Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus yet


  • Please log in to reply
7 replies to this topic

#1 gga74

gga74

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 04 September 2015 - 08:37 PM

My cpu rises to 99%...and my disk 100%...and meory goes high too. I tried all tools to detect anything but alot were removed...but it still says those reading in Task Manager...anny one know what might be the cause?


Edited by Chris Cosgrove, 09 September 2015 - 05:30 PM.
Moved from Win 8 to Win 7 following Speccy report


BC AdBot (Login to Remove)

 


#2 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:17 PM

Posted 05 September 2015 - 06:27 PM

First of all - wlecome to BC !

 

Can you run a couple of test and reports please. The first is MiniToolbox :-

 

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.

 

The second is 'Speccy'.

 

Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.                                                                                                                                  

(Thanks, Hamluis)

 

This will help to determine whether or not you have a malware problem. Once you supply this information it can be determined if your topic should be moved or not.

 

Chris Cosgrove


Edited by Chris Cosgrove, 05 September 2015 - 06:27 PM.
Welcome


#3 gga74

gga74
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 08 September 2015 - 06:52 PM

http://speccy.piriform.com/results/bgIkVqjEjOVTkDfyVbSMoNFMiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Default (administrator) on 08-09-2015 at 19:13:40
Running from "C:\Users\Default.Compaq\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFABTQ3G"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Model: Presario V5000 (RG324UA#ABA) Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/08/2015 12:30:01 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (09/08/2015 12:30:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.

Operation:
   Instantiating VSS server

Error: (09/08/2015 12:30:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]

Operation:
   Instantiating VSS server

Error: (09/08/2015 01:17:26 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bd8

Start Time: 01d0e9f4a564cd92

Termination Time: 4969

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (09/07/2015 11:28:31 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -550.

Error: (09/07/2015 10:05:45 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\IObit\Driver Booster\DriverBooster.exe Files\IObit\Driver Booster\DriverBooster.exe"  /skipuac; Description = Driver Booster : ATI I/O Communications Processor SMBus Controller; Error = 0x8007043c).

Error: (08/27/2015 05:30:39 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1314

Start Time: 01d0e0e037c3f9cb

Termination Time: 125

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/26/2015 01:52:51 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b14

Start Time: 01d0e013e3b14f09

Termination Time: 2513

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/26/2015 11:28:42 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 28c

Start Time: 01d0df55bf48246d

Termination Time: 310

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/25/2015 12:47:36 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16545 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11e0

Start Time: 01d0df558de8fa35

Termination Time: 719

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

System errors:
=============
Error: (09/08/2015 07:07:05 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{22104CB2-5B3A-4223-B9C3-DD6E303B35CC} because another computer on the network has the same name.  The server could not start.

Error: (09/08/2015 06:22:37 PM) (Source: R300) (User: )
Description: I2c return failed

Error: (09/08/2015 06:22:37 PM) (Source: R300) (User: )
Description: I2c return failed

Error: (09/08/2015 05:51:12 PM) (Source: R300) (User: )
Description: I2c return failed

Error: (09/08/2015 05:51:12 PM) (Source: R300) (User: )
Description: I2c return failed

Error: (09/08/2015 05:50:00 PM) (Source: Service Control Manager) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/08/2015 05:42:27 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (09/08/2015 05:34:21 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/08/2015 05:24:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (09/08/2015 05:23:20 PM) (Source: R300) (User: )
Description: I2c return failed

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Conexant AC-Link Audio (HKLM\...\CNXT_AUDIO) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.13 - Google Inc.) Hidden
HP ENVY 5530 series Basic Device Software (HKLM\...\{34294ACC-18BE-4916-B2C8-125B742DBD31}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
QLBCASL (HKLM\...\{F1D7AC58-554A-4A58-B784-B61558B1449A}) (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 1502.24 MB
Available physical RAM: 700.18 MB
Total Virtual: 3004.48 MB
Available Virtual: 2137.31 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:85.18 GB) NTFS

========================= Users: ========================================

User accounts for \\COMPAQ

Administrator            Default                  Guest                   

**** End of log ****



#4 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:17 PM

Posted 09 September 2015 - 06:13 PM

Thank you for the reports. You said in your first post -

 

 

I tried all tools to detect anything but a lot were removed

 

Could you tell me what you tried, and were they removed by you ?  I see a reference in Mini Toolbox to 'Combofix' but it is not listed in your list of software, in fact I have to say that your list of installed applications is one of the shortest I have ever seen.

 

With regards to Internet Explorer (IE) you seem to be running v9, the current version for Win 7 is v11 and you should update this. And while we are on the subject of IE, get rid of the Google toolbar !

 

You have an unusual RAM configuration. Normally I would expect to find two sticks of equal size and from the same manufacturer but they do both seem to be working.

 

Please post back and tell me what you tried.

 

Chris Cosgrove



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,371 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:17 AM

Posted 10 September 2015 - 07:35 AM

You have the firewall disabled, I would suggest turning it back on.

 

You also have Windows updates disabled, you really need to enable this.  There are important updates which you should have installed.  If you are concerned about installing updates because of problems Microsoft has created by releasing update that are problematic you can use the option to download the updates but not install them.  This way you can do a search on the updates to see if there are any known problems associated with them before installing the updates.  You can select these update individually.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 10 September 2015 - 10:38 PM

 
C4
Attribute name: 
Reallocation Event Count
Real value: 112
Current: 100
Worst: 100
Threshold: 0
Raw Value: 0000000070
Status: Good
 
C5
Attribute name: 
Current Pending Sector Count
Real value: 
31
Current: 
100
Worst: 
100
Threshold: 0
Raw Value: 000000001F
Status: Good

 

There is a pending value of faulty sectors on your hard drive which means they may be corrected or NOT. I would start backing up your data immediately then run a checkdisk repair after.

Tekken
 


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,371 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:17 AM

Posted 11 September 2015 - 07:18 AM

Instructions for running chkdsk /r.

 
Chkdsk /r checks for bad sectors on the hdd and recovers any readable information.
 
Click on the Start orb rsz_1rsz_1rsz_start_orb_zpshjewtibd.png, then type in cmd in the Search programs and files box.  When cmd is seen in Programs above the Search box right click on it, then click on Run as administrator.
 
You will see a screen similar to the one below.
 
Screenshot2.jpg
 
Copy and paste chkdsk c: /r in the command prompt, then press Enter.  color=red]Please note[/color]:  If this is a SSD, do not run the /r switch, use the /f switch.  (chkdsk c: /r).
 
You will receieve the message "CHKDSK cannot be run because it is in use by another process.  Would you like to schedule this volume to be checked the next time the system restarts?  <Y/N>".
 
Type in Y and press [b]Enter.
 
Restart your computer to start the scan.
 
This will take a while to run, please be patient and allow it to complete the scan.
 
When the scan is finished please download and run ListChkdskResult.
 
This will open Notepad with the results of the chkdsk scan.  Please copy and then paste this log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,411 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:17 PM

Posted 11 September 2015 - 11:46 AM

OP has 1.5GB RAM and employs Chrome.  Those two aspects should present plenty of opportunities for error messages, IMO.

 

When you add in the AV, MS Office, and toolbars...and throw in programs like Driver Booster and who knows what else has now been removed...I have created a recipe for the system being maxed out quite often, IMO.

 

Your firewall reflects a disabled status, yet the Windows firewall is reflected as a running service...adding to my confusion.

 

Louis


Edited by hamluis, 11 September 2015 - 11:58 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users