Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Netbook's CPU usage is 100%when idle and too slow!


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,063 posts
  • MVP
Just run it. Click on View, Update Speed, Paused. This will stop it from jumping around. Now find System and right click on it and select Properties. Click on Threads. Do any of them show anything in the CPU column?
  • 0

Advertisements


#17
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi
I scanned it and this is the log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 20:41:28
-----------------------------
20:41:28.968 OS Version: Windows 5.1.2600 Service Pack 3
20:41:28.984 Number of processors: 2 586 0x1C02
20:41:28.984 ComputerName: COMPUTER_1 UserName:
20:41:30.203 Initialize success
20:41:53.359 AVAST engine defs: 11110500
20:42:15.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:42:15.078 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
20:42:17.171 Disk 0 MBR read successfully
20:42:17.187 Disk 0 MBR scan
20:42:17.234 Disk 0 Windows XP default MBR code
20:42:17.281 Disk 0 scanning sectors +312576705
20:42:17.359 Disk 0 scanning C:\WINDOWS\system32\drivers
20:42:35.765 Service scanning
20:42:40.937 Modules scanning
20:42:49.843 AVAST engine scan C:\
21:21:55.921 File: C:\Program Files\IDT\WDM\AESTFl64.exe **INFECTED** Win64:Vitro
21:21:56.265 File: C:\Program Files\IDT\WDM\AESTFltr.exe **INFECTED** Win32:Vitro
21:21:57.500 File: C:\Program Files\IDT\WDM\stacsv.exe **INFECTED** Win32:Vitro
21:21:57.750 File: C:\Program Files\IDT\WDM\stacsv64.exe **INFECTED** Win64:Vitro
21:22:04.078 File: C:\Program Files\IDT\WDM\sttray.exe **INFECTED** Win32:Vitro
21:22:04.265 File: C:\Program Files\IDT\WDM\sttray64.exe **INFECTED** Win64:Vitro
23:00:49.671 File: C:\WINDOWS\sttray.exe **INFECTED** Win32:Vitro
23:01:09.859 File: C:\WINDOWS\system32\AESTFltr.exe **INFECTED** Win32:Vitro
23:01:16.484 File: C:\WINDOWS\system32\Atheros_L1e\DriUpdate32.exe **INFECTED** Win32:Vitro
23:24:36.828 File: C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxext.exe **INFECTED** Win32:Vitro
23:24:48.234 File: C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxsrvc.exe **INFECTED** Win32:Vitro
23:26:26.781 File: C:\WINDOWS\system32\igfxext.exe **INFECTED** Win32:Vitro
23:26:36.890 File: C:\WINDOWS\system32\igfxsrvc.exe **INFECTED** Win32:Vitro
23:46:53.625 File: C:\WINDOWS\system32\stacsv.exe **INFECTED** Win32:Vitro
23:57:49.250 Scan finished successfully
00:03:11.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
00:03:11.546 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR2.txt"
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,063 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:files
C:\Program Files\IDT
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\Atheros_L1e\DriUpdate32.exe
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxext.exe 
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\stacsv.exe
     
:Commands
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Run aswmbr again just like you just did and let's see if it still finds Vitro.

Ron
  • 0

#19
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi
I have finished running ESET and this the log
C:\WINDOWS\system32\Atheros_L1e\DriUpdate32.exe Win32/Virut.NBP virus cleaned - quarantined
D:\My Documents\Downloads\Programs\Www.lady69 2010.exe a variant of Win32/Adware.WinPump.G application cleaned by deleting - quarantined
D:\Programs\cnet_AvaFind_EXE.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined



Now i will run the OTL.
  • 0

#20
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
this is the OTL log
========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\Program Files\IDT\WDM folder moved successfully.
C:\Program Files\IDT\OEMSkin folder moved successfully.
C:\Program Files\IDT\HDAQFE\xpsp2\us folder moved successfully.
C:\Program Files\IDT\HDAQFE\xpsp2 folder moved successfully.
C:\Program Files\IDT\HDAQFE\xpsp1\us folder moved successfully.
C:\Program Files\IDT\HDAQFE\xpsp1 folder moved successfully.
C:\Program Files\IDT\HDAQFE\win2k_xp\us folder moved successfully.
C:\Program Files\IDT\HDAQFE\win2k_xp folder moved successfully.
C:\Program Files\IDT\HDAQFE\win2ksp4\us folder moved successfully.
C:\Program Files\IDT\HDAQFE\win2ksp4 folder moved successfully.
C:\Program Files\IDT\HDAQFE\win2k3\us folder moved successfully.
C:\Program Files\IDT\HDAQFE\win2k3\jpn folder moved successfully.
C:\Program Files\IDT\HDAQFE\win2k3 folder moved successfully.
C:\Program Files\IDT\HDAQFE\srvsp1\us folder moved successfully.
C:\Program Files\IDT\HDAQFE\srvsp1 folder moved successfully.
C:\Program Files\IDT\HDAQFE\srvrtm\us folder moved successfully.
C:\Program Files\IDT\HDAQFE\srvrtm folder moved successfully.
C:\Program Files\IDT\HDAQFE folder moved successfully.
C:\Program Files\IDT folder moved successfully.
C:\WINDOWS\sttray.exe moved successfully.
C:\WINDOWS\system32\AESTFltr.exe moved successfully.
C:\WINDOWS\system32\Atheros_L1e\DriUpdate32.exe moved successfully.
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxext.exe moved successfully.
C:\WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxsrvc.exe moved successfully.
C:\WINDOWS\system32\igfxext.exe moved successfully.
C:\WINDOWS\system32\stacsv.exe moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11062011_073354
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,063 posts
  • MVP
Can you run aswMBR again? Make sure you set the a-v scan to C:\
  • 0

#22
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi
it appears not yet. this is the log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-06 07:38:43
-----------------------------
07:38:43.640 OS Version: Windows 5.1.2600 Service Pack 3
07:38:43.640 Number of processors: 2 586 0x1C02
07:38:43.640 ComputerName: COMPUTER_1 UserName:
07:38:44.203 Initialize success
07:39:04.750 AVAST engine defs: 11110500
07:39:45.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:39:45.828 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
07:39:47.890 Disk 0 MBR read successfully
07:39:47.906 Disk 0 MBR scan
07:39:47.953 Disk 0 Windows XP default MBR code
07:39:47.984 Disk 0 scanning sectors +312576705
07:39:48.062 Disk 0 scanning C:\WINDOWS\system32\drivers
07:40:02.296 Service scanning
07:40:07.171 Modules scanning
07:40:17.093 AVAST engine scan C:\
08:45:40.546 File: C:\System Volume Information\_restore{754B0B8F-CB54-493E-80DB-AB9838F2E439}\RP2\A0005227.exe **INFECTED** Win32:Vitro
09:15:28.968 File: C:\WINDOWS\system32\igfxsrvc.exe **INFECTED** Win32:Vitro
09:25:08.906 File: C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\AESTFl64.exe **INFECTED** Win64:Vitro
09:25:10.296 File: C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\AESTFltr.exe **INFECTED** Win32:Vitro
09:25:11.968 File: C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\stacsv.exe **INFECTED** Win32:Vitro
09:25:12.359 File: C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\stacsv64.exe **INFECTED** Win64:Vitro
09:25:18.968 File: C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\sttray.exe **INFECTED** Win32:Vitro
09:25:19.312 File: C:\_OTL\MovedFiles\11062011_073354\C_Program Files\IDT\WDM\sttray64.exe **INFECTED** Win64:Vitro
09:25:20.312 File: C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\sttray.exe **INFECTED** Win32:Vitro
09:25:20.734 File: C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\AESTFltr.exe **INFECTED** Win32:Vitro
09:25:21.156 File: C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\Atheros_L1e\DriUpdate32.exe **INFECTED** Win32:Vitro
09:25:21.500 File: C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxext.exe **INFECTED** Win32:Vitro
09:25:21.781 File: C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\DRVSTORE\kit13056_65C27B76837EEBC0B54E44D12ECE965DC870DE93\igfxsrvc.exe **INFECTED** Win32:Vitro
09:25:22.046 File: C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\igfxext.exe **INFECTED** Win32:Vitro
09:25:22.328 File: C:\_OTL\MovedFiles\11062011_073354\C_WINDOWS\system32\stacsv.exe **INFECTED** Win32:Vitro
09:25:22.468 Scan finished successfully
09:37:48.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
09:37:48.593 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR3.txt"
  • 0

#23
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
i have also run the process explorer and followed your instructions. there is nothing at the CPU column.
Regards
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,063 posts
  • MVP
No, things are actually looking better since the only vitro is in c:\_OTL\ and in your System Restore plus one more. Let's clean out System Restore and get rid of the last one.
Let's see if we can get rid of the one first:

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:Files
C:\WINDOWS\system32\igfxsrvc.exe

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply. If that goes well then then let's clear system restore:



Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

I don't think it will even need to reboot for this one.

run aswmbr again with the a-v set to c:\ and let's see how we did.

Ron
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,063 posts
  • MVP
It's past midnight here so I'm going to have to go to bed. If Kaspersky is updating see if you can get it to do a full scan. If it is not working then:


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Kaspersky (save the license key as I assume you have paid for it and it is one of the better anti-viruses so you probably want to reinstall it when we are done.)

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Once you have it installed and it has updated,
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt
if you can find it then copy and paste it into a reply.

Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. Run Process Explorer and look at the CPU usage for Services. If it has dropped to almost nothing then go back and turn on about half of the items each
time (and reboot) until you find the culprit. IF it makes no difference then go back in and check everything and reboot.

Ron
  • 0

Advertisements


#26
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
This is the first log

========== PROCESSES ==========
All processes killed
========== FILES ==========
C:\WINDOWS\system32\igfxsrvc.exe moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 11062011_100657
  • 0

#27
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
If Kaspersky can scan i dont need to install avast, or it is reccommended i unstall kaspersky and the install avast.
Regards
  • 0

#28
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 11062011_104552
  • 0

#29
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I am still running in safe mode. Kaspersky is updating and i will try to scan using it and if it doesnt then i will use avast. Have a good night.
Here it almost 11AM.
Regards
  • 0

#30
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
kaspersky is still running for the last 8 hours and has scanned 20%. I'll still wait for it to finish. thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP