Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WinAntivirus 2004

Started by Draconian , Jul 17 2012 08:52 AM

  • Please log in to reply

#16
Essexboy
Posted 25 July 2012 - 07:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Those are system files/folders that are normally hidden however when combofix runs it needs access to them so it reveals them. We will rehide them on completion

That looks OK .. Do you still have the high CPU problem ? If so which process is using it

Meanwhile lets look at system restore

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

Advertisements

#17
Draconian
Posted 27 July 2012 - 04:27 PM

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Sorry, my poor old eyes just now noticed the little 2 at the bottom of the page letting me know there is another page to this thread. Please disregard my PM. Yes, still running with high CPU usage whenever I click on just about anything on the internet. For example, there's about a 30 second lag time when I click on reply and this page fianlly loads completely. Worse when I'm opening the shortcut to this site.

I ran the FSS and here's the log.

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(10) Bridge(9) BridgeMP(8) Gpc(3) IPSec(5) NetBT(6) RFCOMM(11) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000A000000060000000700000008000000090000000B000000
IpSec Tag value is correct.

**** End of log ****

I can upload a screenshot of Task Manager or I have Autoruns to provide a more in depth view. Looks like to me I have two iexplor.exe processes running. Oneis using the most at 95,988k, the other iexplor.exe is using 20,632k, explorer.exe is at 51,412k, and I have 9 different svchost.exe processes, one of which is 44,512k, another at 14,064k, and avastUI.exe at 12,660k. the only two others of any signifigance are SetPoint.exe (wireless logitech mouse) at 15,264k and wmpnetwk.exe (Windows Media Player)at 22,292k.
  • 0

#18
Essexboy
Posted 27 July 2012 - 04:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It is more the processor usage than the amount of memory

When you get it again could you open taskmanager
Select processes
Click CPU

And the one using the most will appear at the top
  • 0

#19
Draconian
Posted 27 July 2012 - 05:58 PM

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
System idle is between 97 and 98.

Edited by Draconian, 28 July 2012 - 04:39 AM.

  • 0

#20
Essexboy
Posted 28 July 2012 - 07:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
System idle at that is good...

System idle is the amount of CPU remaining for use

So we are really just looking at a speed problem now ?
  • 0

#21
Draconian
Posted 28 July 2012 - 12:02 PM

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I was already logged onto this page and was looking at the Task Manager after the webpage had loaded. If I click on reply, it takes me to a different page on the site and then iexplore.exe jumps up to 98 and 99% until the page completely loads, then it drops back down again. It does this everytime I do something on the internet and I have to sit and wait for the page to load. It didn't do this until the last couple of months.

Edited by Draconian, 28 July 2012 - 12:08 PM.

  • 0

#22
Essexboy
Posted 28 July 2012 - 12:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you happen to notice what page it was diverted to before it settled ?
  • 0

#23
Draconian
Posted 28 July 2012 - 01:39 PM

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Doesn't matter, any internet page.
  • 0

#24
Essexboy
Posted 28 July 2012 - 02:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I mean what is the page it diverts through i.e. Googleads or something similar
  • 0

#25
Draconian
Posted 28 July 2012 - 05:08 PM

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I'm not aware of anything that it "diverts through". It's not being hijacked if that's what you mean. I'm just saying it takes a long time for ANY page to load.
  • 0

Advertisements

#26
Essexboy
Posted 29 July 2012 - 02:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the next step will be to uninstall IE8 run a small programme and then reinstall IE8

To uninstall IE8 :

Go to Control Panel > Add Remove



Tick show updates
Select IE8
Uninstall
Reboot

Then

Download Complete Internet Repair to your desktop

Unzip all the files to their own folder on the desktop
Within the folder double click CIntRep
The programme will then run
Select the items I have highlighted
Press go
Let me know if it is able to conduct the repair, there is a log at the bottom

Posted Image

Finally

Download andinstall IE8
  • 0

#27
Draconian
Posted 29 July 2012 - 05:43 AM

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I was unable to download the internet repair program from your link but I went to datum-forensics.com and was able to download it directly. I will run it now and let you know if the CPU usage issue improves.


EDIT: Well I just had some serious issues trying to delete IE8. The first time I clicked on the remove button it started doing its thing but I wasn't really paying attention. The next thing I know the computer was rebooting. I didn't think this was a problem until I got an error message telling me that my system had recovered from a serious problem and had to reboot. I decided to try it again and this time I disconnected my internet connection and disabled my antivirus before starting the removal process. (I might mention I also have another computer "networked" with this one and this one functions as a server with the wireless internet connection) I watched more closely this time and a window popped up saying that C:\Program Files\Internet Explorer\en-us\iedvtool.dll.mui was corrupt or unreadable. When I clicked on "cancel" it asked me if I wanted to continue anyway and I clicked on "yes". Another window similar to the first one appeared in its place with another file listed as corrupt or unreadable and this process continued for about 6 or 8 files. (I wrote them down if you need them.)

A few seconds later a blue screen popped up for just a second and then went into CKDSK mode where I was able to write down only a few highlights of what it was doing...."correcting error", "deleting index entry", "Recovering Orphaned File....", and "Correcting Errors in Masterfile Table". Everything came back up OK and I was able to reconnect to the internet to make this edit. It appears to this novice that my IE8 is so screwed I can't even remove it. You must be onto something here.

Attached Thumbnails

  • Error Signature.jpg
  • Error Report Contents.jpg

Edited by Draconian, 29 July 2012 - 07:45 AM.

  • 0

#28
Essexboy
Posted 30 July 2012 - 09:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have any minidump files here :

C:\windows\minidumps

If so could you zip and attach the last two
  • 0

#29
Draconian
Posted 30 July 2012 - 11:23 AM

Draconian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I tried to attach the file and it said I was not allowed to attach that kind of file. I used 7zip. Should I use Winzip or some other older program?
  • 0

#30
Essexboy
Posted 30 July 2012 - 11:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please, I did not know that 7zip was barred
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP