Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » [Resolved]Intermittent CPU spikes.

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

[Resolved]Intermittent CPU spikes.

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 22-05-2009, 10:33 PM
Newbie
D-A-L Newbie
  
Join Date: May 2009
Posts: 8
mont1uk Is a beginner here at D-A-L
[Resolved]Intermittent CPU spikes.
Hi all,

Basically every few minutes or so i will get large CPU spikes that cause my audio that is playing to slow down to about 1/4 speed and my PC to lag and this lasts only for a couple of seconds. I had task manager up to try and identify which process was causing the lag but there is no one process that is going up to 70/80% CPU usages, just the standard system idle and firefox which dont change. The CPU usage graph on the performance tab confirms the spikes but as i cant identify the specific process im at a bit of a loss. I thought maybe it was a hardware problem but have now come to the conclusion its probably some sort of virus / malware issue.

I have run a SUPERantispyware scan which detected 3 trojans so i removed them, i have done a GMER scan also, logs of both are available if needed. Im just at the end of my tether over this, it makes using my PC, listening to music / playing games, pretty much doing anything really annoying.

I use XP and windows firewall. Any help you can give me would be appreciated, im happy to do any and all scans to aid a solution,

thanks for your time, Nick.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 23-05-2009, 01:36 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,273
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved]Intermittent CPU spikes.
Skip steps 1, and 3, but post both logs.

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies may be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.14.14205
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
TrendSecure | Download TrendMicro HijackThis
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 23-05-2009, 06:36 PM
Newbie
D-A-L Newbie
  
Join Date: May 2009
Posts: 8
mont1uk Is a beginner here at D-A-L
re: [Resolved]Intermittent CPU spikes.
Ok here goes,

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/22/2009 at 10:02 PM

Application Version : 4.26.1002

Core Rules Database Version : 3907
Trace Rules Database Version: 1852

Scan type : Complete Scan
Total Scan Time : 01:13:00

Memory items scanned : 654
Memory threats detected : 0
Registry items scanned : 5999
Registry threats detected : 2
File items scanned : 145751
File threats detected : 183

Adware.Tracking Cookie
(Omitted as stated)

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WFWBWJWN\CBKRGJUF.EXE

Unclassified.Oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 2

23/05/2009 16:39:00
mbam-log-2009-05-23 (16-39-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 186699
Time elapsed: 1 hour(s), 27 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.14972 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-23 18:30:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB9EC00D0]
SSDT sptd.sys ZwEnumerateKey [0xB9EC5E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9EC61BA]
SSDT sptd.sys ZwOpenKey [0xB9EC00B0]
SSDT sptd.sys ZwQueryKey [0xB9EC6292]
SSDT sptd.sys ZwQueryValueKey [0xB9EC6112]
SSDT sptd.sys ZwSetValueKey [0xB9EC6324]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B90EF62C 5 Bytes JMP 8A442780
? System32\Drivers\aggp1tag.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[748] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[748] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe[888] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00F57FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe[888] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F57EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Motherboard Monitor 5\MBM5.EXE[1516] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00CF7FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Motherboard Monitor 5\MBM5.EXE[1516] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00CF7EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\MultiRes\MultiRes.exe[1648] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\MultiRes\MultiRes.exe[1648] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[1748] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 03D47FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[1748] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 03D47EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\WebcamMax\wcmmon.exe[1812] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\WebcamMax\wcmmon.exe[1812] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\WINDOWS\system\CMGxMon.exe[1952] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\WINDOWS\system\CMGxMon.exe[1952] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[1984] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[1984] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[2060] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00E77FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Belkin\Bluetooth Software\BTTray.exe[2060] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E77EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2068] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2068] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\SEC\Natural Color Pro\NCProTray.exe[2084] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\SEC\Natural Color Pro\NCProTray.exe[2084] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2136] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00FA7FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2136] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FA7EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ASUS Xonar DX Audio\Customapp\Program\MXMon.exe[2236] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ASUS Xonar DX Audio\Customapp\Program\MXMon.exe[2236] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2288] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2288] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2368] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Razer\DeathAdder\razerofa.exe[2368] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2480] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 014E7FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE[2480] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 014E7EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2916] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2916] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Documents and Settings\Nick\Desktop\gmer.exe[3632] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007FD0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Documents and Settings\Nick\Desktop\gmer.exe[3632] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 10007EE0 C:\WINDOWS\system\CmGxSrv.DLL (CMGxSrv Dynamic Link Library/C-Media Electronics Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EC0AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EC0C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EC0B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EC1748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EC161E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9ED5ACA] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A94A1E8
Device \Driver\usbuhci \Device\USBPDO-0 8A4197A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8DA1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8DA1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8DA1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8DA1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A4197A0
Device \Driver\usbuhci \Device\USBPDO-2 8A4197A0
Device \Driver\usbehci \Device\USBPDO-3 8A3407A0
Device \Driver\usbuhci \Device\USBPDO-4 8A4197A0
Device \Driver\usbuhci \Device\USBPDO-5 8A4197A0
Device \Driver\usbuhci \Device\USBPDO-6 8A4197A0
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A94C1E8
Device \Driver\usbehci \Device\USBPDO-7 8A3407A0
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A94C1E8
Device \Driver\Cdrom \Device\CdRom0 8A51E5F8
Device \Driver\atapi \Device\Ide\IdePort0 8A94B1E8
Device \Driver\atapi \Device\Ide\IdePort1 8A94B1E8
Device \Driver\atapi \Device\Ide\IdePort2 8A94B1E8
Device \Driver\atapi \Device\Ide\IdePort3 8A94B1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-10 8A94B1E8
Device \Driver\atapi \Device\Ide\IdePort4 8A94B1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-8 8A94B1E8
Device \Driver\atapi \Device\Ide\IdePort5 8A94B1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1b 8A94B1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3EA7A0
Device \Driver\NetBT \Device\NetbiosSmb 8A3EA7A0
Device \Driver\usbuhci \Device\USBFDO-0 8A4197A0
Device \Driver\PCI_NTPNP4010 \Device\0000006c sptd.sys
Device \Driver\usbuhci \Device\USBFDO-1 8A4197A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A38F7A0
Device \Driver\usbuhci \Device\USBFDO-2 8A4197A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A38F7A0
Device \Driver\usbehci \Device\USBFDO-3 8A3407A0
Device \Driver\usbuhci \Device\USBFDO-4 8A4197A0
Device \Driver\Ftdisk \Device\FtControl 8A94C1E8
Device \Driver\usbuhci \Device\USBFDO-5 8A4197A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{F542B2F7-6F2D-4EEA-8AA0-FED09C149585} 8A3EA7A0
Device \Driver\usbuhci \Device\USBFDO-6 8A4197A0
Device \Driver\usbehci \Device\USBFDO-7 8A3407A0
Device \Driver\aggp1tag \Device\Scsi\aggp1tag1 8A4D77A0
Device \FileSystem\Cdfs \Cdfs 8A3E17A0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0xDE 0x0E 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x30 0x91 0x45 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje h 0x0D 0x3D 0x84 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khje h 0x11 0xCD 0x13 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khje h 0x77 0xD6 0x80 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khje h 0x76 0x46 0x15 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x0E 0xDE 0x0E 0x4D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0x30 0x91 0x45 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0D 0x3D 0x84 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x11 0xCD 0x13 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x77 0xD6 0x80 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x76 0x46 0x15 0x00 ...

---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:04, on 23/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\WINDOWS\system\CMGxMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\Program\ASUSAUDIOCENTER.EXE
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ASUS Xonar DX Audio\Customapp\Program\MXMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Cmaudio8788GX] C:\WINDOWS\system\CMGxMon.exe Envoke
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\Common\eReg.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfx update.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8276 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 23-05-2009, 07:11 PM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,273
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved]Intermittent CPU spikes.
There is not antivirus program present.
Please, download, and install one of these:

- Avast! free antivirus: Download FREE antivirus software - avast! Home Edition
- Avira free antivirus: Download Free Antivirus Products

- free PC Tools Firewall Plus: PC Tools Firewall Plus - Free Firewall Download

- free Comodo Internet Security (firewall + AV): Firewall and AntiVirus Free Software Download from Comodo
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use PC Tools Firewall Plus.
If you decide to install Comodo, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

After installing, update the program, run full scan.

When done...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 23-05-2009, 10:42 PM
Newbie
D-A-L Newbie
  
Join Date: May 2009
Posts: 8
mont1uk Is a beginner here at D-A-L
re: [Resolved]Intermittent CPU spikes.
Ok done, i used Avira and it found 14 viruses so i quarantined them.

ComboFix 09-05-23.03 - Nick 23/05/2009 22:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.1432 [GMT 1:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\GDS32.DLL
c:\windows\system32\tmp27.tmp
c:\windows\system32\tmp28.tmp

.
((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.

2009-05-23 19:31 . 2009-05-23 19:31 -------- d-----w c:\windows\LastGood
2009-05-23 19:31 . 2009-03-30 09:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-23 19:31 . 2009-03-24 15:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-23 19:31 . 2009-02-13 11:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-23 19:31 . 2009-02-13 11:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-23 19:31 . 2009-05-23 19:31 -------- d-----w c:\program files\Avira
2009-05-23 19:31 . 2009-05-23 19:31 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-23 17:30 . 2009-05-23 17:30 -------- d-----w c:\program files\Trend Micro
2009-05-22 21:15 . 2009-05-22 21:15 -------- d-----w C:\logs3
2009-05-22 19:47 . 2009-05-23 17:32 117760 ----a-w c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-05-22 19:47 . 2009-05-22 19:47 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-22 19:46 . 2009-05-22 19:46 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-22 19:46 . 2009-05-22 19:46 -------- d-----w c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com
2009-05-22 10:45 . 2009-05-23 19:30 1374 ----a-w c:\documents and settings\Nick\Application Data\ASUS\Xonar D2 Audio Center\AsusAudioCenter.dll
2009-05-22 10:45 . 2009-05-22 10:45 -------- d-----w c:\documents and settings\Nick\Application Data\ASUS
2009-05-22 10:42 . 2007-04-19 07:12 32768 ----a-r c:\windows\system32\cmudaxp.dll
2009-05-22 10:42 . 2004-04-14 03:28 315392 ----a-r c:\windows\system\CmiFltr.dll
2009-05-22 10:42 . 2008-01-14 08:46 1867840 ----a-r c:\windows\system32\drivers\cmudaxp.sys
2009-05-20 23:39 . 2009-05-20 23:39 -------- d-----w c:\program files\PCI Latency Tool 3
2009-05-20 18:59 . 2009-05-20 18:59 -------- d-----w c:\program files\SpacialAudio
2009-05-20 18:59 . 2005-09-22 23:05 548864 ----a-w c:\windows\system32\msvcp80.dll
2009-05-20 18:59 . 2009-05-20 18:59 -------- d-----w c:\program files\Firebird
2009-05-20 18:59 . 2005-09-22 23:05 626688 ----a-w c:\windows\system32\msvcr80.dll
2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-26 17:14 . 2009-05-05 14:25 -------- d-----w c:\program files\SnapStream Media
2009-04-25 23:44 . 2009-04-25 23:44 -------- d-----w c:\documents and settings\Nick\Application Data\Webcammax
2009-04-25 23:43 . 2009-04-25 23:45 -------- d-----w c:\program files\WebcamMax
2009-04-25 23:43 . 2009-04-25 23:54 -------- d-----w c:\documents and settings\All Users\Application Data\Webcammax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-23 19:26 . 2007-05-01 14:32 -------- d-----r c:\program files\mIRC
2009-05-23 00:25 . 2007-11-08 13:58 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-22 23:56 . 2007-11-08 13:58 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-22 21:15 . 2008-12-03 21:37 -------- d-----w c:\program files\Kontiki
2009-05-22 21:06 . 2008-10-11 22:30 -------- d-----w c:\documents and settings\All Users\Application Data\wfwbwjwn
2009-05-22 19:46 . 2007-05-01 15:38 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 19:15 . 2007-05-02 21:13 -------- d-----w c:\program files\Analog Devices
2009-05-22 18:17 . 2009-01-14 16:02 -------- d-----w c:\documents and settings\Nick\Application Data\Spotify
2009-05-22 10:45 . 2007-04-27 15:51 28544 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 10:44 . 2009-05-22 10:44 -------- d-----w c:\program files\OpenAL
2009-05-22 10:44 . 2007-04-27 17:03 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-05-22 10:44 . 2007-04-27 17:03 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-05-22 10:44 . 2009-05-22 10:43 -------- d-----w c:\program files\ASUS Xonar DX Audio
2009-05-22 09:36 . 2007-04-27 17:02 -------- d-----w c:\program files\Creative
2009-05-22 09:36 . 2007-04-27 17:04 -------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-05-21 19:32 . 2008-05-15 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2009-05-20 12:59 . 2007-05-22 19:59 -------- d-----w c:\documents and settings\Nick\Application Data\teamspeak2
2009-05-17 22:35 . 2009-01-14 14:47 -------- d-----w c:\documents and settings\Nick\Application Data\HLSW
2009-05-15 00:11 . 2007-04-27 16:09 84664 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-14 10:19 . 2009-02-07 16:11 -------- d-----w c:\program files\Rockstar Games
2009-05-14 10:19 . 2007-04-27 15:40 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 23:08 . 2007-05-01 17:17 -------- d-s---w c:\program files\Xfire
2009-05-05 16:12 . 2007-05-01 15:41 -------- d-----w c:\documents and settings\Nick\Application Data\Xfire
2009-05-02 14:02 . 2009-03-25 14:18 5588312 ----a-w c:\documents and settings\Nick\Application Data\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.1.exe
2009-05-01 20:49 . 2007-05-05 19:52 -------- d-----w c:\program files\aequitas
2009-04-25 19:58 . 2009-03-09 19:24 -------- d-----w c:\program files\UT2004
2009-04-22 20:23 . 2008-12-17 22:05 -------- d-----w c:\documents and settings\Nick\Application Data\Skype
2009-04-22 20:20 . 2008-12-17 22:05 -------- d-----w c:\documents and settings\Nick\Application Data\skypePM
2009-04-18 13:47 . 2007-11-08 13:57 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-18 13:26 . 2007-11-08 13:58 22328 ----a-w c:\documents and settings\Nick\Application Data\PnkBstrK.sys
2009-04-18 13:26 . 2007-11-08 13:58 22328 ----a-w c:\documents and settings\Nick\Application Data\PnkBstrK.sys
2009-04-18 13:25 . 2008-11-01 17:59 682280 ----a-w c:\windows\system32\pbsvc.exe
2009-04-08 10:45 . 2009-04-08 10:45 -------- d-----w c:\documents and settings\Nick\Application Data\Logitech
2009-04-08 10:44 . 2009-04-08 10:44 -------- d-----w c:\documents and settings\Nick\Application Data\Leadertech
2009-04-08 10:44 . 2009-04-08 10:44 53248 ----a-r c:\documents and settings\Nick\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-04-08 10:44 . 2009-04-08 10:42 -------- d-----w c:\program files\Common Files\Logishrd
2009-04-08 10:44 . 2009-04-08 10:44 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-04-08 10:44 . 2009-04-08 10:44 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_0 1005.Wdf
2009-04-08 10:43 . 2009-04-08 10:43 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-04-08 10:42 . 2009-04-08 10:42 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-08 10:42 . 2009-04-08 10:42 -------- d-----w c:\program files\Logitech
2009-04-08 10:42 . 2009-04-08 10:42 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-08 10:34 . 2009-04-08 10:34 -------- d-----w c:\program files\viewsonic
2009-03-31 13:03 . 2009-03-31 13:03 -------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-03-31 13:01 . 2009-03-31 11:24 -------- d-----w c:\program files\ATI Technologies
2009-03-31 11:32 . 2009-03-31 11:32 0 ----a-w c:\windows\ativpsrm.bin
2009-03-31 11:26 . 2009-03-31 11:26 9158 ----a-r c:\documents and settings\Nick\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-03-31 11:26 . 2009-03-31 11:26 -------- d-----w c:\program files\Common Files\ATI Technologies
2009-03-29 01:31 . 2009-03-29 01:31 -------- d-----w c:\program files\microsoft frontpage
2009-03-28 19:00 . 2009-03-14 18:09 -------- d-----w c:\program files\lg_fwupdate
2009-03-25 18:06 . 2009-03-25 18:16 2082104 ----a-w c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\0xhbgp89.default\extensions\firefox@tvunetworks.com \plugins\npTVUAx.dll
2009-03-25 14:51 . 2008-02-20 00:37 8 ----a-w c:\windows\system32\nvModes.dat
2009-03-25 14:18 . 2009-03-25 14:18 -------- d-----w c:\documents and settings\Nick\Application Data\TVU networks
2009-03-09 19:30 . 2007-06-24 19:24 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-03-07 14:20 . 2009-03-07 14:20 488960 ----a-w c:\documents and settings\Nick\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...240-0-main.dll
2009-03-07 14:20 . 2009-03-07 14:20 319488 ----a-w c:\documents and settings\Nick\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-02-25 22:58 . 2008-10-01 05:10 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-03-31 11:25 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2008-10-01 03:30 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2008-10-01 04:10 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2008-10-01 03:20 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2008-10-01 03:20 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2008-10-01 03:20 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2008-10-01 03:20 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2008-10-01 03:20 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2008-10-01 03:18 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2008-10-01 03:17 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2008-10-01 03:08 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2009-03-31 11:25 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2008-10-01 02:52 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:44 . 2008-10-01 02:38 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2008-10-01 02:34 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2008-10-01 02:33 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2008-10-01 02:32 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2008-10-01 02:31 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2008-10-01 03:19 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2008-10-01 02:26 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 14:15 . 2009-03-31 11:25 593920 ------w c:\windows\system32\ati2sgag.exe
.

------- Sigcheck -------

[-] 2007-05-02 22:14 360576 E7DFCFFA380749B8626AD71E8F367DCB c:\windows\system32\dllcache\TCPIP.SYS
[-] 2007-05-02 22:14 360576 E7DFCFFA380749B8626AD71E8F367DCB c:\windows\system32\drivers\TCPIP.SYS

[-] 2008-02-18 13:18 502272 9B87F4EB80008CD45EBA76162DBDA138 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 49263]
"MBM 5"="c:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"MultiRes"="c:\program files\MultiRes\MultiRes.exe" [2006-01-09 54784]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-04 626176]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" [2007-08-01 450048]
"Cmaudio8788GX"="c:\windows\system\CMGxMon.exe " [2007-12-19 20480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Nick\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\Common\eReg.exe [2009-3-30 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-5-4 1581056]
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2005-8-24 577597]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-8 784912]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2007-7-28 49220]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 ----a-w c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
backup=c:\windows\pss\GammaTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"SCardSvr"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\Nick\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Infogrames\\Tactical Ops\\System\\TacticalOps.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\klame_one@hotmail. com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Java\\jre1.5.0_09\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\Nick\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octosh ape.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Mumble\\murmur.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\UT2004\\System\\UT2004.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"e:\\Program Files (x86)\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14/05/2009 14:22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14/05/2009 14:22 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/05/2009 20:31 108289]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [11/01/2007 06:39 243584]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]
R2 LtcyCfgSvc;PCI Latency Tool Service;c:\program files\PCI Latency Tool 3\LtcyCfgSvc.exe [26/12/2005 00:24 5120]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [31/03/2009 12:26 89600]
R3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [22/05/2009 11:42 1867840]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [26/12/2005 00:24 6656]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.432 2\netfxupdate.exe --> c:\windows\Microsoft.NET\Framework\v1.1.4322\netfx update.exe [?]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [31/07/2008 21:54 22784]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [01/05/2007 14:37 17149]
S3 PciCon;PciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]
S3 PLUsbbc2;Trust NB-7500p USB 2.0 Data Transfer Cable;c:\windows\system32\drivers\usbbc2.sys [01/05/2007 15:05 8960]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14/05/2009 14:22 7408]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S4 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [04/08/2004 12:00 3584]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\0xhbgp89.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.arsenal.com/
FF - component: c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\0xhbgp89.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\0xhbgp89.default\extensions\firefox@tvunetworks.com \plugins\npTVUAx.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20816.0.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-23 22:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-05-23 22:38
ComboFix-quarantined-files.txt 2009-05-23 21:37
ComboFix2.txt 2009-03-29 01:36

Pre-Run: 23,715,864,576 bytes free
Post-Run: 24,582,062,080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

328 --- E O F --- 2007-08-15 22:09


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:18, on 23/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\Program\ASUSAUDIOCENTER.EXE
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [Cmaudio8788GX] C:\WINDOWS\system\CMGxMon.exe Envoke
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\Common\eReg.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfx update.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8597 bytes

I noticed in ComboFix it says "FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}" I dont have COMODO firewall, i had it about 6months ago and got rid of it because of its notices, so i guess theres still traces of it not that its whats causing my problems, just something i noted.

On my E: drive i have Vista64 installed, so just to check if it was something on my XP disk i booted into vista and i have none of the problems, no spikes and no audio stuttering. So im 99.9% sure its something on my XP disk.
Last edited by mont1uk; 23-05-2009 at 10:45 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 23-05-2009, 11:21 PM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,273
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved]Intermittent CPU spikes.
*** Upload following files to VirusTotal - Free Online Virus and Malware Scan for security check:
- Msft_Kernel_LMouFilt_0 1005.Wdf located in c:\windows\system32\drivers
- Msft_Kernel_LUsbFilt_0 1005.Wdf located in c:\windows\system32\drivers
- MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf located in c:\windows\system32\drivers
- ativpsrm.bin located in c:\windows
- nvModes.dat located in c:\windows\system32
Post scan results

*** What is drive G?

*** Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


*** Your Malwarebytes database is seriously outdated. Please, update.
Re-scan with updated Bytes, post its log, along with fresh HJT log.

*** We'll take care of Comodo leftovers, as soon, as the above is done.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 24-05-2009, 01:29 AM
Newbie
D-A-L Newbie
  
Join Date: May 2009
Posts: 8
mont1uk Is a beginner here at D-A-L
re: [Resolved]Intermittent CPU spikes.
- Msft_Kernel_LMouFilt_0 1005.Wdf located in c:\windows\system32\drivers
- Msft_Kernel_LUsbFilt_0 1005.Wdf located in c:\windows\system32\drivers
- MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf located in c:\windows\system32\drivers
- ativpsrm.bin located in c:\windows

are all 0 bytes so cant be uploaded.

- nvModes.dat
MD5: 783c58fd708782745bbadbac46a1eba6
First received: 2009.05.16 17:17:23 UTC
Date: 2009.05.16 17:17:23 UTC [>7D]
Results: 0/40
Permalink: analisis/ae3e66d7d939e63fd1b4d60df65c734c6f078e81ff5b011c35 ab2147ae02e52d-1242494243

G:\ is my ipod or one of my external HDDs which arent plugged in regularly.

Malwarebytes' Anti-Malware 1.36
Database version: 2171
Windows 5.1.2600 Service Pack 2

24/05/2009 01:25:27
mbam-log-2009-05-24 (01-25-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 242483
Time elapsed: 1 hour(s), 11 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{4e524163-8d00-46f3-b239-1f42d48c8ed0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:28:25, on 24/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\WINDOWS\system\CMGxMon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS Xonar DX Audio\CustomApp\Program\AsusAudioCenter.exe
C:\Program Files\ASUS Xonar DX Audio\CustomApp\Program\MXMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [Cmaudio8788GX] C:\WINDOWS\system\CMGxMon.exe Envoke
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\Common\eReg.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfx update.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9069 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 24-05-2009, 01:52 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,273
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved]Intermittent CPU spikes.
We're gonna get rid of Comodo leftovers, first...

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

Quote:
File::
c:\windows\system32\DRIVERS\cmdhlp.sys
c:\windows\system32\DRIVERS\cmdguard.sys

Folder::

Driver::
cmdhlp.sys
cmdguard.sys


Registry::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.


Then, let's remove couple of unnecessary startups...
Open HJT, and checkmark:
- O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
- O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
- O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\Common\eReg.exe
- O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
- O4 - Global Startup: Bluetooth.lnk = ?
- O4 - Global Startup: NCProTray.lnk = ?
Click "Fix checked" button.

Restart computer, post new HJT log.
How is your computer doing?
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 24-05-2009, 02:20 AM
Newbie
D-A-L Newbie
  
Join Date: May 2009
Posts: 8
mont1uk Is a beginner here at D-A-L
re: [Resolved]Intermittent CPU spikes.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:18:32, on 24/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system\CMGxMon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [Cmaudio8788GX] C:\WINDOWS\system\CMGxMon.exe Envoke
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\Common\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfx update.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8483 bytes


Still having the CPU spikes, i simply opened task manager after booting and they occur with nothing running. Im starting to think maybe its some sort of update program or something i really have no idea. Like i said before i dont get any of it using Vista so it must be something on this disk.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 24-05-2009, 02:26 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,273
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved]Intermittent CPU spikes.
OK. Let's close cleaning part, first.

1. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.


If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.


Click Exit on the Main menu to close the program.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

7. Download, and install WOT (Web OF Trust): Internet Security | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

8. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?


When done....
Download Process Explorer: Process Explorer
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Massive random CPU usage spikes everrush Spyware, Adware, Viruses and HijackThis Logs 51 20-04-2009 03:57 PM
Hm... Lag Spikes in games. gonkun PC Games 15 31-01-2009 09:29 AM
Vista Wireless Gaming Lag Spikes <Unresolvable!> junglejunkie Windows Vista Help 3 25-11-2007 02:08 AM
computer spikes every 10 seconds japanther Windows XP Help 19 23-04-2006 06:06 AM
Intermittent Freezing jordansrus MAC OS Help 1 24-08-2005 11:00 PM


All times are GMT +1. The time now is 07:41 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav