also @ TechSpot: Metro: Last Light Performance, Benchmarked

Slow computer, high CPU, got and cleaned trojan, but...

Discussion in 'Virus and Malware Removal' started by needhelp51, Feb 9, 2012.

Post New Reply
Page 3 of 5

  1. Broni Malware Annihilator Posts: 39,313   +175

    There was a trojan, which we removed through Combofix.

    Way to go!! [IMG]
    Good luck and stay safe :)
    Broni, Feb 12, 2012
    #41

  2. needhelp51 TechSpot Enthusiast Posts: 143

    Computer works great this morning, thanks to you, and thanks for the explanation also.

    I think I'll have my girlfriend's computer checked next, same cpu behavior... Probably the same virus. Possible here or shall I start a new thread?
    needhelp51, Feb 12, 2012
    #42

  3. Broni Malware Annihilator Posts: 39,313   +175

    New topic please.
    Broni, Feb 12, 2012
    #43

  4. needhelp51 TechSpot Enthusiast Posts: 143

    Hello. Tonight, my computer fell again in very high CPU. Something blocks my avast from starting at boot-up. I suspect something came back. ONly things I did since this morning was to isntall WOT and PSIsetup and follow PSIsetup recommndations about updating java and intel pro card. I did create a restore point this morning after all was fine. Even after recovering that point, avast does want to start.

    Have I done something wrong ? :(
    needhelp51, Feb 12, 2012
    #44

  5. Broni Malware Annihilator Posts: 39,313   +175

    You may need to reinstall Avast since you used restore point.

    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
    Broni, Feb 13, 2012
    #45

  6. needhelp51 TechSpot Enthusiast Posts: 143

    Procexp log:

    Process PID CPU Private Bytes Working Set Description Company Name Command Line
    System Idle Process 0 98.44 0 K 16 K
    System 4 0 K 240 K
    Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs
    smss.exe 900 172 K 940 K Gestionnaire de session Windows NT Microsoft Corporation \SystemRoot\System32\smss.exe
    csrss.exe 984 1 816 K 8 136 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    winlogon.exe 1028 7 124 K 1 280 K Application d'ouverture de session Windows NT Microsoft Corporation winlogon.exe
    services.exe 1072 2 240 K 9 480 K Applications Services et Contrôleur Microsoft Corporation C:\WINDOWS\system32\services.exe
    a2service.exe 1244 37 684 K 1 184 K Emsisoft Anti-Malware Service Emsi Software GmbH "C:\Program Files\Emsisoft Anti-Malware\a2service.exe"
    CLPSLS.exe 1304 976 K 8 044 K COMODO livePCsupport Service COMODO "C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe"
    svchost.exe 1424 3 500 K 30 912 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    unsecapp.exe 696 2 636 K 27 896 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
    wmiprvse.exe 2380 2 728 K 31 824 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
    Dot1XCfg.exe 732 4 496 K 35 224 K Intel 802.1x Server Intel Corporation C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe -Embedding
    svchost.exe 1492 2 464 K 28 260 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
    cmdagent.exe 1532 37 440 K 4 684 K COMODO Internet Security COMODO "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
    svchost.exe 1560 25 320 K 78 052 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs
    EvtEng.exe 1640 3 756 K 33 388 K Intel(R) PROSet/Wireless Event Log Intel Corporation "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe"
    S24EvMon.exe 1732 3 316 K 28 564 K Wireless Management Service Intel Corporation "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe"
    svchost.exe 1908 1 824 K 23 048 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
    svchost.exe 168 5 080 K 29 976 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
    AAWService.exe 284 67 340 K 89 128 K Ad-Aware Service Application Lavasoft Limited "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
    AAWTray.exe 2648 3 400 K 22 764 K Ad-Aware Tray Application Lavasoft Limited "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
    spoolsv.exe 452 3 672 K 29 920 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
    svchost.exe 908 1 848 K 29 368 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
    SASCore.exe 1396 1 116 K 18 240 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
    CFSvcs.exe 1448 2 072 K 27 144 K Service of ConfigFree. TOSHIBA CORPORATION "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe"
    DVDRAMSV.exe 1620 988 K 6 900 K DVD-RAM Utility Helper Service Matsushita Electric Industrial Co., Ltd. C:\WINDOWS\system32\DVDRAMSV.exe
    nvsvc32.exe 1696 3 836 K 19 880 K NVIDIA Driver Helper Service, Version 83.20 NVIDIA Corporation C:\WINDOWS\system32\nvsvc32.exe
    RegSrvc.exe 1768 1 360 K 24 504 K Intel(R) PROSet/Wireless Registry Service Intel Corporation "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"
    svchost.exe 1844 2 908 K 29 232 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
    alg.exe 2364 1 628 K 26 808 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
    svchost.exe 3988 2 048 K 26 140 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    lsass.exe 1084 4 436 K 30 228 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
    explorer.exe 200 0.78 23 508 K 19 400 K Explorateur Windows Microsoft Corporation C:\WINDOWS\Explorer.EXE
    DLACTRLW.EXE 2940 1 720 K 25 752 K Drive Letter Access Component Sonic Solutions "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
    SmoothView.exe 2948 1 080 K 18 240 K SmoothView TOSHIBA Corporation "C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe"
    Hotkey.exe 2956 5 600 K 38 524 K TOSHIBA Hotkey Filter Application TOSHIBA Inc. "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR
    SynTPEnh.exe 2964 2 328 K 23 468 K Synaptics TouchPad Enhancements Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    Toshiba.exe 3332 1 576 K 21 120 K Toshiba Custom PlugIn Application Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\Toshiba" /RegPlugIn
    ZCfgSvc.exe 2992 2 900 K 34 140 K ZeroCfgSvc MFC Application Intel Corporation "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    iFrmewrk.exe 3000 5 700 K 42 304 K Intel Framework MFC Application Intel Corporation "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    cfp.exe 3008 17 304 K 6 288 K COMODO Internet Security COMODO "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    AvastUI.exe 3016 4 808 K 39 176 K avast! Antivirus AVAST Software "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    TOSCDSPD.exe 3032 1 132 K 18 508 K CD/DVD Drive Acoustic Silencer TOSHIBA "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
    SUPERANTISPYWARE.EXE 3056 176 600 K 820 K SUPERAntiSpyware Application SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    ctfmon.exe 3108 1 408 K 22 448 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
    RAMASST.exe 3436 1 216 K 18 828 K CD Burning of Windows XP disabling tool for DVD MULTI Drive Matsushita Electric Industrial Co., Ltd. "C:\WINDOWS\system32\RAMASST.exe"
    iexplore.exe 2360 13 500 K 4 668 K Internet Explorer Microsoft Corporation "C:\Program Files\internet explorer\iexplore.exe"
    iexplore.exe 1516 59 196 K 66 728 K Internet Explorer Microsoft Corporation "C:\Program Files\internet explorer\iexplore.exe" SCODEF:2360 CREDAT:79873
    iexplore.exe 368 46 124 K 56 072 K Internet Explorer Microsoft Corporation "C:\Program Files\internet explorer\iexplore.exe" SCODEF:2360 CREDAT:145409
    procexp.exe 1520 11 860 K 17 784 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Toshiba\Bureau\ProcessExplorer\procexp.exe"
    soffice.exe 3832 12 480 K 28 364 K OpenOffice.org 3.3 OpenOffice.org "C:\Program Files\OpenOffice.org 3\program\soffice.exe" -quickstart
    soffice.bin 1656 43 872 K 107 676 K OpenOffice.org 3.3 OpenOffice.org "C:\Program Files\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files\\OpenOffice.org 3\\program"
    needhelp51, Feb 13, 2012
    #46
     

  7. needhelp51 TechSpot Enthusiast Posts: 143

    Oops, just seen you asked to attach the file, here it is.

    Attached Files:

    needhelp51, Feb 13, 2012
    #47

  8. Broni Malware Annihilator Posts: 39,313   +175

    I don't see any high CPU usage.
    System Idle Process (CPU NOT used) is listed at 98.44%.
    Broni, Feb 13, 2012
    #48

  9. needhelp51 TechSpot Enthusiast Posts: 143

    CPU was 100% at boot-up and many minutes after, better now indeed, but avast out of order. SHould I go ahead uninstalling and installing it again?
    needhelp51, Feb 13, 2012
    #49

  10. Broni Malware Annihilator Posts: 39,313   +175

    Yes, reinstall it.

    If you're able to catch high CPU usage with Process Explorer I'll gladly take another look.
    Broni, Feb 13, 2012
    #50

  11. needhelp51 TechSpot Enthusiast Posts: 143

    I will have to reboot after unistalling Avast, I'll check CPU and make a log if high,
    needhelp51, Feb 13, 2012
    #51

  12. Broni Malware Annihilator Posts: 39,313   +175

    OK..............
    Broni, Feb 13, 2012
    #52

  13. needhelp51 TechSpot Enthusiast Posts: 143

    Reinstalled Avast, seems ok.

    CPU very unstable upon startup, the culprit is "Hardware interrupts and DPC", which oscillates between 0% and 50%... 12%... 43%... and so on. Stabilizes after a long long period.

    I have Java J2SE Runtime ENvironment 5.0 Update 4, shall I installed new java version after uninstalling that one?
    needhelp51, Feb 13, 2012
    #53

  14. Broni Malware Annihilator Posts: 39,313   +175

    The current Java version is version 6 Update 30 so this is what you should have.
    Any other should be uninstalled.

    Check Primary and Secondary IDE settings: Device Manager -> IDE ATA/ATAPI controllers -> Primary or Secondary IDE Channel -> Properties -> Advanced Settings. Look at the Current Transfer Mode field.
    See, if it's in PIO mode instead of DMA mode.
    Broni, Feb 13, 2012
    #54

  15. needhelp51 TechSpot Enthusiast Posts: 143

    DMA is what I want instead of PIO?

    Primary says:

    DMA if available
    PIO mode (can't seem to toggle to DMA though)

    Seconday says:

    DMA if available
    Ultra DMA Mode 2

    (Ok for Java, I'll take care of it)
    needhelp51, Feb 13, 2012
    #55

  16. Broni Malware Annihilator Posts: 39,313   +175

    That's your issue.

    Uninstall Primary and restart computer.
    It'll be reinstalled automatically.
    Check back if it says DMA after restart.

    NOTE.
    The above issue may be caused by some hard drive problems.
    I strongly recommend to....
    Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard drive diagnostic)
    Make sure, you select tool, which is appropriate for the brand of your hard drive.
    Depending on the program, it'll create bootable floppy, or bootable CD.
    If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
    For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Pa...rivesUSandCanada/SoftwareUtilities#diagnostic

    Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    Broni, Feb 13, 2012
    #56

  17. needhelp51 TechSpot Enthusiast Posts: 143

    Ultra DMA 5 now,

    Everthing is much faster! You are a genius :D!!!!

    I will try and perform the recommended hard-disk checkup in next days, because indeed, there must be a reason why my computer did shift back to PIO mode in the first place...

    Java sucessfully installed.

    Two last things (before i buy you a beer!):

    1- "PSI", when I installed it last time, it seems to remain resident in memory (i.e. always active). Is there a way to install it so it can be executed "on demand"?

    2- Ad-aware, is it a good software to keep around, seems a bit heavy on memory and same problem: it is always resident in memory (i.e. in system tray). Should I keep it or remove it (I have Avast, COmodo, and regularily run MBAM and Emisoft antimalware)?
    needhelp51, Feb 13, 2012
    #57

  18. Broni Malware Annihilator Posts: 39,313   +175

    Good news :)

    1. Always perform custom installation. I believe there is an option to make it a startup or not.

    2. Tool of the past. MBAM is much better.
    Broni, Feb 13, 2012
    #58

  19. needhelp51 TechSpot Enthusiast Posts: 143

    (Edited sorry for posting in wrong thread)
    needhelp51, Feb 25, 2012
    #59

  20. Broni Malware Annihilator Posts: 39,313   +175

    What's the reason for posting GMER log?
    Broni, Feb 25, 2012
    #60
Page 3 of 5

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.