Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extreme CPU Usage


  • This topic is locked This topic is locked
2 replies to this topic

#1 msofta

msofta

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 11 February 2011 - 04:12 AM

Hi... I'm having a problem with my computer for about a week. It's extremely slow and when I check the CPU usage, I see that it sometimes becomes even %100 even though I'm using only the internet browser at that moment. Now, I used Combofix and the problem seems to be gone since then, i mean the computer's working normally, but still the cpu usage might get pretty high from time to time. Oh and there's one more thing; when i try to shut down my computer, it says "u should close following programs first", but there is no program shown in the 'following'.

Edit: The problem's back, but it's not there all the time now.

Here's some information about my computer:
LG Netbook X140
Windows 7 Starter
1.67 GHz, 2.00 GB RAM

And here's the log file from the Combofix process:

Thanks for your help.


ComboFix 11-02-09.05 - Melike 11.02.2011 10:38:21.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1254.90.1055.18.2036.1361 [GMT 2:00]
Running from: c:\users\Melike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe
c:\windows\system32\w_madriver.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
.

2011-02-11 08:48 . 2011-02-11 08:49 -------- d-----w- c:\users\Melike\AppData\Local\temp
2011-02-11 08:48 . 2011-02-11 08:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-09 20:03 . 2011-02-09 20:03 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
2011-02-09 11:33 . 2010-12-18 04:20 386048 ----a-w- c:\windows\system32\html.iec
2011-02-09 11:33 . 2010-12-18 03:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-09 11:12 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 11:12 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-08 17:35 . 2011-02-08 17:35 -------- d-----w- c:\program files\Sestek
2011-02-05 11:12 . 2011-02-05 11:12 -------- d-----w- c:\program files\AP Tuner
2011-02-04 15:18 . 2011-02-04 15:18 -------- d-----w- c:\program files\Common Files\Java
2011-02-04 15:17 . 2011-02-04 15:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-04 15:16 . 2011-02-04 15:16 -------- d-----w- c:\program files\Java
2011-02-04 14:21 . 2011-02-04 14:21 -------- d-----w- c:\programdata\CrypKey
2011-02-04 14:20 . 2011-02-04 14:20 -------- d-----w- C:\My Music
2011-02-04 14:17 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys
2011-02-04 14:17 . 2007-05-23 17:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
2011-02-04 14:17 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
2011-02-04 14:17 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2011-02-04 14:17 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
2011-02-04 14:17 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
2011-02-04 14:17 . 2011-02-04 14:17 -------- d-----w- c:\programdata\InstallShield
2011-02-04 14:16 . 2002-07-09 20:42 140288 ----a-w- c:\windows\system32\Comdlg32.ocx
2011-02-04 14:16 . 2002-06-13 11:50 376832 ----a-w- c:\windows\system32\actskin4.ocx
2011-02-04 14:16 . 2000-08-21 09:22 1388544 ----a-w- c:\windows\system32\temp.000
2011-01-27 19:38 . 2011-01-27 19:38 -------- d-----w- c:\program files\MSXML 4.0
2011-01-27 08:25 . 2011-01-27 08:25 -------- d-----w- c:\users\Melike\AppData\Roaming\Microsoft Games
2011-01-27 08:24 . 2011-02-03 20:42 -------- d-----w- c:\program files\GameSpy Arcade
2011-01-27 07:02 . 2011-02-09 17:17 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-01-27 07:01 . 2011-01-28 06:10 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-01-27 07:01 . 2011-01-27 08:14 -------- d-----w- c:\users\Melike\AppData\Roaming\DAEMON Tools Lite
2011-01-20 10:01 . 2011-01-20 10:01 -------- d-----w- c:\program files\URUSoft
2011-01-20 09:23 . 2011-01-20 09:23 -------- d-----w- C:\$AVG
2011-01-20 09:15 . 2011-01-20 09:16 -------- d-----w- c:\program files\Common Files\ArmDic
2011-01-20 09:11 . 2011-01-20 09:13 -------- d-----w- c:\program files\Flash SWF to GIF AVI Converter
2011-01-20 08:57 . 2011-01-20 09:10 -------- d-----w- c:\program files\AVI-GIF
2011-01-20 08:52 . 2011-01-20 08:52 -------- d-----w- c:\users\Melike\AppData\Roaming\WinAVI
2011-01-20 08:52 . 2011-01-20 08:52 -------- d-----w- c:\users\Melike\AppData\Local\WinAVI
2011-01-20 08:51 . 2011-01-22 10:49 -------- d-----w- c:\program files\All in One Converter
2011-01-18 16:14 . 2011-01-18 16:14 -------- d-----w- c:\users\Melike\AppData\Roaming\DVDVideoSoftIEHelpers
2011-01-18 16:13 . 2011-01-18 16:14 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-18 16:13 . 2011-01-18 16:13 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-18 14:56 . 2011-01-18 14:56 -------- d-----w- c:\users\Melike\AppData\Local\Adobe
2011-01-18 14:53 . 2011-01-18 14:53 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-13 18:30 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-13 18:30 . 2010-11-02 04:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-01-13 18:30 . 2010-11-02 04:41 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-13 18:30 . 2010-11-02 04:36 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 18:30 . 2010-11-02 04:35 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-01-13 18:30 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-13 18:30 . 2010-11-02 04:41 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-13 18:30 . 2010-11-02 04:35 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-13 18:30 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-01-13 18:30 . 2010-11-02 04:41 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-13 18:30 . 2010-11-02 04:35 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-13 18:30 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-01-13 17:25 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-13 17:25 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-13 17:25 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-13 17:25 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-13 17:25 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-16 10:01 . 2011-01-08 17:04 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28C7D612-D18B-46B8-9D5D-44FD2B8275B1}\mpengine.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Melike\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-08 136176]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-10 396152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LGSR_Menu"="c:\program files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"zOSD"="c:\program files\LG Software\LG OSD\HotKey.exe" [2010-01-07 3646976]
"KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2010-01-07 3646976]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2010-01-26 312688]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-01 8120864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-22 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 gupdate;Google Güncelleme Hizmeti (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 25480]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-04 171520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-02-01 257568]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-06-04 81704]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-07 323584]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-11-04 862208]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - Avgldx86

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 17:21]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 17:21]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3460066226-3740281318-3192478205-1000Core.job
- c:\users\Melike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 17:21]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3460066226-3740281318-3192478205-1000UA.job
- c:\users\Melike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 17:21]
.
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Melike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-LG Magnifier - %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-11 10:52:50
ComboFix-quarantined-files.txt 2011-02-11 08:52

Pre-Run: 56.250.437.632 bayt boş
Post-Run: 56.469.782.528 bayt boş

- - End Of File - - 9A365D7B756CEE3288EB5CBFCFCB7B91

Edited by msofta, 11 February 2011 - 05:37 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:12 PM

Posted 17 February 2011 - 08:42 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:12 PM

Posted 23 February 2011 - 08:35 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users