Something forcing random processes to take up exceptional CPU

Afran · Jul 25, 2006

The title basically says it all.

I assume I have some kind of spyware/virus, though I've not found anything with ZA Spyware scan, AVG Virus scan, SW Doctor, AdAware or XoftSpy.

I've also got a hijackthis log, which I'm not very experienced at using. Clicky spoiler tag for the log.

Logfile of HijackThis v1.99.1
Scan saved at 00:19:41, on 25/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\ImageTune\dtsslsrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Portrait Displays\ImageTune\DTSRVC.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Greg\Desktop\Misc Shizzle\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: ImageTune.lnk = C:\Program Files\Portrait Displays\ImageTune\dthtml.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39D9B40C-0F12-4746-8433-5222A2527704}: NameServer = 212.74.114.129 212.74.114.193
O18 - Protocol: bw+0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {E09EB296-0502-49EA-AC0B-725FB24B4650} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\syst812.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\ImageTune\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\ImageTune\DTSRVC.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

The usual processes to use 80-99% CPU are IEXPLORER.EXE & svchost.exe, both of which are vital system processes.

Any help appreciated,

Afran.

confused · Jul 25, 2006

Hmmm, although i've got limited Hijack this experience, I can't see anything obviously wrong. Try CCleaner to get rid of any errors in your registry

Afran · Jul 25, 2006

No joy after running CCleaner nor TweakNow RegCleaner.

Even processes like Task Manager are occasionally running at 80% or so CPU by the way, vsmon.exe is also a common one. It seems whichever process I end that's taking up high amounts of CPU, another process will just do the same.

Afran · Jul 25, 2006

Oh, I'm also getting a certain pop-up quite often, screenshot here:

http://img146.imageshack.us/my.php?image=popupdo4.jpg

ZoneAlarm also often asks for permission to run syamuwyw.exe, of which no information is available via google, so I deny it.

Krakatau · Jul 26, 2006

"SysProtect is detected as a potentially unwanted program.SysProtect is adware application added by the Netspy Trojan. SysProtect serves unwanted commercial advertisements and various annoying popup ads while browsing the internet.
This is a very high risk threat and should be removed immediately as to prevent harm to your computer and your privacy."

Get scanning and start removing...

Ingafgrinn Macabre · Jul 26, 2006

http://members.home.nl/mloman/hitmanpro243.exe

hitman pro, a scanning engine that uses multiple programs to achieve its goal (which is a nice functional clean computer).
Install it, and in settings at the anti-spyware sections select all programs.
in the Settings section select "accept licence agreements"
find that syamuwyw.exe on your computer and delete it if you can.
If you can, disable your firewall on your system for the duration of the scan... if you can't, stay with your pc and keep an eye on zone-alarm and click accept when the various programs HM-pro uses ask for internet access.

Afran · Jul 26, 2006

Ingafgrinn Macabre said:
http://members.home.nl/mloman/hitmanpro243.exe

hitman pro, a scanning engine that uses multiple programs to achieve its goal (which is a nice functional clean computer).
Install it, and in settings at the anti-spyware sections select all programs.
in the Settings section select "accept licence agreements"
find that syamuwyw.exe on your computer and delete it if you can.
If you can, disable your firewall on your system for the duration of the scan... if you can't, stay with your pc and keep an eye on zone-alarm and click accept when the various programs HM-pro uses ask for internet access.

Thanks, tried running this but after 3 attempts, my computer crashes at around 50% of the scans duration.

Looks like I'll have to find some way to remove this SysProtect manually.

Also, thanks for the information about SysProtect to the above poster.

Krakatau · Jul 26, 2006

Afran said:
Thanks, tried running this but after 3 attempts, my computer crashes at around 50% of the scans duration.

Looks like I'll have to find some way to remove this SysProtect manually.

Also, thanks for the information about SysProtect to the above poster.

Np

Anyhow, seems like Ingafgrinn is on a mission to promote Hitman pro

I suggest you check out a few free online scanners I posted in this thread: https://forums.freddyshouse.com/showthread.php?t=200551

His problems got solved running those after I pointed out that you need to turn off system restore before running a scan, otherwise the nasty stuff will come back. Just remember to turn it back on after you've cleaned your PC.

Good luck

Ingafgrinn Macabre · Jul 26, 2006

Krakatau said:
Np
Anyhow, seems like Ingafgrinn is on a mission to promote Hitman pro

I suggest you check out a few free online scanners I posted in this thread: https://forums.freddyshouse.com/showthread.php?t=200551

His problems got solved running those after I pointed out that you need to turn off system restore before running a scan, otherwise the nasty stuff will come back. Just remember to turn it back on after you've cleaned your PC.

Good luck

Roflol, nah, not really a mission, but I'm lazy by nature and this program does the hard work for ye, scanning with several programs including those often mentioned as stand-alone scanners like Ad-Aware, spybot, spysweeper and spyware doctor on the click of 1 button so I'm like... why install those by hand and run each manually. Too much work

TheBinarySurfer · Jul 26, 2006

Strongly suggest you run something pretty nifty in the anti-spy/adware department sharpish - thats a Netspy downloaded thingy - most up to date virus / adware removers should pick it up and toast it reasnobly quickly...

Afran · Jul 27, 2006

Most scanners I perform freeze up somewhat through the duration of the scan, the ones linked in the thread (free online scans) just closed after a few minutes. Unfortunatley none of the virus scanning software I have (SW Doctor, ZA, Lavasoft AdAware, Xoft Spy, Spyware S&D, AVG, possibly others) find nothing.

Sparx · Jul 27, 2006

Ingafgrinn Macabre said:
http://members.home.nl/mloman/hitmanpro243.exe

hitman pro, a scanning engine that uses multiple programs to achieve its goal (which is a nice functional clean computer).
Install it, and in settings at the anti-spyware sections select all programs.
in the Settings section select "accept licence agreements"
find that syamuwyw.exe on your computer and delete it if you can.
If you can, disable your firewall on your system for the duration of the scan... if you can't, stay with your pc and keep an eye on zone-alarm and click accept when the various programs HM-pro uses ask for internet access.

thought i would give this ago LOL it goes crazy when you install it, it als found 20 things i never knew where there nice 1!

Afran · Aug 1, 2006

Just thought I'd say it's now fixed. I posted on some special analyst forums and they managed to fix it by checking loads of random logs

PM me if you have this problem and I'll link it to you!

Something forcing random processes to take up exceptional CPU

Afran

Part of the furniture

confused

Can't get enough of FH

Afran

Part of the furniture

Afran

Part of the furniture

Krakatau

Fledgling Freddie

Ingafgrinn Macabre

Can't get enough of FH

Afran

Part of the furniture

Krakatau

Fledgling Freddie

Ingafgrinn Macabre

Can't get enough of FH

TheBinarySurfer

Can't get enough of FH

Afran

Part of the furniture

Sparx

Cheeky Fucknugget

Afran

Part of the furniture

Users who are viewing this thread