CPU runs constantly at 20-25%

[Tony4554]

Vista Business SP1 32bit
CPU - Intel Q6600 Quad 2.4Ghz
RAM - 4GB (installed 2 - 2GB sticks)
MB - P5Q-ASUS-PRO
Video card - NVidiaGeForce FX 5500

Problem:
#1 - CPU runs constantly at 20-25% without any load(Nothing open, just the loaded drivers and AV,Firewall etc.).

Side note:CA Antivirus Security Suite Plus 2008 Antispam found and deleted something called koolynoody from 4 places in the registry about a week ago.

As of 11/13/2008 CA has been uninstalled and replaced with AVG antivirus and COMODO is now the firewall.

I just ran AVG AV on C drive and the results are below:
Infections
File;"Infection";"Result"
C:\Users\Anthonyp\Downloads\install_flash_player.exe;"Trojan horse PSW.Generic6.AQPD";"Moved to Virus Vault"
C:\Users\Anthonyp\Downloads\install_flash_player.exe:\$JF\NPSWF32_FlashUtil.exe;"Trojan horse PSW.Generic6.AQPD";"Moved to Virus Vault"
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe;"Trojan horse PSW.Generic6.AQPD";"Infected"
C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe:\$JF\FlashUtil10a.exe;"Trojan horse PSW.Generic6.AQPD";"Infected"
C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe;"Trojan horse PSW.Generic6.AQPD";"Infected"
C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe;"Trojan horse PSW.Generic6.AQPD";"Infected"


In task manager CPU Usage shows 20-25% usage on the Performance tab
On the Processes tab it displays System Idle Process at 99% and Takmgr.exe at 1%

In Resource Monitor the listed images show CPU usage as a Total Avg. of 0.58%
But it displays in the title bar section - CPU usage of 20 - 24%

Computer was built 3 weeks ago and doesn't seem as fast as it should be.
Seemed like my XPPro P4 2.8Ghz was just as fast.
The cpu running constantly bothers me as well as performance.


DDS (Version 1.0) - NTFSx86
Run by Anthonyp at 10:25:21.15 on Fri 11/14/2008
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3070.1694 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\DriveCrypt\DcrServ.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.64\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\DriveCrypt\DriveCrypt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anthonyp\Desktop\TechSupportSite\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [DriveCrypt Startup] c:\program files\drivecrypt\DriveCrypt.exe /WS
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ScanSoft OmniPage 16-reminder] "c:\program files\scansoft\omnipage16\ereg\ereg.exe" -r "c:\programdata\scansoft\omnipage 16\ereg\Ereg.ini"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll c:\windows\system32\guard32.dll

============= SERVICES / DRIVERS ===============

R0 DCR;DCR;c:\windows\system32\drivers\DCR.sys
R0 DCVP;DCVP;c:\windows\system32\drivers\DCVP.sys
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
R2 DriveCryptService;DriveCrypt Service;c:\program files\drivecrypt\DcrServ.exe
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1E60x86.sys
R3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\SymSnapService.exe"
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe /Processid:{8B927DC9-E120-4CE3-808B-C8F0C7F72652}
S3 Bulksusb;SvcDesc=Bulks USB FlashMemoryControllService;c:\windows\system32\drivers\Bulksusb.sys
S3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs.sys
S3 PortRST;BaromTec HMS30C6001 Reset Driver;c:\windows\system32\drivers\PortRST.sys
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys

============== File Associations ===============

regedit=regedit.exe "%1"

=============== Created Last 30 ================

2008-11-13 19:15 143,096 a------- c:\windows\system32\guard32.dll
2008-11-13 19:15 98,320 a------- c:\windows\system32\drivers\cmdguard.sys
2008-11-13 19:15 25,104 a------- c:\windows\system32\drivers\cmdhlp.sys
2008-11-13 18:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-13 18:55 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-13 18:55 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-13 18:55 <DIR> --d----- c:\programdata\avg8
2008-11-13 18:55 <DIR> --d----- c:\progra~2\avg8
2008-11-13 18:28 15,790 -------- c:\windows\system32\drivers\NVXBAR.SYS
2008-11-13 18:28 140,732 -------- c:\windows\system32\drivers\NVCAP.SYS
2008-11-13 18:28 29,696 -------- c:\windows\system32\FILTER.AX
2008-11-13 14:29 250 a------- c:\windows\gmer.ini
2008-11-13 04:05 <DIR> --d----- c:\program files\Trend Micro
2008-11-12 09:27 <DIR> --d----- c:\windows\system32\appmgmt
2008-11-12 08:45 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-11-12 08:45 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-12 08:45 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-11-11 14:01 356,352 a------- c:\windows\system32\NVUNINST.EXE
2008-11-05 09:43 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-11-05 09:43 <DIR> --d----- c:\programdata\WLInstaller
2008-11-04 16:47 <DIR> --d----- c:\users\anthonyp\appdata\roaming\Canneverbe_Limited
2008-11-04 16:40 <DIR> --d----- c:\program files\CDBurnerXP
2008-11-04 16:33 <DIR> --d----- c:\programdata\NCH Software
2008-11-04 16:33 <DIR> --d----- c:\progra~2\NCH Software
2008-11-04 16:33 <DIR> --d----- c:\program files\NCH Software
2008-11-04 11:54 <DIR> --d----- c:\program files\Citrix
2008-11-04 11:54 56,912 a------- c:\users\anthonyp\g2mdlhlpx.exe
2008-11-04 08:41 729,088 a------- c:\windows\iun6002.exe
2008-11-02 20:00 <DIR> --d----- c:\program files\Auslogics
2008-10-31 09:54 <DIR> --d----- c:\programdata\comodo
2008-10-31 09:54 <DIR> --d----- c:\progra~2\comodo
2008-10-30 20:31 <DIR> --d----- c:\program files\UltraVNC
2008-10-30 10:03 <DIR> --d----- c:\program files\COD Desktop
2008-10-29 11:18 <DIR> --d----- C:\$AVG8.VAULT$
2008-10-29 10:29 147,456 a------- c:\windows\system32\Faultrep.dll
2008-10-29 10:29 125,952 a------- c:\windows\system32\wersvc.dll
2008-10-29 10:29 443,392 a------- c:\windows\system32\win32spl.dll
2008-10-28 15:49 <DIR> --d----- c:\program files\Adobe Media Player
2008-10-28 15:23 <DIR> --d----- c:\windows\system32\Adobe
2008-10-28 14:55 <DIR> --d----- c:\program files\AVG
2008-10-28 14:31 <DIR> --d----- c:\users\anthonyp\appdata\roaming\Comodo
2008-10-28 14:31 <DIR> --d----- c:\program files\COMODO
2008-10-28 01:04 410,976 a------- c:\windows\system32\deploytk.dll
2008-10-27 09:06 <DIR> --d----- c:\users\anthonyp\appdata\roaming\vlc
2008-10-27 09:04 <DIR> --d----- c:\program files\VideoLAN
2008-10-27 05:41 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-26 18:16 <DIR> --d----- c:\users\anthonyp\appdata\roaming\Auslogics
2008-10-26 17:57 <DIR> --d----- c:\programdata\RoboForm
2008-10-26 17:57 <DIR> --d----- c:\program files\Siber Systems
2008-10-26 17:55 <DIR> --d----- c:\program files\SIW
2008-10-26 17:39 <DIR> --d----- c:\program files\Microsoft Virtual PC
2008-10-26 17:30 <DIR> --d----- c:\users\anthonyp\appdata\roaming\ScanSoft
2008-10-26 17:29 <DIR> --d----- c:\users\anthonyp\appdata\roaming\Zeon
2008-10-26 17:29 <DIR> --d----- c:\program files\Safer Networking
2008-10-26 17:25 <DIR> --d----- c:\program files\Ycopy
2008-10-26 17:22 <DIR> --d----- c:\program files\Nuance
2008-10-26 17:22 31,931 a------- c:\windows\maxlink.ini
2008-10-26 17:16 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2008-10-26 17:16 <DIR> --d----- c:\programdata\Zeon
2008-10-26 17:16 <DIR> --d----- c:\progra~2\Zeon
2008-10-26 17:15 <DIR> --d----- c:\programdata\InstallShield
2008-10-26 17:15 <DIR> --d----- c:\programdata\ScanSoft
2008-10-26 17:15 <DIR> --d----- c:\progra~2\ScanSoft
2008-10-26 17:14 <DIR> --d----- c:\program files\ScanSoft
2008-10-26 16:02 102,400 a------- c:\windows\system32\tsccvid.dll
2008-10-26 16:02 <DIR> --d----- c:\windows\system32\QuickTime
2008-10-26 15:55 3,842 a------- c:\windows\USBV102.ini
2008-10-26 15:55 12,721 a----r-- c:\windows\system32\drivers\PortRst.sys
2008-10-26 15:55 10,354 a------- c:\windows\system32\drivers\BULKSUSB.sys
2008-10-26 15:55 <DIR> --d----- c:\program files\T1
2008-10-26 15:43 <DIR> --d----- C:\HP LJ4200-4300 Series PCL6 Driver
2008-10-26 15:17 <DIR> --d----- c:\program files\common files\SWF Studio
2008-10-26 14:26 <DIR> --d----- c:\program files\common files\HP
2008-10-26 14:25 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2008-10-26 14:24 <DIR> --d----- c:\program files\HP
2008-10-26 14:17 127,761 a------- c:\windows\hpgins23.dat
2008-10-26 14:17 280 -------- c:\windows\hpgmdl23.dat
2008-10-26 14:17 <DIR> --d----- c:\programdata\HP
2008-10-26 13:14 <DIR> --d----- c:\program files\SpywareBlaster
2008-10-26 13:13 <DIR> --d----- c:\programdata\LogMeIn
2008-10-26 13:13 <DIR> --d----- c:\progra~2\LogMeIn
2008-10-26 13:13 1,024 a------- C:\.rnd
2008-10-26 13:03 <DIR> --d----- c:\program files\WinDirStat
2008-10-26 12:56 <DIR> --d----- c:\users\anthonyp\appdata\roaming\NCH Software
2008-10-26 12:54 <DIR> --d----- c:\programdata\NCH Swift Sound
2008-10-26 12:54 <DIR> --d----- c:\progra~2\NCH Swift Sound
2008-10-26 12:54 <DIR> --d----- c:\users\anthonyp\appdata\roaming\NCH Swift Sound
2008-10-26 12:52 <DIR> --d----- c:\program files\NCH Swift Sound
2008-10-26 12:38 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-10-26 12:38 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-10-26 12:38 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-10-26 12:36 <DIR> --d----- c:\program files\CCleaner
2008-10-26 12:27 <DIR> --d----- c:\program files\MSECache
2008-10-26 12:12 <DIR> --d----- c:\users\anthonyp\appdata\roaming\Symantec
2008-10-26 12:11 38,112 a------- c:\windows\system32\drivers\v2imount.sys
2008-10-26 12:11 138,080 a------- c:\windows\system32\drivers\symsnap.sys
2008-10-26 12:09 215,144 a----r-- c:\windows\patchw32.dll
2008-10-26 11:51 1,060,864 a------- c:\windows\system32\MFC71.DLL
2008-10-26 11:51 503,808 a------- c:\windows\system32\MSVCP71.DLL
2008-10-26 11:51 348,160 a------- c:\windows\system32\MSVCR71.DLL
2008-10-26 11:51 <DIR> --d----- c:\program files\Symantec
2008-10-26 11:50 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-10-26 11:50 16,168 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-26 11:50 128,104 a------- c:\windows\system32\drivers\WimFltr.sys
2008-10-26 11:50 15,088 a------- c:\windows\system32\drivers\vproeventmonitor.sys
2008-10-26 11:49 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-10-26 11:49 <DIR> --d----- c:\programdata\Symantec
2008-10-26 11:49 <DIR> --d----- c:\program files\Norton Ghost
2008-10-26 11:49 <DIR> --d----- c:\progra~2\Symantec
2008-10-26 10:54 <DIR> --d----- c:\program files\Eraser
2008-10-26 09:58 <DIR> --d----- c:\programdata\Logishrd
2008-10-26 09:58 <DIR> --d----- c:\programdata\Logitech
2008-10-26 09:51 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-10-26 09:50 2,048 a------- c:\windows\system32\tzres.dll
2008-10-26 09:40 <DIR> --d----- c:\program files\MSXML 4.0
2008-10-26 09:35 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2008-10-26 09:34 72,192 a------- c:\windows\system32\drivers\pacer.sys
2008-10-26 09:33 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-10-26 09:33 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-10-26 09:18 1,048,576 a------- c:\windows\P5Q-ASUS-PRO-1306.ROM
2008-10-26 09:16 708,640 a------- c:\windows\P5Q-ASUS-PRO-1306.zip
2008-10-26 09:09 <DIR> --d----- c:\program files\Downloaded Installations
2008-10-26 08:06 <DIR> --d----- c:\program files\Microsoft Digital Image 2006
2008-10-26 07:07 <DIR> --d----- c:\program files\Microsoft IntelliType Pro
2008-10-26 07:01 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2008-10-25 16:25 <DIR> --d----- c:\program files\YPOPs
2008-10-25 15:05 <DIR> --d----- c:\programdata\Adobe
2008-10-25 14:50 0 a------- c:\windows\PasswordsPlus.INI
2008-10-25 14:43 <DIR> --d----- c:\program files\Passwords Plus
2008-10-25 13:42 30,512 a------- c:\windows\system32\mdimon.dll
2008-10-25 13:42 32,592 a------- c:\windows\system32\msonpmon.dll
2008-10-25 13:40 <DIR> --d----- c:\windows\PCHEALTH
2008-10-25 13:38 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2008-10-25 13:37 <DIR> --d----- c:\programdata\Microsoft Help
2008-10-25 13:31 <DIR> --d----- c:\windows\Panther
2008-10-25 13:30 8,192 a--s-r-- C:\BOOTSECT.BAK
2008-10-25 13:30 333,203 a--shr-- C:\bootmgr
2008-10-25 13:30 <DIR> --dsh--- C:\Boot
2008-10-25 12:18 3,084 a------- c:\windows\DriveCrypt.ini
2008-10-25 12:18 <DIR> a-d----- c:\programdata\TEMP
2008-10-25 12:18 261,128 a------- c:\windows\system32\drivers\DCR.sys
2008-10-25 12:18 19,016 a------- c:\windows\system32\drivers\DCVP.sys
2008-10-25 12:18 <DIR> --d----- c:\program files\DriveCrypt
2008-10-25 12:00 <DIR> --d----- c:\windows\AsDmiHtm
2008-10-25 11:51 6,144 a------- c:\windows\system32\SV_SQL3_Config.db
2008-10-25 11:51 2,048 a------- c:\windows\system32\SV_SQL3_Events.db
2008-10-25 11:49 <DIR> --d----- c:\programdata\WinZip
2008-10-25 11:49 <DIR> --d----- c:\progra~2\WinZip
2008-10-25 11:45 <DIR> --d----- c:\program files\Atheros Communications Inc
2008-10-25 10:57 <DIR> --dsh--- c:\windows\Installer
2008-10-25 10:57 <DIR> --d----- c:\windows\Downloaded Installations
2008-10-25 10:57 <DIR> --d----- c:\programdata\CA
2008-10-25 10:57 <DIR> --d----- c:\progra~2\CA
2008-10-25 10:43 24,576 a----r-- c:\windows\system32\AsIO.dll
2008-10-25 10:43 12,400 a----r-- c:\windows\system32\drivers\AsIO.sys
2008-10-25 10:43 <DIR> --d----- c:\program files\ASUS
2008-10-25 10:43 666 a------- c:\windows\setup.iss
2008-10-25 10:41 <DIR> --d----- c:\program files\Marvell
2008-10-25 10:37 <DIR> --d----- c:\program files\Realtek
2008-10-25 10:28 <DIR> --d----- c:\windows\ASUSInstAll
2008-10-25 10:24 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-25 10:22 53,248 a----r-- c:\windows\system32\CSVer.dll
2008-10-25 10:22 <DIR> --d----- C:\Intel
2008-10-25 10:21 35,185 a------- c:\windows\Ascd_log.ini
2008-10-25 10:10 47,616 a------- c:\windows\system32\drivers\L1E60x86.sys
2008-10-25 10:10 <DIR> --d----- c:\windows\system32\Atheros_L1e
2008-10-25 10:09 7,680 a------- c:\windows\system32\drivers\ASACPI.sys
2008-10-25 10:08 34,290 a------- c:\windows\Ascd_tmp.ini
2008-10-25 09:51 <DIR> --d----- c:\users\Anthonyp

==================== Find3M ====================

2008-10-25 10:37 319,456 a------- c:\windows\DIFxAPI.dll
2008-10-25 10:37 315,392 a------- c:\windows\HideWin.exe
2008-10-16 19:35 10,040 a------- c:\windows\system32\lmimirr2.dll
2008-10-01 22:49 827,392 a------- c:\windows\system32\wininet.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-17 21:16 2,032,640 a------- c:\windows\system32\win32k.sys

============= FINISH: 10:25:57.79 ===============

[Billy O'Neal]

Hello, Tony4554
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:

• In the meantime, please refrain from making any changes to your computer.
• Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Finally, please reply using the button in the lower left hand corner of your screen.
• Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to run a Scan with DDS

1. Please download DDS, and save it to your desktop, from one of the following mirrors:
   • This is a mirror
   • This is another mirror
2. Disable any type of "Script Blockers" or "Script Protection" installed on your system.
3. Double click on your desktop.
4. If prompted by any script blocking tools, please allow any actions taken by DDS.
5. When prompted to preform an Optional Scan, please select
6. Two reports will open. Please reply with the generated reports:
   • DDS.txt <-- Copy and paste into your next post
   • Attach.txt <-- Attach to your next post

We need to scan for Rootkits with GMER

1. Please download GMER from one of the following mirrors:
   • This is the Primary mirror
   • This is a Secondary mirror
   • This is a Secondary mirror
2. Close any and all open programs, as this process may crash your computer.
3. Unzip the downloaded file to your desktop.
4. Double click on your desktop.
5. Allow the gmer.sys driver to load if asked.
6. You may see this window. If you do, click No.
   
7. Click on and wait for the scan to finish.
8. If you see a rootkit warning window, click OK.
9. Push and save the logfile to your desktop.
10. Copy and Paste the contents of that file in your next post.

In your next reply, please include the following:

• DDS.txt
• Attach.txt
• GMER's Log

Billy3

[Tony4554]

Billy,
Thank you for the reply.
Since I had 1st posted this request for help, I have been doing some research on my system and after several tests/scans etc. I have found that if I disable one of my storage controllers - Marvel 61xx RAID Controller, the CPU drops back down to the normal 0 % utilization and stays there. I do not use RAID but the side affect is that my DVD Player\burner will not function. I have tried to get updated files from ASUS but what I have are the latest. Any ideas?
Tony

PS: I tried to paste the GMER Results but upon posting I received the error that too much text was there so I have attached the GMER Log file also.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-10 10:49:05
Windows 6.0.6001 Service Pack 1

[Billy O'Neal]

Hello, Tony4554
I don't see any malware in these logs, but I'd like one more check.

Good luck with ASUS :)

Side note: You may have better luck with that busted RAID driver with commodo firewall uninstalled. Not 100% sure there, but worth a shot :)

I would like us to use ESET (NOD32)'s Online Scanner

1. Please go to ESET OnlineScan (NOD32)
2. You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
3. Now click Start
4. Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
5. Click Start
   • Note: (the Onlinescanner will now prepare itself for running on your pc)
6. To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
7. Press Scan
8. The Onlinescan will now start and scan your pc (this could take a while)
9. When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
10. Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
11. The Scanresults will now open in Notepad
12. Click into the text area, right-click and chose "select all" (or use <Control>+A)
13. Right-click again and chose "Copy" (or <Control>+C)
14. Close/Exit Notepad
15. Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:

• ESET OnlineScan's Log

Billy3

[Tony4554]

Thanks for trying Billy.
My systems are usually very clean and I had exhausted my ideas and tools. I was hoping that someone would see something that I missed. I have tried dealing with ASUS to no avail yet. I will continue to pursue the issue with them.
Thanks again



NOD32 log is:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3683 (20081211)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=f38408e9ba74ca428c6dafa961c26b75
# end=stopped
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-12-11 01:46:11
# local_time=2008-12-11 08:46:11 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=339512
# found=0
# scan_time=3933

[Billy O'Neal]

Hello, Tony4554
Congratulations! You now appear clean!

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess

1. Please download OTCleanIt from one of the following mirrors and save it to your desktop:
   • Mirror 1
   • Mirror A
2. Double click the icon.
3. Push the large "Cleanup" button.
4. Allow your system to reboot.

[combobox name="System Restore Operating System"] [option name="None"] [/option][option name="Windows ME"] Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.

1. Click Start -> Settings -> Control Panel
2. Double click "System" (you may need to click "View all control panel options" to see it)
3. On the "Performance" tab click File System
4. On the "Troubleshooting" tab check Disable System Restore
5. Click OK
6. Reboot when prompted.
7. Click Start -> Settings -> Control Panel
8. Double click "System" (you may need to click "View all control panel options" to see it)
9. On the "Performance" tab click File System
10. On the "Troubleshooting" tab UNcheck Disable System Restore
11. Reboot when prompted

Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today![/option]
[option name="Windows XP"] Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today![/option]
[option name="Windows Vista"] Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.

1. Go to Start -> Control Panel -> System and Maintenance -> System.
2. Select "System Protection" in the upper left hand corner.
3. Click the button marked "Create" in the bottom of the window.
4. Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
5. Open Vista's Searchbox (on your start menu) and type in "cleanmgr.exe"
6. Click "OK".
7. Click the "More Options" Tab.
8. Click "Clean Up", and then "Delete" in the "System Restore and Shadow Copies" section to remove all previous restore points except the newly created one.

Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today![/option][/combobox]

Recommendations
Below are some recommendations to lower your chances of (re)infection.

1. Install Spyware Blaster and update it regularly
   If you wish, the commercial version provides automatic updating.
2. Install the MVPs hosts file, and update it regularly
   You can use the HostMan host file manager to do this automaticly if you wish.
   For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
3. Install an Anti-Spyware program, and update it regularly
   Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
   SUPERAntiSpyware is another good scanner with high detection and removal rates.
   Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
4. Keep Windows (and your other Microsoft software) up to date!
   I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
   
   If you are using Windows XP or earlier
   Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
   
   If you are using Windows Vista
   1. Click the "Start Menu" (or Windows Orb)
   2. Click "All Programs"
   3. Click "Windows Update"
   4. On the left, choose "Change Settings"
   5. Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
   6. Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
   7. Click "Check for Updates" in the upper left corner.
   8. Follow the instructions to install the latest updates.
   9. Reboot and repeat the "Check for Updates" until there are no more critical updates to install
5. Keep your other software up to date as well
   Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
6. Stay up to date!
   The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

BillyIII

[Billy O'Neal]

Hello, Tony4554
Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

BillyIII