Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

CPU @ 100%..?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

CPU @ 100%..?

Unread postby rats19 » February 12th, 2007, 6:37 pm

I just updated Windows XP Pro with SP2..since then my CPU usage spikes to 100% and is very erratic and really is a problem. can someone help me pls.

rats19
rats19
Regular Member
 
Posts: 55
Joined: February 7th, 2007, 5:50 pm
Location: BC
Advertisement
Register to Remove

Unread postby Elrond » February 13th, 2007, 8:01 am

Hi Rats

Welcome to Malware Removal.

Before anything else I would like to see a Hijackthis log.

Please follow the instructions below to download, install, create a desktop shortcut and post your hijackthis log.

Go to Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.

Put a check by Create a desktop icon then click Next again.

Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch HijackThis.

Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Paste the log in your next reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby rats19 » February 13th, 2007, 11:01 am

thnx elrond..I had a hjt already..tried it it would not respond. went to your link and got another copy..it would not respond..It loads I click on do a scan save a log...it goes to 015: trusted enumeration..then nothing

I have been having trouble with microsoft outlook also for the last day or so..? what now?

rat
rats19
Regular Member
 
Posts: 55
Joined: February 7th, 2007, 5:50 pm
Location: BC

Unread postby rats19 » February 13th, 2007, 11:03 am

wait...it just worked..man this is frustrating

ogfile of HijackThis v1.99.1
Scan saved at 07:00, on 07-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iolo\System Mechanic 5 Professional\SysMech5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canuckscentral.com/forums/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKCU\..\Run: [System Mechanic Registry Compact Handler] "C:\Program Files\iolo\System Mechanic 5 Professional\SysMech5.exe" /PERSISTREGCOMPACT
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7870759203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ennsinsurance.com
O17 - HKLM\Software\..\Telephony: DomainName = ennsinsurance.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ennsinsurance.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
rats19
Regular Member
 
Posts: 55
Joined: February 7th, 2007, 5:50 pm
Location: BC

Unread postby rats19 » February 13th, 2007, 11:22 am

this is strange...random/random helped me in another thread.. we deleted the 017..as they were part of my old office setup. it just seems to keep retoring.

the thread we worked in in archived "want to get clean..join the MRU.."

rat
rats19
Regular Member
 
Posts: 55
Joined: February 7th, 2007, 5:50 pm
Location: BC

Unread postby Elrond » February 13th, 2007, 2:46 pm

Hi Rats19

I went through your log. There is nothing serious to be seen there although there is some junk. Let's see if we can get rid of it now.

You are running Spywareguard, which is exelent. However it must be turned off until the fixes are all done, or it could interfere with the fixes. Please right click the System Tray icon for Spywareguard to open it, then use 'Menu > File > Exit'. Then confirm the program is not running. After each reboot until we are finished cleaning you computer check that it is not running. If it is exit it again.


Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ennsinsurance.com
O17 - HKLM\Software\..\Telephony: DomainName = ennsinsurance.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ennsinsurance.com


Click on Fix Checked when finished and exit HijackThis.


Reboot the computer.


Download Process Explorer from http://www.microsoft.com/technet/sysint ... lorer.mspx

Place it where you will easily find it.

Simply run Process Explorer by double-clicking procexp.exe.

It will open a list. Leave it running in the background. Next time your computers CPU spikes to 100% please try to click on the ProcessExplorer at the bottom of the screen and see if you can see waht process is using most of the power. If there are one or more processes listed under the process that draws the power please note that as well. Let me know what processes are the culprits. I have a suspicion but I will not say anything until I know what processes are the culprits.
Please do not try to fix anything with the ProcessExplorer as you can do damage if you do not know exactly what you are doing.

* Close ALL windows except "HijackThis"
* SCAN with "HijackThis"
* POST the new log in this thread using "Add Reply" Add the results from Process Explorer to the same post.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby rats19 » February 13th, 2007, 4:02 pm

my hjt wont work. it brings it up and the minute i go to check the ones we will remove it goes into "not responding" mode ???

what now
rats19
Regular Member
 
Posts: 55
Joined: February 7th, 2007, 5:50 pm
Location: BC

Unread postby Elrond » February 13th, 2007, 4:41 pm

Forget about the HijackThis for a moment. Download the ProcessExplorer and start that. Then try to run the HijackThis scan and remove the entreis that I told you to remove. If HijackThis goes into a nonresponsive mode see if you can see what ProcessExplorer shows. What is using all the power.

Post and let me know if you can see what it is that is misbehaving.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby rats19 » February 13th, 2007, 9:37 pm

it seems if I wait a while the log shows up..



Logfile of HijackThis v1.99.1
Scan saved at 17:34, on 07-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Randy.ENNSINSURANCE\Desktop\Computer stuff\procexp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canuckscentral.com/forums/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe
O4 - HKCU\..\Run: [System Mechanic Registry Compact Handler] "C:\Program Files\iolo\System Mechanic 5 Professional\SysMech5.exe" /PERSISTREGCOMPACT
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7870759203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

rat
rats19
Regular Member
 
Posts: 55
Joined: February 7th, 2007, 5:50 pm
Location: BC

Unread postby Elrond » February 14th, 2007, 3:16 am

I see that you have installed Process Explorer and have it running. See if you can catch one of those spikes and get a reading of what is causing the spikes. I am suspicious of the svchost connected with Generic Host Process for Windows32. Would not suprise me if you would see one of them spike to a very high number for a few minutes and at the same time show you a sub process.

Let me know what you find.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby rats19 » February 14th, 2007, 10:58 am

it looks like system idle process. under the cpu heading is fluctuating between 76.-100

when i run task manager the cpu spikes immediately?? is there anyway to print/capture process exploere to post?



rat
rats19
Regular Member
 
Posts: 55
Joined: February 7th, 2007, 5:50 pm
Location: BC

Unread postby Elrond » February 14th, 2007, 12:14 pm

System Idle process only means that there is nothing for the sytem to work on for the moment. It is ready to do whatever you want it to do. It means that there is no load on the computer. It is high when you are doing nothing because the way that both Process Explorer and Task Manager works the total of all the processes including System Idle Process always have to equal a 100%.
Can you describe what happens with Task Manager that makes you say that it spikes to 100%? If you look at the lower right corner of the screen you should see a dark green square that becomes partlly or all light green when the CPU is used. If it is all green then the CPU use is close to 100%. This is a easy way of seeing what the Task Manager is showing as CPU use. Close by there should be a square that is normaly black but that will be partly or all green and / or red when there is a load put on the CPU. If you put the cursor over it will give you the CPU usage. This is the Process Explorer.

When the computer is showing signs of being unresposive that is when it is worth seeing if the CPU is fully occupied and to try to identify what is causing the load.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby rats19 » February 14th, 2007, 12:40 pm

while reading this post. CPU at45% Firefox at 47%.

then a second later cpu @26% and FF @23%
I just brought up TM and its between 7%-75% with me doing nothing.

Yesterday my microsoft outlook would not respond...it is today but something is definatly going on here..

rat
rats19
Regular Member
 
Posts: 55
Joined: February 7th, 2007, 5:50 pm
Location: BC

Unread postby Elrond » February 14th, 2007, 1:03 pm

FF is quite normal. Why I am asking all those questions is because there is a problem in Windows update that is known to every so often result in a CPU spike that can last for quite a few minutes and the disapear again. Microsoft is working on a solution that will be downloaded through the Windows update as soon as it is sure that the patch is safe and will do what it should do. This is the reason why I want you to tell me what Process Explorer shows when you have a program that is not responding for a while. I know what I am expecting if that is what is going on. It is not worth looking at Process Explorer all the time as both that and Task manager will change all the time. There are processes running in the background that will use the CPU for a few seconds and give a short spike and then disapear again.

I will prepare a post for you to run some scans to see if there is anything untoward that shows up.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby rats19 » February 14th, 2007, 1:07 pm

super..thnx for your help Elrond
rats19
Regular Member
 
Posts: 55
Joined: February 7th, 2007, 5:50 pm
Location: BC
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware