TechSpot

Random high CPU usage and lag spikes in Vista x32

Inactive
By Rifero
Oct 4, 2010
Topic Status:
Not open for further replies.
  1. Hello all,

    I have a problem with my laptop. Since a few days, I have random high CPU usage during online gaming, and lag spikes.
    I had this issue before, but somehow I have the same problem again. I can't seem to fix it, I've tried lots of tools and guides on the web, but nothing helped.

    System specs:
    I will download and run Combofix now, and post the log when its finished.

    EDIT: Combofix.txt


    Awaiting for your support patiently, thanks in advance.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll go over this with you. But I wish you had been more patient as our sticky says clearly not to run Combofix unless your helper instructs you to and then with guidance. I am also not familiar with the site you posted the log on so I will not check that log. Logs are pasted into replies on this site

    I am at a loss as to what tools and guides told you to run Combofix first, then put it on some unknown site.

    Let's try to turn this around:
    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, Paste the logs for review in your next reply . You can use more than one post if needed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. Rifero

    Rifero TS Rookie Topic Starter Posts: 32

    Hi Bobbye,

    Thanx for your reply. I will now post the logs here.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Databaseversie: 4742

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    5-10-2010 4:37:45
    mbam-log-2010-10-05 (04-37-45).txt

    Scantype: Volledige scan (C:\|D:\|F:\|X:\|)
    Objecten gescand: 246546
    Verstreken tijd: 1 uur/uren, 27 minuut/minuten, 47 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 2
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-05 15:35:51
    Windows 6.0.6002 Service Pack 2
    Running: 86xwqowx.exe; Driver: C:\Users\Rick\AppData\Local\Temp\fxldipow.sys

    Edit: Deleting excessive GMER log entries. Member advised.

    All other posts with just GMER log are being deleted. Member advised.
  4. Rifero

    Rifero TS Rookie Topic Starter Posts: 32

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!RtlPrefetchMemoryNonTemporal 81E86258 1 Byte [90]
    .text ntkrnlpa.exe!ZwQueryLicenseValue + D15 81E89DB9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 4FA 81EE77AA 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 512 81EE77C2 1 Byte [00]

    ---- User code sections - GMER 1.0.15 ----

    UPX1 C:\Users\Rick\Desktop\86xwqowx.exe[1348] C:\Users\Rick\Desktop\86xwqowx.exe entry point in "UPX1" section [0x004B3F40]

    ---- User IAT/EAT - GMER 1.0.15 ----
  5. Rifero

    Rifero TS Rookie Topic Starter Posts: 32

    For some reasons I can't find the DDS logs anymore, I will redo that scan and post the logs a.s.a.p.



    Edit: End excessive GMER log deletes.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Did you miss this in GMER?

  7. Rifero

    Rifero TS Rookie Topic Starter Posts: 32

    Yes, I did not see that, I'm sorry. I didn't read the GMER FAQ because I had no questions about the tool.
    Do you want me to delete that log and repost one with "Show all" unchecked?
  8. Rifero

    Rifero TS Rookie Topic Starter Posts: 32

    DDS.txt

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Rick at 9:19:17,04 on wo 06-10-2010
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_16
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3001.2155 [GMT 2:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    X:\SECURITY\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    X:\SECURITY\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    X:\ROOT\HTTP\bin\httpd.exe
    C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
    X:\ROOT\FTP\FileZilla Server.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    X:\ROOT\HTTP\bin\httpd.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    X:\SECURITY\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
    X:\SECURITY\Avast5\AvastUI.exe
    C:\Program Files\Mz Ultimate Tools\Mz CPU Accelerator\MzCPUAccelerator.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Users\Rick\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vb32&d=1009&m=easynote_lj65
    uURLSearchHooks: H - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [MzCPUAccelerator] c:\program files\mz ultimate tools\mz cpu accelerator\MzCPUAccelerator.exe
    mRun: [Acer ePower Management] c:\program files\packard bell\packard bell powersave solution\ePowerTrayLauncher.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    mRun: [avgnt] "x:\security\avira\antivir desktop\avgnt.exe" /min
    mRun: [avast5] x:\security\avast5\avastUI.exe /nogui
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\e3qel8za.default\
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-5 165584]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;x:\security\avira\antivir desktop\sched.exe [2010-10-5 135336]
    R2 Apache2.2;Apache2.2;x:\root\http\bin\httpd.exe [2010-7-30 24645]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-5 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-5 50768]
    R2 avast! Antivirus;avast! Antivirus;x:\security\avast5\AvastSvc.exe [2010-10-5 40384]
    R2 ePowerSvc;Acer ePower Service;c:\program files\packard bell\packard bell powersave solution\ePowerSvc.exe [2009-4-3 703008]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-4-3 223232]
    S2 Axigen;Axigen Mail Server;c:\program files\axigen mail server\axigen.exe --> c:\program files\axigen mail server\axigen.exe [?]
    S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-10-4 312152]
    S3 avast! Mail Scanner;avast! Mail Scanner;x:\security\avast5\AvastSvc.exe [2010-10-5 40384]
    S3 avast! Web Scanner;avast! Web Scanner;x:\security\avast5\AvastSvc.exe [2010-10-5 40384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S4 AntiVirService;Avira AntiVir Guard;x:\security\avira\antivir desktop\avguard.exe [2010-10-5 267432]
    S4 DTNetService;DTNetService;c:\program files\daemon tools net\dtnetsrv.exe --> c:\program files\daemon tools net\DTNetSrv.exe [?]
    S4 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]

    =============== Created Last 30 ================

    2010-10-05 21:50:41 0 d-----w- c:\users\rick\Tracing
    2010-10-05 18:21:28 0 d-----w- c:\program files\Mz Ultimate Tools
    2010-10-05 01:08:01 0 d-----w- c:\program files\VideoLAN
    2010-10-05 00:51:19 0 d-----w- c:\users\rick\appdata\roaming\Malwarebytes
    2010-10-05 00:51:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-05 00:51:07 0 d-----w- c:\programdata\Malwarebytes
    2010-10-05 00:51:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-04 23:45:07 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-04 23:37:29 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-10-04 23:37:05 0 d-----w- c:\programdata\Alwil Software
    2010-10-04 22:45:23 0 d-----w- c:\users\rick\appdata\roaming\Avira
    2010-10-04 22:41:36 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-04 22:41:35 0 d-----w- c:\programdata\Avira
    2010-10-04 19:01:26 0 d-sh--w- C:\$RECYCLE.BIN
    2010-10-04 16:12:06 98816 ----a-w- c:\windows\sed.exe
    2010-10-04 16:12:06 77312 ----a-w- c:\windows\MBR.exe
    2010-10-04 16:12:06 256512 ----a-w- c:\windows\PEV.exe
    2010-10-04 16:12:06 161792 ----a-w- c:\windows\SWREG.exe
    2010-10-04 07:49:42 0 d-----w- c:\users\rick\appdata\roaming\AVG10
    2010-10-04 07:48:55 0 d--h--w- c:\programdata\Common Files
    2010-10-04 07:43:37 0 d-----w- c:\programdata\IObit
    2010-10-04 07:38:06 0 d-----w- c:\programdata\MFAData
    2010-09-29 21:25:39 0 d-----w- c:\program files\URUSoft
    2010-09-26 00:55:00 81920 ----a-w- c:\windows\system32\iccvid.dll
    2010-09-26 00:53:57 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-26 00:53:55 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-09-26 00:53:52 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-09-26 00:47:52 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-09-20 18:51:34 0 d-----w- c:\program files\SnapShot
    2010-09-20 02:04:13 0 d-----w- c:\users\rick\appdata\roaming\DAEMON Tools Net
    2010-09-13 14:27:40 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
    2010-09-11 15:59:23 847 ----a-w- c:\users\rick\.recently-used.xbel

    ==================== Find3M ====================

    2010-10-06 07:14:58 695042 ----a-w- c:\windows\system32\perfh013.dat
    2010-10-06 07:14:58 143476 ----a-w- c:\windows\system32\perfc013.dat
    2010-10-04 07:47:06 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-10-04 07:47:06 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-10-04 07:47:04 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-10-04 07:28:45 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-09-20 02:05:21 445936 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2009-11-15 02:30:01 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 05:43:08 41976 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
    2008-01-21 05:43:08 41976 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
    2008-01-21 05:43:08 336440 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
    2008-01-21 05:43:08 336440 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
    2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2010-06-29 22:37:12 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2010-06-29 22:37:12 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2010-06-29 22:37:12 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2010-01-15 20:00:22 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2010-01-15 20:00:22 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2010-01-15 20:00:22 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

    ============= FINISH: 9:19:34,53 ===============


    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12-10-2009 20:32:15
    System Uptime: 10-6-2010 9:09:45 (2832 hours ago)

    Motherboard: Packard Bell | | EasyNote LJ65
    Processor: Celeron(R) Dual-Core CPU T3000 @ 1.80GHz | uPGA-478 | 1795/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 96 GiB total, 34,605 GiB free.
    D: is CDROM ()
    F: is Removable
    X: is FIXED (NTFS) - 40 GiB total, 39,577 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP549: 5-10-2010 1:36:52 - avast! Free Antivirus Setup
    RP550: 5-10-2010 5:40:07 - Removed MySQL Server 5.1
    RP551: 5-10-2010 5:41:51 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP552: 5-10-2010 5:45:36 - Removed QuickTime
    RP553: 5-10-2010 6:03:34 - Microsoft Visual C++ 2005 Redistributable is verwijderd

    ==== Installed Programs ======================

    1st SMTP Server
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Advanced SystemCare 3
    All Media Fixer 9.11
    Apache HTTP Server 2.2.16
    Apple Application Support
    Apple Software Update
    Ares 2.1.1
    avast! Free Antivirus
    Avira AntiVir Personal - Free Antivirus
    Axialis IconWorkshop 6.52
    Backup Manager Basic
    BitLord 1.1
    Cheat Engine 5.6.1
    Dream AMR Converter 3.0.3.2
    ffdshow [rev 1324] [2007-07-01]
    FileZilla Server (remove only)
    Free SMTP Server
    Free YouTube to MP3 Converter version 3.8
    Game Booster
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Identity Card
    InfoCentre
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    IObit Security 360
    Java(TM) 6 Update 16
    Junk Mail filter update
    LAME v3.98.2 for Audacity
    Launch Manager
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Silverlight
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mIRC
    Mozilla Firefox (3.5.3)
    MP3 Repair Tool v1.5.2
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mz CPU Accelerator
    neroxml
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    Packard Bell Customer Registration
    Packard Bell MyBackup
    Packard Bell PowerSave Solution
    Packard Bell Recovery Management
    PHP 5.2.14
    Realtek USB 2.0 Card Reader
    SetupMyPC
    SnapShot 3.0.0
    Sql Server Customer Experience Improvement Program
    Subtitle Workshop 2.51
    Synaptics Pointing Device Driver
    System Requirements Lab
    System Requirements Lab for Intel
    Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Updator
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    Ventrilo Server
    Video Web Camera
    Vista Codec Package
    Windows Live - Hulpprogramma voor uploaden
    Windows Live aanmeldhulp
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Writer
    WinRAR

    ==== End Of File ===========================
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    With your permission, I'll go into the replies and delete the GMER contents. I don't think you can Edit once there has been a reply. It looks okay, but I don't need all the entries.

    You are running multiple antivirus programs: avast! Free Antivirus, Avira AntiVir and IObit Security 360
    That needs to ge down to only 1 AV because multiples make the system more vulnerable, not less.
    I am removing entries for Iobit Security and Hitman Pro after you've run Combofix, because neither are good programs to have on the system. But you can go ahead with the uninstall and then decide if you want to keep Avast or Avira. Here are removal tools to help:
    Avast Removal
    To uninstall Avira:
    • Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
    • Wait for the list of installed programs to load, then click the name of the Avira program.
    • Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
    • Press Yes, to confirm the removal and then OK.
    • . Click Next until Finish. The software is removed.
    =====================================
    Please reboot the computer after making the antivirus changes.
    =======================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    ===================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Questions:
    1. What is Drive x?
    2. When you think there is excessive CPU usage, open the Task Manager and note the names of the processes with high usage. Let me know what they are. If you know what any are specifically for and you are using the program at the time, please tell me that so I can exclude it.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I've cleaned up the thread which should make it easier to follow. I'll keep it open for a couple of days in case you want to continue.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.