Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

CPU consuming 100 percent

This is a discussion on CPU consuming 100 percent within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi My Laptop is consuming 100% CPU whenever I open any application. Not sure why? So I suspected my symantec


 
 
Thread Tools Search this Thread
Old 09-29-2009, 12:37 PM   #1
Registered Member
 
Join Date: Sep 2009
Posts: 1
OS: xp


Roll Eyes

Hi

My Laptop is consuming 100% CPU whenever I open any application. Not sure why? So I suspected my symantec Antivrus Corporate edition and uninstalled the same. Because when I start the laptop, i was able to see rtvscan.exe and doscan.exe taking full CPU. Also My startup and shutdown was very very slow.

I tried spybot(trial version which resulted in blue screen error), malware, superantispyware, etc., nothing helped me...

When I look into taskmanager, there is nothing suspicious running.


I ran DDS and here is the output. I tried running GMER but it resulted in blue screen error as below. tried couple of times and both resulted in same error.

"The problem seems to be caused by the following file: kgldapow.sys. The driver is attemping to access memory beyond the end of the allocation.
Technical Info: Stop 0x000000D6 ( 0x83737000,0x00000000,0xB9A66A8B,0x00000000)"

Appreciate your help in fixing my laptop.



DDS (Ver_09-09-29.01) - NTFSx86
Run by vvd at 13:37:15.81 on Tue 09/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.282 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Software\Oracle\BIN\TNSLSNR.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\WINNT\System32\vssvc.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\CCM\SMSCliUI.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\vvd\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = localhost:5865
uInternet Settings,ProxyOverride = localhost;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ZCfgSvc.exe] c:\winnt\system32\ZCfgSvc.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://171.74.129.23/CACHE/stc/1/binaries/vpnweb.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://avpn1.npv.gm.com/preauthZLS/ICSScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://myvpn.ford.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} - hxxps://avpn1.npv.gm.com/postauthACC/SodaAgent.CAB
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Notify: igfxcui - igfxdev.dll
Notify: Sebring - c:\winnt\system32\LgNotify.dll

============= SERVICES / DRIVERS ===============

R1 Odptdi;Odptdi;c:\winnt\system32\drivers\odptdi.sys [2009-9-17 46744]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2006-3-16 307297]
R2 OracleDurgaTNSListener;OracleDurgaTNSListener;c:\software\oracle\bin\tnslsnr --> c:\software\oracle\bin\TNSLSNR [?]
R3 VNA;Check Point Virtual Network Adapter;c:\winnt\system32\drivers\vna.sys [2006-3-16 109040]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 CycloneService;CycloneService;c:\software\cyclone\b1854\bin\cycloneservice.exe --> c:\software\cyclone\b1854\bin\CycloneService.exe [?]
S3 DellBIOS;DellBIOS;c:\winnt\DellBIOS.Sys [2009-9-17 5120]
S3 JL2005C;Dual Mode Camera;c:\winnt\system32\drivers\jl2005c.sys --> c:\winnt\system32\drivers\jl2005c.sys [?]
S3 OracleDurgaAgent;OracleDurgaAgent;c:\software\oracle\bin\agntsrvc.exe [2002-4-26 28944]
S3 OracleDurgaClientCache;OracleDurgaClientCache;c:\software\oracle\bin\ONRSD.EXE [2002-4-26 242328]
S3 OracleDurgaSNMPPeerEncapsulator;OracleDurgaSNMPPeerEncapsulator;c:\software\oracle\bin\encsvc.exe [2002-2-13 187392]
S3 OracleDurgaSNMPPeerMasterAgent;OracleDurgaSNMPPeerMasterAgent;c:\software\oracle\bin\agntsvc.exe [2002-2-13 254464]
S3 OracleServiceDURGA;OracleServiceDURGA;c:\software\oracle\bin\oracle.exe durga --> c:\software\oracle\bin\ORACLE.EXE DURGA [?]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\winnt\system32\drivers\vpnva.sys --> c:\winnt\system32\drivers\vpnva.sys [?]
S3 vsdatant;vsdatant;\??\c:\winnt\system32\vsdatant.sys --> c:\winnt\system32\vsdatant.sys [?]
S4 Durga;Durga;c:\ican50\repository\repository.exe --> c:\ican50\repository\repository.exe [?]

=============== Created Last 30 ================

2009-09-29 13:02 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-09-29 01:42 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-29 01:41 <DIR> --d----- C:\Spyware Doctor 5.5.0.178 - Final UPDATED
2009-09-28 22:23 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-28 16:06 <DIR> --d----- c:\winnt\system32\CatRoot2
2009-09-28 10:57 <DIR> --d----- C:\backup
2009-09-27 18:22 5,632 a--sh--- c:\winnt\Thumbs.db
2009-09-26 14:42 <DIR> --d----- C:\soft
2009-09-25 22:56 728 a------- c:\winnt\system32\drivers\kgpcpy.cfg
2009-09-25 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-09-25 22:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-09-25 11:56 153,088 -c------ c:\winnt\system32\dllcache\triedit.dll
2009-09-25 10:23 <DIR> --d----- C:\Laptop Antivirus
2009-09-25 00:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-24 21:22 23,392 a------- c:\winnt\system32\nscompat.tlb
2009-09-24 21:22 16,832 a------- c:\winnt\system32\amcompat.tlb
2009-09-24 18:21 5,315 a------- c:\winnt\system32\drivers\CVirtA.sys
2009-09-24 13:08 <DIR> --d----- c:\program files\CCleaner
2009-09-24 01:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-09-24 01:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-09-24 00:50 <DIR> --d----- c:\program files\msn gaming zone
2009-09-23 17:23 49,265 a------- c:\winnt\system32\jpicpl32.cpl
2009-09-22 11:11 30,531 a------- C:\Insert_into_AAP_FAC_CODE_EXCLUDE.sql
2009-09-19 23:36 680 a------- C:\f.sql
2009-09-18 15:49 <DIR> --dsh--- c:\documents and settings\vvd\IECompatCache
2009-09-18 15:43 <DIR> --dsh--- c:\documents and settings\vvd\PrivacIE
2009-09-18 15:36 <DIR> --dsh--- c:\documents and settings\vvd\IETldCache
2009-09-18 13:26 78,336 ac------ c:\winnt\system32\dllcache\ieencode.dll
2009-09-18 13:26 78,336 a------- c:\winnt\system32\ieencode.dll
2009-09-18 12:56 <DIR> --d----- C:\Desktop
2009-09-18 12:38 5,346 a------- C:\e.sql
2009-09-18 12:19 5,110 a----r-- c:\winnt\system32\e100b325.din
2009-09-18 12:19 53,248 a------- c:\winnt\system32\Prounstl.exe
2009-09-18 12:19 23,040 a------- c:\winnt\system32\IntelNic.dll
2009-09-18 00:59 411,368 a------- c:\winnt\system32\deploytk.dll
2009-09-17 23:10 46,744 a------- c:\winnt\system32\drivers\odptdi.sys
2009-09-17 13:34 4,740 a------- c:\winnt\system32\PerfStringBackup.TMP
2009-09-17 11:21 5,120 a------- c:\winnt\DellBIOS.Sys
2009-09-11 12:30 <DIR> --d----- C:\compare
2009-09-08 12:30 661 a------- C:\b.sql
2009-09-08 12:26 80,457 a------- C:\a.sql
2009-09-01 11:22 <DIR> --d----- c:\docume~1\vvd\applic~1\Office Genuine Advantage

==================== Find3M ====================

2009-08-30 02:58 3,818,472 a------- C:\Spuser.zip
2009-08-05 05:01 204,800 a------- c:\winnt\system32\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\winnt\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\winnt\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\winnt\system32\OGAEXEC.exe
2009-07-17 15:01 58,880 a------- c:\winnt\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\winnt\system32\wmpdxm.dll
2009-07-09 23:59 36,544 a---h--- c:\winnt\system32\mlfcache.dat
2006-06-06 20:05 80 ---shr-- c:\winnt\system32\7E96B64C59.dll
2009-05-08 23:36 32,768 a--sh--- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012009050820090509\index.dat
2009-05-09 18:14 32,768 a--sh--- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012009050920090510\index.dat

============= FINISH: 13:41:10.40 ===============
Attached Files
File Type: zip Attach.zip (2.0 KB, 2 views)

__________________
kvignes1 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 03:41 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts