high Random CPU usage on random

1.) Did you get a message stating it found some errors and was unable to fix them?
Or it found errors and successfully repaired them?
Or did it say no integrity issues were found?

Try copying the log from outside the location it is in to your desktop.



2.) -Uninstall all instances of the following software under control panel-uninstall a program.

-Java - Huge security risk.
-Adobe reader - not necessary anymore. Your web browser can open pdf files.
-Driver finder -spyware program-not trusted
-zipppener - a better alternative (clean and crap free) is 7zip which is found here: 7-Zip
-pc faster baidu security -bloatware-junkware

Confirm you have done these steps. We will then move on to removing the malware.

**Follow the below step by step. Do not skip anything. If you are unsure on something, ask**


1.) Ok, restart the pc and then run sfc scan again.

See if this time it determines that no integrity violations were found. If it does, peachy. Everything is good. If not, we will have to look into somehow uploading that log. (Won't be hard if we need to. )

2.) Here is another step to do once you finished the above:

Run herdprotects scan again. I advise you to remove the following items, I will give you the full name and log entry. Try and search up and down the list for it. I know its long, so take your time. Again, only remove what I advise.

How to remove with herdprotect:

Click the entry, click action-remove.

Code:

File path: 		c:\programdata\installmate\{83ae9823-35a0-4667-a48c-7d82584dbad5}\custom.dll
Publisher: 		StarApp
MD5: 			4c5d8e94294644eaf321ea72d79ae38e
SHA-1: 			705636e6f6727192a76af598bad1ba197c3343cb
Created: 		6/5/2013 9:20:15 AM
Detections: 		25
Determination: 		Adware

Code:

   File path: 		c:\programdata\installmate\{71de4193-031b-43d8-a133-4b39aa3d6365}\custom.dll
Publisher: 		QuickSet
MD5: 			e8d86c771d7e23b080921b9803f1654c
SHA-1: 			49d8ef6835a6de734ead4e0b2cbbc65735cd5c17
Created: 		12/10/2013 12:56:12 PM
Detections: 		19
Determination: 		Adware

Code:

  File path: 		c:\programdata\installmate\{3e82b806-fb63-41ec-a307-b341e5619af0}\custom.dll
Publisher: 		StarApp
MD5: 			0f44d43090e1e6784224ff618ce709ff
SHA-1: 			1dd769d04e61e44ad3caf3aa28eb39b466477b34
Created: 		5/14/2013 3:39:21 AM
Detections: 		14
Determination: 		Adware

Code:

 ---------------------------------------------------------------------------------

File path: 		c:\users\rox\appdata\local\pmb files\upgrade41270\pmb_updater.exe
Publisher: 		
Signer: 		Pando Networks, Inc.
MD5: 			b3953191f5e4dee933960a26339fb76c
SHA-1: 			815ce918a2cf57f5e0a3a9346fd9a6f6b3d03d30
Created: 		12/11/2013 11:56:51 PM
Detections: 		8

Code:

File path: 		c:\program files\pcdapp\dgen.exe
Publisher: 		
MD5: 			c7d96a006e2eedf5c289fcabac78f95e
SHA-1: 			7e5185fb13e40eddd15a02b85a77e414350136d7
Created: 		4/4/2014 10:37:16 PM
Detections: 		12
Determination: 		Adware

Code:

File path: 		c:\program files\sysplayer\sysplayer.exe
Publisher: 		GoobZo Ltd.
Signer: 		Goobzo LTD
MD5: 			9eeabf0a9bfd67a9be0e3a1792111051
SHA-1: 			95092734a5af17d1e9caa2b055a271ff1b3f4d1a
Created: 		12/18/2013 10:17:10 PM
Detections: 		3
Determination: 		Adware

Code:

File path: 		c:\program files\music editor free\conduitinstaller.exe
Publisher: 		Conduit
Signer: 		Conduit Ltd.
MD5: 			9a5e999c90861ce9b7906dbf429d4238
SHA-1: 			8992f72873d09212597e582a16f8d9bc60e6a22a
Created: 		7/26/2012 8:03:01 PM
Detections: 		3

Code:

File path: 		c:\program files\baidu security\pc faster\3.7.0.0\update\pc_faster_setup.exe
Publisher: 		Baidu, Inc.
Signer: 		Baidu Online Network Technology (Beijing)Co., Ltd
MD5: 			7d2ec5385359baf906befca6894b6c24
SHA-1: 			ba106f4824ba3ed16d079134c2771870db4bcaa5
Created: 		2/4/2014 2:09:48 PM
Detections: 		3

Code:

File path: 		c:\users\rox\desktop\new folder\robotic injector updated.exe
Publisher: 		
MD5: 			ee4cd83e9c6a211d39adba72a8ad1e08
SHA-1: 			e2db8ae5ea24d105b22fd1b5b331a8e4b29da262
Created: 		1/11/2014 11:30:08 AM
Detections: 		28
Determination: 		Malware

Code:

File path: 		c:\users\rox\desktop\new folder\trlatino bypass.dll
Publisher: 		
MD5: 			9d5f56cee3234dc1e9dca56694f01d08
SHA-1: 			7d0bf29aa17c15528122f612b6292e46fa44c4c8
Created: 		1/11/2014 11:30:08 AM
Detections: 		22
Determination: 		Malware

Code:

File path: 		c:\users\rox\downloads\the_last_remnant_(2009)_[mediafire]_downloader_229.exe
Publisher: 		http://www.express-files.com/
Signer: 		Faglaro Enterprises Limited
MD5: 			293972effdd51b156b9f9663c7dbc5be
SHA-1: 			e2226ae9d274f02d7ed2bfaaf92f6716719db42a
Created: 		3/30/2012 2:11:46 AM
Detections: 		11
Determination: 		Adware

And here is the cause of all your problems *drum roll please*:

Code:

  File path: 		c:\program files\pcdapp\cgminer-nogpu.exe
Publisher: 		
MD5: 			f6f05446216716b7df0a57cee226d20d
SHA-1: 			058cbc11544b156f5d1b7a014e003504374533eb
Created: 		5/11/2013 3:43:38 PM
Detections: 		11
Determination: 		Adware

You have a bitcoin miner on your pc. So This is why your cpu usage was so high.

Your pc was being used to mine bitcoins.

what are bitcoins you ask?
See here: Bitcoin - Wikipedia, the free encyclopedia

The application cgminer-nogpu.exe has been detected as a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. - Read more at Malware scan of cgminer-nogpu.exe f2c2ba3bdb1f2e828c27d0c65f5cf9742b776690 - herdProtect


For a complete clean, I recommend removing these nasties that you have in your downloads folder:

-c:\users\rox\downloads\sysplayer_sysds_setup.exe
-c:\users\rox\downloads\installer_hide_ip_platinum_3_0_6_6_arabic.exe
-c:\users\rox\downloads\isobuster_all_lang.exe
-c:\users\rox\downloads\imf-setup.exe
-c:\users\rox\downloads\cheatengine62.exe

Re-read post 23 above multiple times. Make sure you do not miss a single thing. You may consider printing it out to follow each step.

When and only when you are done with post 23, post a new herdprotect scan log. I want to make sure you are all cleaned up.

Roxsen said:

i am doing #23 post now....

this may take some time

No problem, take all the time you need.

Have not heard from you in awhile. Hope to hear back and see how it is going.

You didn't post a new log so I do not know if you are clean or not.

I can look into your new thread.