\AegisP.sys
2009-08-04 20:16 <DIR> --d----- c:\docume~1\admin\applic~1\Intel
2009-08-03 17:44 <DIR> --d----- c:\docume~1\admin\applic~1\Canneverbe_Limited
2009-08-03 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-03 16:05 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-03 16:05 <DIR> --d----- c:\docume~1\admin\applic~1\SUPERAntiSpyware.com
2009-08-03 11:08 2,560 a------- c:\winnt\_MSRSTRT.EXE
2009-08-03 10:34 <DIR> --d----- c:\program files\Hotspot_Shield
2009-08-02 13:51 283,648 a------- c:\winnt\uninst.exe
2009-08-02 10:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-08-02 10:05 <DIR> --d----- c:\docume~1\admin\applic~1\Uniblue
2009-08-02 10:03 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-08-01 16:02 3,840 a------- c:\winnt\system32\drivers\BANTExt.sys
2009-08-01 15:29 53,248 a------- c:\winnt\system32\IoctlSvc.exe
2009-08-01 13:57 <DIR> --d----- c:\docume~1\admin\applic~1\Transcend
2009-07-31 17:04 <DIR> --d----- c:\program files\Mozilla Firefox 3 Beta 5
2009-07-31 01:46 <DIR> --d----- c:\program files\ATI Technologies
2009-07-31 01:46 <DIR> --d----- c:\program files\common files\Siemens
2009-07-31 01:41 <DIR> --d----- C:\ATI
2009-07-30 19:13 <DIR> --d----- c:\program files\Belarc
2009-07-30 15:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel(3)
2009-07-30 15:24 <DIR> --d----- c:\docume~1\admin\applic~1\Intel(3)
2009-07-30 14:11 <DIR> --d----- c:\winnt\pss
2009-07-29 23:26 <DIR> --d----- C:\Hotspot Shield
2009-07-29 23:25 <DIR> --d----- c:\program files\Hotspot Shield
2009-07-29 23:23 <DIR> --d----- c:\docume~1\admin\applic~1\MiniDm
2009-07-29 21:42 <DIR> --d----- c:\program files\IEPro

==================== Find3M ====================

2009-08-26 07:27 2,484 a------- c:\winnt\bthservsdp.dat
2009-07-24 22:44 23,552 a------- c:\winnt\xlkfs.dll
2009-07-22 23:13 28,592 a------- c:\winnt\system32\drivers\tap0901.sys
2009-07-03 21:09 915,456 a------- c:\winnt\system32\wininet.dll
2009-07-02 06:34 33,840 a------- c:\winnt\system32\drivers\hssdrv.sys
2007-01-25 16:38 457 ac------ c:\program files\INSTALL.LOG

============= FINISH: 12:28:20.92 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/26 12:40
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINNT\System32\Drivers\dump_atapi.sys
Address: 0xF4A04000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINNT\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BE3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINNT\system32\drivers\rootrepeal.sys
Address: 0xF28AE000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\admin\Recent\Formats (2).lnk
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\admin\local settings\temp\etilqs_kiv0znmumllqkftzwu92
Status: Allocation size mismatch (API: 16384, Raw: 8192)

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\sinhamay\Local Settings\Apps\2.0\AT7KCKMY.M58\GRM2K06A.L77\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\sinhamay\Local Settings\Apps\2.0\AT7KCKMY.M58\GRM2K06A.L77\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf6093df0

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 mayank240

mayank240
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 06 September 2009 - 01:24 PM

Hi,After some work i have identified the cause and i have started topic in the forum below:
http://www.bleepingcomputer.com/forums/t/255545/svchostexe-eats-up-my-cpu/

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:46 AM

Posted 10 September 2009 - 08:45 AM

Thank you for letting us know. I see in your other topic that the problem has been resolved. I'm glad that your computer problems have been fixed. Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users