Inactive CPU at maximum - Cannot find a problem

[kingmob]

2015-07-27 02:01:59.830 Sophos Virus Removal Tool version 2.5.4
2015-07-27 02:01:59.830 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-07-27 02:01:59.830 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-07-27 02:01:59.830 Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 Win32
2015-07-27 02:01:59.830 Checking for updates...
2015-07-27 02:02:03.839 Update progress: proxy server not available
2015-07-27 02:02:21.717 Downloading updates...
2015-07-27 02:02:21.779 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-07-27 02:02:21.779 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-07-27 02:02:21.779 Update progress: [I49502] Found supplement IDE518 LATEST
2015-07-27 02:02:21.779 Update progress: [I49502] Found supplement IDE519 LATEST
2015-07-27 02:02:21.779 Update progress: [I49502] Found supplement IDE520 LATEST
2015-07-27 02:02:21.779 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-07-27 02:02:21.779 Update progress: [I19463] Syncing product SAVIW32 58
2015-07-27 02:02:33.183 Update progress: [I19463] Syncing product IDE518 171
2015-07-27 02:02:34.197 Installing updates...
2015-07-27 02:03:00.608 Option all = no
2015-07-27 02:03:04.399 Update progress: [I19463] Syncing product IDE519 44
2015-07-27 02:03:04.399 Update progress: [I19463] Syncing product IDE520 1
2015-07-27 02:03:06.661 Option recurse = yes
2015-07-27 02:03:06.676 Option archive = no
2015-07-27 02:03:06.676 Option service = yes
2015-07-27 02:03:06.676 Option confirm = yes
2015-07-27 02:03:06.676 Option sxl = yes
2015-07-27 02:03:06.676 Option max-data-age = 35
2015-07-27 02:03:06.676 Option EnableSafeClean = yes
2015-07-27 02:03:06.676 Option vdl-logging = yes
2015-07-27 02:03:06.676 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-07-27 02:03:06.676 Machine ID: 8767865ab43f4bb7b822476d06510da0
2015-07-27 02:03:06.676 Component SVRTcli.exe version 2.5.4
2015-07-27 02:03:06.676 Component control.dll version 2.5.4
2015-07-27 02:03:06.676 Component SVRTservice.exe version 2.5.4
2015-07-27 02:03:06.676 Component engine\osdp.dll version 1.44.1.2210
2015-07-27 02:03:06.676 Component engine\veex.dll version 3.61.0.2210
2015-07-27 02:03:06.676 Component engine\savi.dll version 8.1.8.2210
2015-07-27 02:03:06.676 Component rkdisk.dll version 1.5.30.0
2015-07-27 02:03:06.676 Version info: Product version 2.5.4
2015-07-27 02:03:06.676 Version info: Detection engine 3.61.0
2015-07-27 02:03:06.676 Version info: Detection data 5.17
2015-07-27 02:03:06.676 Version info: Build date 7/21/2015
2015-07-27 02:03:06.676 Version info: Data files added 213
2015-07-27 02:03:06.676 Version info: Last successful update (not yet updated)
2015-07-27 02:03:06.676 Error level 1
2015-07-27 02:03:26.270 Update successful
2015-07-27 02:04:08.234 Option all = no
2015-07-27 02:04:08.234 Option recurse = yes
2015-07-27 02:04:08.234 Option archive = no
2015-07-27 02:04:08.234 Option service = yes
2015-07-27 02:04:08.234 Option confirm = yes
2015-07-27 02:04:08.234 Option sxl = yes
2015-07-27 02:04:08.249 Option max-data-age = 35
2015-07-27 02:04:08.249 Option EnableSafeClean = yes
2015-07-27 02:04:08.468 Option vdl-logging = yes
2015-07-27 02:04:08.483 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-07-27 02:04:08.483 Machine ID: 8767865ab43f4bb7b822476d06510da0
2015-07-27 02:04:08.483 Component SVRTcli.exe version 2.5.4
2015-07-27 02:04:08.483 Component control.dll version 2.5.4
2015-07-27 02:04:08.483 Component SVRTservice.exe version 2.5.4
2015-07-27 02:04:08.483 Component engine\osdp.dll version 1.44.1.2210
2015-07-27 02:04:08.483 Component engine\veex.dll version 3.61.0.2210
2015-07-27 02:04:08.499 Component engine\savi.dll version 8.1.8.2210
2015-07-27 02:04:08.499 Component rkdisk.dll version 1.5.30.0
2015-07-27 02:04:08.499 Version info: Product version 2.5.4
2015-07-27 02:04:08.499 Version info: Detection engine 3.61.0
2015-07-27 02:04:08.499 Version info: Detection data 5.17G
2015-07-27 02:04:08.499 Version info: Build date 7/21/2015
2015-07-27 02:04:08.499 Version info: Data files added 213
2015-07-27 02:04:08.499 Version info: Last successful update 7/26/2015 10:03:26 PM

2015-07-27 02:40:18.256 Could not open C:\hiberfil.sys
2015-07-27 02:46:21.255 Could not open C:\pagefile.sys
2015-07-27 03:25:16.378 Could not open C:\System Volume Information\{02d9c7b4-3282-11e5-9ca2-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.379 Could not open C:\System Volume Information\{2c840417-32fd-11e5-8d09-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.379 Could not open C:\System Volume Information\{35b78732-3013-11e5-b44a-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.379 Could not open C:\System Volume Information\{35b78741-3013-11e5-b44a-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.379 Could not open C:\System Volume Information\{367d091d-3212-11e5-9c94-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.380 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.380 Could not open C:\System Volume Information\{3c989b0e-2e55-11e5-adb4-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.380 Could not open C:\System Volume Information\{472d7dcd-306d-11e5-adb4-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.380 Could not open C:\System Volume Information\{76110849-3007-11e5-8fe8-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.381 Could not open C:\System Volume Information\{76110854-3007-11e5-8fe8-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.388 Could not open C:\System Volume Information\{7611085e-3007-11e5-8fe8-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.388 Could not open C:\System Volume Information\{9a13be64-33f1-11e5-9671-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:25:16.389 Could not open C:\System Volume Information\{cf1e49f2-2e1f-11e5-adad-001d09ce33f2}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-27 03:27:06.157 Could not open C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-07-27 03:27:06.159 Could not open C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-07-27 03:27:06.198 Could not check C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-07-27 03:27:06.227 Could not check C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-07-27 03:27:09.314 Could not check C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2015-07-27 03:27:09.720 Could not check C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-07-27 03:27:10.951 Could not check C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)
2015-07-27 03:27:10.981 Could not check C:\Users\Sam D\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-07-27 04:31:50.374 >>> Virus 'Mal/VB-F' found in file C:\Users\Sam D\Downloads\Scrapebox_1.16.3\Scrapebox 1.16.3\start with me! (run as admin).exe
2015-07-27 04:31:50.379 >>> Virus 'Mal/VB-F' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-07-27 04:31:50.384 >>> Virus 'Mal/VB-F' found in file HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-07-27 04:31:50.390 >>> Virus 'Mal/VB-F' found in file HKU\S-1-5-21-3192665374-2718563871-2505210960-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-07-27 04:31:50.395 >>> Virus 'Mal/VB-F' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-07-27 05:08:48.273 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-07-27 05:08:48.308 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-07-27 05:09:11.175 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-07-27 05:09:11.183 Could not open C:\Windows\System32\config\RegBack\SAM
2015-07-27 05:09:11.201 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-07-27 05:09:11.208 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-07-27 05:09:11.214 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-07-27 05:50:31.515 The following items will be cleaned up:
2015-07-27 05:50:31.515 Mal/VB-F

 

[Broni]

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current (Service Pack1!!!)

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[kingmob]

Well,

Before I proceed with the last step......I'm still experiencing the same problems. So if I'm clean, am I to assume that the culprit is somewhere else? We did not find any malware/rootkit that was causing this, so woudn't it make sense to try to do a system restore, instead of deleting system restore points?

also, could a microsoft update be the issue causing this? I updated about a month ago, but this issue only surfaced a few days ago, a 2 days after I posted this log.

I've looked through my services to see if anything was causing the cpu spikes, but there is nothing suspicious there. I disabled what I could.

I'm really at loss here.

 

[Broni]

There was definitely some infection (see FRST fislist), so I wouldn't recommend using system restore.

Why your Windows is not up to date? I don't even see Service Pack 1 installed.

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
NOTE. Windows Vista, 7 and 8 users right click on procexp.exe, click "Run As Administrator".
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Paste the content into your next reply.

Restart in safe mode, re-run Process Explorer and post another log.

 

[kingmob]

Process PID CPU Private Bytes Working Set Description Company Name Command Line
TheBestSpinner.exe 1304 28.42 152,996 K 164,308 K TheBestSpinner JonathanLeger.com "C:\Program Files\TheBestSpinner3\TheBestSpinner.exe"
svchost.exe 1020 3.10 91,504 K 95,648 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
chrome.exe 5032 0.84 87,688 K 121,328 K Google Chrome Google Inc. "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group12 pct:1c stablep2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_HQPDemotion_HUPDecay_Enabled_V3/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNConCubic/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/OneWeek/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="5756.9.1163167524\145674892" --font-cache-shared-handle=4656 /prefetch:673131151
WINWORD.EXE 4308 86,928 K 117,176 K Microsoft Word Microsoft Corporation "C:\Program Files\Microsoft Office\Office15\WINWORD.EXE" /n "C:\Users\Sam D\Desktop\San antonio articles stuff\video 3\vid 3 spin.docx
explorer.exe 5688 4.31 79,680 K 100,532 K Windows Explorer Microsoft Corporation "C:\Windows\explorer.exe"
chrome.exe 5916 76,492 K 84,020 K Google Chrome Google Inc. "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group12 pct:1c stablep2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_HQPDemotion_HUPDecay_Enabled_V3/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNConCubic/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/OneWeek/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="5756.3.580501607\1098417855" --font-cache-shared-handle=1788 /prefetch:673131151
chrome.exe 4916 71,380 K 78,680 K Google Chrome Google Inc. "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5756.0.1680197129\357395619" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,22,45,55 --gpu-vendor-id=0x10de --gpu-device-id=0x0407 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3788 --ignored=" --type=renderer " /prefetch:822062411
chrome.exe 5756 0.15 57,404 K 90,864 K Google Chrome Google Inc. "C:\Program Files\Google\Chrome\Application\chrome.exe"
svchost.exe 2488 4.72 52,940 K 47,064 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs
svchost.exe 1064 0.30 37,424 K 50,288 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
explorer.exe 4988 0.01 30,812 K 24,804 K Windows Explorer Microsoft Corporation C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
dwm.exe 1756 2.77 29,344 K 43,496 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
chrome.exe 4132 0.13 29,064 K 27,132 K Google Chrome Google Inc. "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5756.10.1870994651\1596333918" --ppapi-flash-args=enable_hw_video_decode=1 --lang=en-US --ignored=" --type=renderer " /prefetch:-632637702
FreemakeUtilsService.exe 1412 0.01 25,812 K 72,460 K FreemakeUtilsService Freemake "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe"
chrome.exe 4008 25,728 K 33,156 K Google Chrome Google Inc. "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group12 pct:1c stablep2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Stable_HQPDemotion_HUPDecay_Enabled_V3/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNConCubic/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/OneWeek/ReportCertificateErrors/ShowAndPossiblySend/ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_82/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --channel="5756.2.833012082\1177990504" --font-cache-shared-handle=1776 /prefetch:673131151
procexp.exe 1968 51.80 20,324 K 35,296 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Sam D\Downloads\ProcessExplorer\procexp.exe"
svchost.exe 1456 0.01 20,156 K 22,756 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
SMSvcHost.exe 2228 < 0.01 17,176 K 12,092 K SMSvcHost.exe Microsoft Corporation C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
CaptureLibService.exe 1632 0.01 15,668 K 9,452 K CaptureLibService Ellora Assets Corp. "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe"
audiodg.exe 3636 15,116 K 13,860 K Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x7f0
svchost.exe 944 0.07 14,908 K 14,224 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 1680 9,604 K 12,744 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskhost.exe 2964 6,144 K 8,128 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
spoolsv.exe 1616 5,792 K 9,976 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
rundll32.exe 2920 5,456 K 11,840 K Windows host process (Rundll32) Microsoft Corporation C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
svchost.exe 1196 < 0.01 5,324 K 10,452 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
GoogleUpdate.exe 1708 < 0.01 5,096 K 13,256 K Google Installer Google Inc. "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
lsass.exe 616 0.30 5,092 K 11,260 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
WLIDSVC.EXE 2524 < 0.01 4,912 K 10,720 K Microsoft® Windows Live ID Service Microsoft Corp. "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
services.exe 580 4,668 K 7,472 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
sppsvc.exe 6048 4,612 K 9,912 K Microsoft Software Protection Platform Service Microsoft Corporation C:\Windows\system32\sppsvc.exe
svchost.exe 868 0.36 4,068 K 7,748 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 4236 < 0.01 3,988 K 82,704 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
wmpnetwk.exe 2120 < 0.01 3,724 K 2,808 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
taskmgr.exe 4196 5.01 3,396 K 10,032 K Windows Task Manager Microsoft Corporation taskmgr.exe /3
jusched.exe 5724 2,936 K 1,276 K Java Update Scheduler Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
svchost.exe 2396 2,852 K 6,860 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 740 0.86 2,796 K 7,400 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
SkypeC2CAutoUpdateSvc.exe 2032 2,524 K 6,740 K Updates Skype Click to Call Microsoft Corporation "C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
csrss.exe 508 0.54 2,336 K 29,336 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
nvSCPAPISvr.exe 836 2,184 K 4,316 K Stereo Vision Control Panel API Server NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
WmiPrvSE.exe 2512 1,932 K 4,732 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
lsm.exe 628 1,844 K 4,920 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 424 0.02 1,800 K 4,596 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
svchost.exe 3288 1,724 K 5,140 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
winlogon.exe 568 1,664 K 4,792 K Windows Logon Application Microsoft Corporation winlogon.exe
SASCore.exe 1992 < 0.01 1,588 K 7,604 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
taskeng.exe 4384 1,216 K 4,232 K Task Scheduler Engine Microsoft Corporation taskeng.exe {3B3F4992-9D31-45C3-9566-A4F6DE65556F}
SkypeC2CPNRSvc.exe 440 1,212 K 4,544 K Phone Number Recognition (PNR) module Microsoft Corporation "C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
wininit.exe 496 932 K 3,716 K Windows Start-Up Application Microsoft Corporation wininit.exe
svchost.exe 4756 836 K 3,700 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k SDRSVC
WLIDSVCM.EXE 2780 640 K 2,828 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. WLIDSvcM.exe 2524
smss.exe 332 260 K 828 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
System 4 1.08 112 K 25,832 K
System Idle Process 0 < 0.01 0 K 24 K
Interrupts n/a 2.28 0 K 0 K Hardware Interrupts and DPCs

Process: System Idle Process Pid: 0

Name Description Company Name Version

 

[Broni]

You didn't answer my question and I still need PE log from safe mode.

 

[kingmob]

Process PID CPU Private Bytes Working Set Description Company Name Command Line
explorer.exe 1112 3.83 34,012 K 48,364 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
procexp.exe 1528 8.60 15,632 K 28,372 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Sam D\Downloads\ProcessExplorer\procexp.exe"
svchost.exe 812 0.01 10,420 K 14,860 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 768 4,424 K 6,600 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 948 0.01 3,892 K 3,800 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 596 0.02 2,724 K 6,528 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
services.exe 428 0.06 2,592 K 5,096 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
WmiPrvSE.exe 1608 2,088 K 4,796 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
lsass.exe 468 0.05 2,084 K 6,304 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
svchost.exe 672 0.02 1,692 K 4,504 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
lsm.exe 480 1,508 K 4,108 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 388 2.01 1,448 K 3,900 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
ctfmon.exe 1152 1,420 K 2,536 K CTF Loader Microsoft Corporation ctfmon.exe
csrss.exe 340 1,128 K 2,792 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 456 1,076 K 3,520 K Windows Logon Application Microsoft Corporation winlogon.exe
svchost.exe 856 1,056 K 3,400 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
wininit.exe 376 924 K 3,136 K Windows Start-Up Application Microsoft Corporation wininit.exe
SASCore.exe 928 < 0.01 756 K 2,676 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
smss.exe 260 276 K 764 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
System 4 0.39 60 K 1,052 K
System Idle Process 0 84.91 0 K 24 K
Interrupts n/a 0.10 0 K 0 K Hardware Interrupts and DPCs

Process: System Idle Process Pid: 0

Name Description Company Name Version

 

[kingmob]

My Windows is Updated as far as I can tell. I did update it a month ago with most of the critical updates that were available.

 

[Broni]

As far as I can tell Service Pack 1 is not installed.
Your Windows version reported by all tools is 6.1.7600.
If SP 1 was there it'd be 6.1.7601.

In any case CPU usage in safe mode looks fairly normal:
System Idle Process 84.91%

Something triggers high CPU usage in normal mode.

=========================

Go Start>Run (Start Search in Vista/7), type in:
msconfig
Click OK (hit Enter in Vista/7).
Windows 8/8.1 users. Press Windows logo key

and start typing the following:
msconfig
Press Enter.

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Post fresh PE log.

 

[kingmob]

Process PID CPU Private Bytes Working Set Description Company Name Command Line
svchost.exe 936 0.02 54,220 K 59,556 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe 996 0.22 43,832 K 38,472 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
explorer.exe 1616 1.92 43,508 K 54,616 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
SMSvcHost.exe 1100 0.01 17,208 K 15,000 K SMSvcHost.exe Microsoft Corporation C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
procexp.exe 3660 57.84 18,032 K 31,992 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Sam D\Downloads\ProcessExplorer\procexp.exe"
audiodg.exe 1068 15,224 K 13,844 K Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x300
svchost.exe 880 14,032 K 13,704 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
csrss.exe 496 0.72 13,868 K 10,972 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
svchost.exe 1228 < 0.01 9,960 K 12,648 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 1440 8,892 K 11,852 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
MSOSYNC.EXE 3904 8,140 K 10,636 K Microsoft Office Document Cache Microsoft Corporation "C:\Program Files\Microsoft Office\Office15\MsoSync.exe"
OSPPSVC.EXE 3084 7,076 K 14,220 K Microsoft Office Software Protection Platform Service Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
taskhost.exe 1512 0.04 6,996 K 5,836 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
spoolsv.exe 1348 6,008 K 10,464 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
services.exe 576 4,284 K 6,792 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 1112 4,180 K 7,316 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
lsass.exe 600 13.28 3,332 K 7,600 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
WmiPrvSE.exe 2008 3,084 K 6,672 K WMI Provider Host Microsoft Corporation C:\Windows\System32\wbem\WmiPrvSE.exe
svchost.exe 712 0.39 2,908 K 6,868 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 792 0.45 2,548 K 5,580 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
sppsvc.exe 3964 2,364 K 7,636 K Microsoft Software Protection Platform Service Microsoft Corporation C:\Windows\system32\sppsvc.exe
WmiPrvSE.exe 3672 1,916 K 4,616 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
TrustedInstaller.exe 2900 1,880 K 6,088 K Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
svchost.exe 2636 1,844 K 4,544 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
UI0Detect.exe 1412 1,752 K 5,176 K Interactive services detection Microsoft Corporation C:\Windows\system32\UI0Detect.exe
lsm.exe 608 1,708 K 4,252 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
Apoint.exe 1132 0.02 1,692 K 5,920 K Alps Pointing-device Driver Alps Electric Co., Ltd. "C:\Program Files\DellTPad\Apoint.exe"
dwm.exe 1584 1,660 K 4,144 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
wuauclt.exe 3352 1,360 K 4,628 K Windows Update Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
csrss.exe 424 0.02 1,336 K 3,452 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
SkypeC2CPNRSvc.exe 2016 1,244 K 3,688 K Phone Number Recognition (PNR) module Microsoft Corporation "C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
svchost.exe 2032 1,168 K 3,976 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
winlogon.exe 548 1,076 K 3,532 K Windows Logon Application Microsoft Corporation winlogon.exe
taskeng.exe 1372 1,060 K 3,424 K Task Scheduler Engine Microsoft Corporation taskeng.exe {7E4DC8AF-E9ED-46D3-878C-9FBE985257D0}
taskeng.exe 1784 < 0.01 1,028 K 3,396 K Task Scheduler Engine Microsoft Corporation taskeng.exe {D4251B1E-79FC-4F53-B790-9277D0C887B5}
ApntEx.exe 3200 1,008 K 2,960 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. "Apntex.exe"
wininit.exe 484 992 K 3,292 K Windows Start-Up Application Microsoft Corporation wininit.exe
SkypeC2CAutoUpdateSvc.exe 1940 944 K 3,512 K Updates Skype Click to Call Microsoft Corporation "C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
hidfind.exe 3220 808 K 2,828 K Alps Pointing-device Driver Alps Electric Co., Ltd. "C:\Program Files\DellTPad\HidFind.exe"
conhost.exe 3240 628 K 2,220 K Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe
ApMsgFwd.exe 3164 0.14 524 K 2,132 K ApMsgFwd Alps Electric Co., Ltd. "C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
smss.exe 332 260 K 744 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
System 4 0.84 60 K 1,140 K
System Idle Process 0 18.29 0 K 24 K
Interrupts n/a 1.65 0 K 0 K Hardware Interrupts and DPCs

Process: System Idle Process Pid: 0

Name Description Company Name Version

 

[Broni]

Not good. CPU usage over 80%.
Go back to "msconfig" and reverse all changes you just made.

I tried couple of things but at this point...

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

 

[kingmob]

Really appreciate your help. either way, we tried.

 

[Broni]

You're very welcome