100% CPU usage and intermittent freezes

Page 1 of 3 123 LastLast

  1. Posts : 85
    Windows 7 Home Premium 64 bit
       #1

    100% CPU usage and intermittent freezes


    Hello, my brother's laptop since Friday (the 13th) has had slowness with something 100%ing the laptop CPU and up to a a minute or 2 before normally resuming. I'm not so sure what it is and am trying to get a HijackThis page to post here.

    Also after spending enough time in Safe Mode, the laptop simply shuts off. I felt the underside of it and it was quite hot, the battery was not hot in the slightest.

    Here is the HijackThis log:

    Code:
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 1:19:09 PM, on 12/15/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Unable to get Internet Explorer version!
    
    FIREFOX: 25.0.1 (en-US)
    Boot mode: Safe mode with network support
    
    Running processes:
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
    C:\Users\James\Downloads\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo Search - Web Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: (no name) - {e9df9360-97f8-4690-afe6-996c80790da4} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_Plugin.exe -update plugin
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Realtek11nCU - Realtek - C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 8764 bytes
    Last edited by Glaice; 15 Dec 2013 at 13:30.
      My Computer


  2. Posts : 1,413
    Windows 7 Home Premium 64Bit
       #2

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.





    download AdwCleaner by Xplode and save to your Desktop.


    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    Using AdwCleaner v3: Scan & Clean:
    Double click on AdwCleaner.exe to run the tool again.
    Click on the Scan button.
    AdwCleaner will begin to scan your computer like it did before.
    After the scan has finished...

    This time click on the Clean button.
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder

    I'm not so familiar with "HijackThis" but i know several other members do so I'm sure they will be able to shed some light on the log.
      My Computer


  3. Posts : 4,161
    Windows 7 Pro-x64
       #3

    Looks like some cleaner has been run already and it deleted some system files.

    Uninstall AVG and Emsisoft AVs. Or pick ONE real time AV and remove the others. Don't run more than one real time AV. They spend more time checking each other than providing any benefit. After rebooting after each uninstall, run SFC /scannow from an elevated command prompt. Pay particular attention to the note that you may need to run it several times and to reboot after each run.
      My Computer


  4. Posts : 1,413
    Windows 7 Home Premium 64Bit
       #4

    Yeah running to AV at the same time means the conflict with each other resulting in false reports/ interference as carwiz said. I use AVG and would recommend you use that, some others will recommend AVAST which also does a fantastic job.
      My Computer


  5. Posts : 85
    Windows 7 Home Premium 64 bit
    Thread Starter
       #5

    I have been running this in safe mode and have ran TFC (temp file cleaner), Malwarebytes Antimalware and Adwcleaner so far and did find some crap that my brother tried finding via Avast. Also I was in the process of running OTL and the system overheated (not the battery tho) and shut down. I'll give that and Junkware cleaner a run once it cools off.

    There is actually only one AV on the system and I believe that safe search thing is a leftover that was never removed.

    Here is JRT.EXE:

    Code:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by James on Sun 12/15/2013 at 14:58:07.52
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    
    
    
    ~~~ Services
    
    
    
    ~~~ Registry Values
    
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
    
    
    
    ~~~ Registry Keys
    
    
    
    ~~~ Files
    
    Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_monthly.job"
    Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_updates.job"
    
    
    
    ~~~ Folders
    
    Successfully deleted: [Folder] "C:\ProgramData\ustechsupport"
    Successfully deleted: [Folder] "C:\Users\James\AppData\Roaming\dll-files.com"
    Successfully deleted: [Folder] "C:\Users\James\AppData\Roaming\ustechsupport"
    Successfully deleted: [Folder] "C:\Users\James\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Program Files (x86)\ustechsupport"
    
    
    
    ~~~ FireFox
    
    Successfully deleted: [Folder] C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\nyutb4wl.default\extensions\savingsslider@mybrowserbar.com
    Emptied folder: C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\nyutb4wl.default\minidumps [55 files]
    
    
    
    ~~~ Event Viewer Logs were cleared
    
    
    
    
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 12/15/2013 at 15:01:27.65
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    
    Here is Malwarebytes log:
    
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    
    Database version: v2013.12.15.05
    
    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.7601.17514
    James :: JAMES-PC [administrator]
    
    12/15/2013 1:59:35 PM
    mbam-log-2013-12-15 (13-59-35).txt
    
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222920
    Time elapsed: 5 minute(s), 56 second(s)
    
    Memory Processes Detected: 0
    (No malicious items detected)
    
    Memory Modules Detected: 0
    (No malicious items detected)
    
    Registry Keys Detected: 0
    (No malicious items detected)
    
    Registry Values Detected: 0
    (No malicious items detected)
    
    Registry Data Items Detected: 0
    (No malicious items detected)
    
    Folders Detected: 1
    C:\Users\James\AppData\Local\Slick Savings (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
    
    Files Detected: 8
    C:\Users\James\Downloads\DTLite4453-0297.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\James\Downloads\Razer_Game_Booster_downloader.exe (PUP.Optional.FreeNew.A) -> Quarantined and deleted successfully.
    C:\Users\James\Downloads\RollerCoasterTycoon-dm.exe (Adware.TryMedia) -> Quarantined and deleted successfully.
    C:\Users\James\Downloads\setup(1).exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
    C:\Users\James\Downloads\setup.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
    C:\Users\James\Downloads\SoftonicDownloader_for_razer-game-booster.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
    C:\Users\James\AppData\Local\Xenocode\Sandbox\Gamertag Editor\1.1.0.0\2009.08.01T02.25\Virtual\STUBEXE\@APPDATALOCAL@\Temp\Rar$EX03.035\GTChange.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
    C:\Users\James\AppData\Local\Slick Savings\coupons.crx (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
    
    (end)
    Last edited by Glaice; 15 Dec 2013 at 15:07.
      My Computer


  6. Posts : 1,413
    Windows 7 Home Premium 64Bit
       #6

    Could you post the logs of the scans you did? cheers
      My Computer


  7. Posts : 85
    Windows 7 Home Premium 64 bit
    Thread Starter
       #7

    I'm not sure if Adwcleaner left an option or I forgot to do that, there was some junk there that I can recall. I will post an OTL log once I let it cool off again. For some reason, my brother James never really had much an issue with overheating tho.

    OTL log:

    http://www.media___fire.com/download...559bsm/OTL.Txt - File too large to fully cut-paste into a reply. Remove underscores to view.

    http://www.media___fire.com/download...m3f/Extras.Txt - Extras.txt
    Last edited by Glaice; 15 Dec 2013 at 16:00.
      My Computer


  8. Posts : 1,413
    Windows 7 Home Premium 64Bit
       #8

    JRT got repaired some registry values and cleaned some files, Malwarebytes got rid of OpenCandy which is often used to install goodies within an installer see here :OpenCandy | Learn More About OpenCandy and False Adware Detections - OpenCandy
    all in all, both programs done what they were supposed to, There were some PUPS(potentially un-wanted programs) that were removed, when installing a program, make sure you click on the "custom install" to prevent any goodies from being installed, clicking "express" sometimes installs the program you want aswell as sometimes several you do not want.
      My Computer


  9. Posts : 1,413
    Windows 7 Home Premium 64Bit
       #9

    Temporary File Cleaner (TFC)
    http://oldtimer.geekstogo.com/TFC.exe
    Save to your Desktop.

    • Save any work in progress!! TFC closes open applications and removes unsaved work!! Close all windows.
    • Right-click TFC.exe and select: Run as Administrator
    • If prompted, click "Yes" to reboot.

    Note: For future reference you can upload files in ZIP format, the members here prefer that way as sometimes it can be unsafe to go to external sites, cheers
    100% CPU usage and intermittent freezes Attached Files
    Last edited by ShamrockRig; 15 Dec 2013 at 17:13.
      My Computer


  10. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #10

    Code:
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    HiJackThis is unreliable on x64 bit systems, but we could check the above entries anyway.

    On your brothers computer, do this:

    1. Download and save this tool to your desktop:
    http://go.microsoft.com/fwlink/?linkid=52012

    2. Run the tool, and then click Copy - ignore any errors if they appear

    3. Use CTRL+V to paste the results of the tool here in your next reply
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:02.
Find Us