Jump to content

Recommended Posts

I started to notice 100% high CPU usage when AVG would run a scan (purchased edition). I was also abput the time I was going to delete People PC folder from my flash drive. As it was deleting a notice came up that said if that folder was deleted it would harm my system. I then stopped the delete. It is still on the flash drive. You see I never put People PC on my computer it was in a folder along with AOL and Netscape in the program files. They were there but not installed. I did not want them on my computer so I downloaded them on a flash drive in case there was a problem with my system with out them, thenI could put them back. Never had a problem with them not being there until I wanted to free up my flash driver andgetting that message.

When all the problem started I thought it was the AVG so I removed it from my system and installed Panda Cloud - It picked up what it called a virus right away called People PC. Per your instructions to run an Anti-Virus Program - I wanted to try Avira AntiVir Personal - since it was recommended by you - I knew it must be good. So, I removed Panda Cloud thinking the two programs would not get along. The Avira AntiVir found 4 viruses I think. Two were from the Weather Bug another program that was On my computer when purchased and I removed.

100% CPU usage still occurs at times when scans are ran or files downloaded. I have seen it being high on any AntiVirus scan that I have ran and sometimes when my printer starts to print. Also, it has been high when ehRec has ran( I am trying to do this from memory - my notes are at home).

I downloaded the DeFogger and ran it but at the end I clicked OK - it did not restart the computer - I restarted it.

The requested reports are as follows:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5735

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/10/2011 7:42:17 PM

mbam-log-2011-02-10 (19-42-17).txt

Scan type: Quick scan

Objects scanned: 155790

Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

____________

DDS (Ver_10-12-12.02) - NTFSx86

Run by Compaq_Administrator at 1:23:47.81 on Fri 02/11/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.482 [GMT -5:00]

AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\dllhost.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop

uStart Page = hxxp://www.google.com/

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [nwiz] nwiz.exe /install

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

LSP: c:\program files\avira\antivir desktop\avsda.dll

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260623977527

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254999548062

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {D72F46B1-7E73-48C9-A248-0FA2A0B32227} = 166.102.165.11 166.102.165.13

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = :\windows\system32\srrstr.dll cli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\drjfeeq2.default\

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-10 11608]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-2-10 337064]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-10 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-10 267432]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-2-10 405672]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-10 60936]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-2-5 11232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-11 04:09:23 -------- d-----w- c:\windows\system32\NtmsData

2011-02-11 04:08:26 -------- d-----w- c:\docume~1\compaq~1\applic~1\Avira

2011-02-11 01:00:07 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-02-11 01:00:06 -------- d-----w- c:\program files\Avira

2011-02-11 01:00:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-02-07 10:23:41 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Adobe

2011-02-06 15:23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-06 15:23:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-06 15:23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-05 18:48:05 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-02-05 18:48:05 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-05 16:52:18 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2011-02-05 16:52:15 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\SlimWare Utilities Inc

2011-01-30 23:05:11 917504 ----a-w- c:\windows\system32\FLASH.OCX

2011-01-30 23:05:11 -------- d-sh--w- c:\windows\ftpcache

2011-01-29 22:04:42 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2011-01-29 21:06:09 -------- d-----w- c:\docume~1\compaq~1\applic~1\Panda Security

2011-01-29 21:05:32 -------- d-----w- c:\docume~1\compaq~1\applic~1\SurfSecret Privacy Suite

2011-01-29 21:05:15 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\panda2_0dn

2011-01-29 21:04:30 -------- d-----w- c:\program files\Panda Security

2011-01-29 21:04:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security

2011-01-29 01:59:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

2011-01-27 23:51:42 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-27 23:51:42 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-01-26 23:04:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2011-01-21 14:44:37 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll

2011-01-16 22:20:10 106496 ----a-w- c:\windows\DreamAquarium.scr

2011-01-16 21:41:24 -------- d-----w- c:\docume~1\compaq~1\applic~1\Dream Aquarium

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26:00 730112 ------w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15:09 718336 ------w- c:\windows\system32\ntdll.dll

2010-12-09 14:30:22 33280 ------w- c:\windows\system32\csrsrv.dll

2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 1:24:47.82 ===============

ark.zip

Attach.zip

Link to post
Share on other sites

I should have told you which driver failed to load.

The event viewer said the boot-start or system-start driver(s) failed to load: AVGIDSEH. and from time to time the NIVIDIA Display Driver Service service terminated unexpectedly.

I am so sorry for not posting that information in the original post. All this is so very new to me. And, I just don't know what I am doing. I appreciate your patience.

Link to post
Share on other sites

  • 2 weeks later...
  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.