Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU Usage 100%


  • Please log in to reply
7 replies to this topic

#1 financeyoda

financeyoda

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 30 December 2012 - 09:27 AM

http://www.bleepingcomputer.com/forums/topic477718.html/page__p__2915410#entry2915410

BC AdBot (Login to Remove)

 


#2 caperjac

caperjac

  • Members
  • 1,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NS. CAN
  • Local time:06:54 PM

Posted 30 December 2012 - 11:42 AM

hi,looks like you didn't fininsh the cleanup suggested ,also i think you should expalin the problem you are having ,cant expect everyone to want to go to the link and read every post to try and find out what problem you are experienceing .

My answers are my opinion only,usually


#3 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 30 December 2012 - 11:56 AM

What didn't I finish? I was instructed to post the link in the Windows 7 forum. My pc is running at 100% cpu usage from start up. I put that as the title of the post to be as clear as possible because I don't
know what the issue is.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,873 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:54 PM

Posted 30 December 2012 - 12:56 PM

http://www.bleepingcomputer.com/forums/topic477718.html/page__view__findpost__p__2933407

Did you do as suggested?

What are you looking at...when you see this 100% usage that you cite?

What process in Task Manager...is using the CPU the most...and what is the current noted percent?

Louis

#5 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 31 December 2012 - 11:33 AM

I completed the 2 scans that were requested of me. I did not save the files thinking they would be there when the system re-booted. OTL is no longer on the pc which means the recent files have no save location. I had no
idea OTL was getting deleted.

Windows task manager is showing 100%.

Explorer.exe is what is running 90-100% from start up

#6 MDTechService

MDTechService

  • Members
  • 303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryland
  • Local time:04:54 PM

Posted 31 December 2012 - 03:08 PM

Microsoft Security Essentials isn't exactly a top choice anymore. It looked good when it came out, but the latest independent reports indicated that it is quite poor at detecting zero-day infections (64% vs industry average 89%). It also has below average scores in detecting recently new threats (2-3 months) and comprehensive removal.

You would be better suited to use AVG or Avira if you are looking for a free option.

This still seems more malware than anything.

Edit: this probably seems out of context now. I was responding to a previous reply which has since been deleted

Edited by MDTechService, 31 December 2012 - 07:13 PM.

If I am helping you and I haven't replied to your thread in 3 days, please PM me or bump it

Mike D, BS, A+, HPSP, MCTS
I <3 Linux
The Airline Open source airline simulation game
Check the power cable to the wall first!

#7 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 31 December 2012 - 05:45 PM

? :dance:

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#8 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 05 January 2013 - 12:52 PM

ComboFix 13-01-04.03 - Franklin Inc 01/04/2013 15:53:53.17.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1791.626 [GMT -8:00]
Running from: c:\users\Franklin Inc\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Franklin Inc\Documents\~WRL3968.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))
.
.
2013-01-05 16:09 . 2013-01-05 16:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-05 16:09 . 2013-01-05 16:09 -------- d-----w- c:\users\Franklin Inc\AppData\Local\temp
2013-01-05 16:09 . 2013-01-05 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 19:42 . 2013-01-04 19:42 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBF993A-ADE7-442F-9675-9AC04374D0E2}\offreg.dll
2013-01-04 07:35 . 2013-01-04 07:39 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-01-04 07:33 . 2013-01-04 07:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-29 20:58 . 2012-12-29 20:58 -------- d-----w- c:\users\Mcx1-FRANKLININC-PC
2012-12-29 20:55 . 2012-12-29 20:55 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-29 20:55 . 2012-12-29 20:55 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-29 20:55 . 2012-12-29 20:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-29 20:55 . 2012-12-29 20:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-27 00:23 . 2012-12-27 00:23 -------- d-----w- c:\program files\Common Files\Adobe
2012-12-26 23:59 . 2012-12-26 23:59 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-12-24 23:18 . 2012-12-24 23:18 -------- d-----w- c:\program files\ESET
2012-12-20 18:44 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-12-20 18:44 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-12-20 18:44 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-12-20 18:44 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-12-20 18:43 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-20 18:43 . 2012-10-30 23:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-12-20 18:42 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-12-20 18:42 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-07 13:09 . 2012-12-07 13:08 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 22:58 . 2012-08-19 16:26 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-04 22:58 . 2012-08-19 16:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-07 13:08 . 2012-09-19 22:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-07 13:08 . 2012-08-16 15:13 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-19 14:50 . 2012-11-19 14:50 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-11-08 18:00 . 2012-12-01 14:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBF993A-ADE7-442F-9675-9AC04374D0E2}\mpengine.dll
2012-10-08 17:05 . 2012-10-08 17:05 604672 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2012-10-08 17:05 . 2012-10-26 19:14 225792 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2012-10-08 17:05 . 2012-10-08 17:05 118784 ----a-w- c:\windows\system32\EKIJCOINST13.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RescueTime.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
backup=c:\windows\pss\RescueTime.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-24 04:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
c:\windows\system32\conime.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2012-10-08 17:05 2804224 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor]
2012-10-15 18:58 2844608 ----a-w- c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2012-07-23 17:20 2908536 ----a-w- c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 11:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-10-24 04:37 1193176 ----a-w- c:\users\Franklin Inc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 23:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R1 SASKUTIL;SASKUTIL;c:\users\FRANKL~1\AppData\Local\Temp\SASKUTIL.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\windows.old\Program Files\SUPERAntiSpyware\SASCORE.EXE [x]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]
R4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 22:59]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 09:25]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 09:25]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002Core.job
- c:\users\Franklin Inc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:21]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002UA.job
- c:\users\Franklin Inc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-05 08:11:54
ComboFix-quarantined-files.txt 2013-01-05 16:11
ComboFix2.txt 2012-12-31 20:42
.
Pre-Run: 27,327,664,128 bytes free
Post-Run: 27,180,724,224 bytes free
.
- - End Of File - - 9AD7F5652231FEE83B038A3318DCAC46




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users