Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Consisten CPU Usage spike_Hidden Startup Item?

Started by tscho2 , Nov 05 2006 11:27 AM

  • Please log in to reply

#1
tscho2
Posted 05 November 2006 - 11:27 AM

tscho2

    New Member

  • Member
  • Pip
  • 1 posts
Once every 5 seonds my CPU Usage spikes to 78% freezing everything up for half a second. Id rather chew glass than rebuild my machine from scratch.

This occurs on both XP_S1 as well SP2, with or without the minimal processes running under a Diagnostic Startup. I have multiple OS's installed on partitioned harddrives and it happens on both. Im good about donwloading most recent XP updates. I also did a fresh install of XP on one of the partitions and it still occurs.

Below are logs from HiJackThis, AVG Anti-Spyware, and ActiveScan. Im clueless when it comes to malware so Id appreciate any feedback.



----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:08:42 PM, on 11/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
H:\Program Files\Analog Devices\SoundMAX\Smax4.exe
H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
H:\WINDOWS\System32\igfxtray.exe
H:\WINDOWS\System32\hkcmd.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
H:\WINDOWS\System32\ctfmon.exe
H:\Program Files\Messenger\MSMSGS.EXE
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
H:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
H:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Tablet.exe
H:\WINDOWS\system32\WTablet\TabUserW.exe
H:\WINDOWS\System32\WgaTray.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\Tom\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - H:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] H:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [IgfxTray] H:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] H:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = H:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://H:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1148169679781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148169672781
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://H:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - H:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - H:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - H:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - H:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - H:\WINDOWS\system32\Tablet.exe



-------------------------------------------------------

Incident Status Location

Adware:Adware/PestTrap Not disinfected C:\ann.exe
Adware:Adware/PestTrap Not disinfected C:\Program Files\Internet Explorer\cbqetoru.exe
Adware:Adware/PestTrap Not disinfected C:\Program Files\Internet Explorer\vbsvmvgc.exe
Adware:Adware/PestTrap Not disinfected C:\Program Files\Internet Explorer\wsrnitjn.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\PestTrap\heur000.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\PestTrap\heur001.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\PestTrap\heur002.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\PestTrap\heur003.dll
Potentially unwanted tool:Application/PestTrap Not disinfected C:\Program Files\PestTrap\PestTrap.exe
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-602162358-1606980848-725345543-1004\Dc1\cmctl.dll
Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-602162358-1606980848-725345543-1004\Dc1\xml_istbar.xml
Adware:Adware/PestTrap Not disinfected C:\winstall.exe
Spyware:Cookie/2o7 Not disinfected H:\Documents and Settings\Tom\Cookies\tom@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected H:\Documents and Settings\Tom\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected H:\Documents and Settings\Tom\Cookies\tom@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected H:\Documents and Settings\Tom\Cookies\tom@adrevolver[3].txt
Spyware:Cookie/Advertising Not disinfected H:\Documents and Settings\Tom\Cookies\tom@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected H:\Documents and Settings\Tom\Cookies\tom@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected H:\Documents and Settings\Tom\Cookies\tom@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Tom\Cookies\tom@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected H:\Documents and Settings\Tom\Cookies\tom@casalemedia[1].txt
Spyware:Cookie/Bridgetrack Not disinfected H:\Documents and Settings\Tom\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Tom\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected H:\Documents and Settings\Tom\Cookies\tom@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected H:\Documents and Settings\Tom\Cookies\tom@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected H:\Documents and Settings\Tom\Cookies\tom@overture[1].txt
Spyware:Cookie/Overture Not disinfected H:\Documents and Settings\Tom\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected H:\Documents and Settings\Tom\Cookies\tom@questionmarket[2].txt
Spyware:Cookie/Statcounter Not disinfected H:\Documents and Settings\Tom\Cookies\tom@statcounter[2].txt
Spyware:Cookie/Tribalfusion Not disinfected H:\Documents and Settings\Tom\Cookies\tom@tribalfusion[1].txt
Spyware:Cookie/Adserver Not disinfected H:\Documents and Settings\Tom\Cookies\[email protected][1].txt






---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:39:14 PM 11/4/2006

+ Scan result:



C:\RECYCLER\S-1-5-21-602162358-1606980848-725345543-1004\Dc1\cmctl.dll -> Adware.AdMir : Ignored.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
C:\Program Files\PestTrap\PestTrap.exe -> Adware.PestTrap : Ignored.
C:\Program Files\PestTrap\base.avd -> Adware.Pesttrap : Ignored.
C:\Program Files\PestTrap\base001.avd -> Adware.Pesttrap : Ignored.
C:\Program Files\PestTrap\heur001.dll -> Adware.SearchAssistant : Ignored.
C:\Program Files\PestTrap\heur002.dll -> Adware.SearchAssistant : Ignored.
C:\Program Files\PestTrap\heur003.dll -> Adware.SearchAssistant : Ignored.
C:\Program Files\Internet Explorer\cbqetoru.exe -> Downloader.Small.cpg : Ignored.
C:\Program Files\Internet Explorer\vbsvmvgc.exe -> Downloader.Small.cpg : Ignored.
C:\Program Files\Internet Explorer\wsrnitjn.exe -> Downloader.Small.cpg : Ignored.
C:\System Volume Information\_restore{EE7A9880-FB33-454E-9362-4457AA986595}\RP112\A0024013.exe -> Downloader.Small.cpg : Ignored.
C:\System Volume Information\_restore{EE7A9880-FB33-454E-9362-4457AA986595}\RP112\A0024024.exe -> Downloader.Small.cpg : Ignored.
C:\System Volume Information\_restore{EE7A9880-FB33-454E-9362-4457AA986595}\RP112\A0024025.exe -> Downloader.Small.cpg : Ignored.
C:\ann.exe -> Downloader.Small.cpg : Ignored.
C:\winstall.exe -> Downloader.Small.cpg : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@2o7[1].txt -> TrackingCookie.2o7 : Ignored.
H:\Documents and Settings\Tom\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored.
H:\Documents and Settings\Tom\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignored.
H:\Documents and Settings\Tom\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@advertising[2].txt -> TrackingCookie.Advertising : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
H:\Documents and Settings\Tom\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
H:\Documents and Settings\Tom\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Ignored.
H:\Documents and Settings\Tom\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
H:\Documents and Settings\Tom\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@overture[1].txt -> TrackingCookie.Overture : Ignored.
H:\Documents and Settings\Tom\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored.
H:\Documents and Settings\Tom\Cookies\tom@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored.
H:\Documents and Settings\Tom\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Ignored.


::Report end
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP