Hello,
This time it’s my wife’s PC that has problem.
The CPU is almost constantly at 100%.
Mbam and avast report no problems.
I looked at the mbam log and it reports:
Malware protection disabled,
Malicious website protection disabled,
Self-protection disabled.
I checked mbam Settings > detection and protection :
The radio buttons are selected to disabled for
“Malware protection” and for “malicious website protection”.
I am unable to Enable them due to the options being greyed out.
I have run mbam normal and safe mode. No detections.
I run avast normal full scan and roorkits, also tried boot scan.
Not sure what happens on boot scan, when I come back the PC
Is rebooted.
I have attached the required log files, ( to the best of my knowledge). Let me know if u need more info.
I will not make any changes without being told to do so.
2nd attempt to attach logs
Can not seem to attach files from my
Nexus 7. Going to try to paste them in this message.
No luck
Ah, seems they did upload, I just cant view them on the Nexus 7 tablet.
Sorry for the duplicate message
What programme is using most CPU when it reaches 100% ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: URLSearchHook: HKU\S-1-5-21-544377927-3602101664-1146011839-1001 - (No Name) - {56d1ace8-c2b6-4a67-9261-fed5c12e4a90} - No File SearchScopes: HKLM -> {3309C700-D37E-4425-8FE0-A7DA9335464B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 -> {3309C700-D37E-4425-8FE0-A7DA9335464B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKU\S-1-5-21-544377927-3602101664-1146011839-1001 -> {00D63F43-A6DC-43B9-92BE-85F420F5535A} URL = hxxp://search.avg.com/route/?d=4c8a9bce&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us SearchScopes: HKU\S-1-5-21-544377927-3602101664-1146011839-1001 -> {3309C700-D37E-4425-8FE0-A7DA9335464B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKU\S-1-5-21-544377927-3602101664-1146011839-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={2C06D3EF-88E6-4EFA-825A-2DBA3498C1D1}&mid=b17ae64f14a0dd94864b4756ac26c726-12533448bdea97601464fbaa5bd13bd721984e7f&lang=en&ds=AVG&pr=fr&d=2011-12-21 17:53:47&v=12.2.5.32&sap=dsp&q={searchTerms} BHO-x32: No Name -> {39867cd6-50c8-4d64-b671-56c1222eaa72} -> No File Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\.DEFAULT -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKU\S-1-5-21-544377927-3602101664-1146011839-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKU\S-1-5-21-544377927-3602101664-1146011839-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-544377927-3602101664-1146011839-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File 2011-11-17 12:03 - 2011-09-18 12:03 - 0000032 ____R () C:\ProgramData\hash.dat Task: {83368B5A-6679-4946-9289-ED9BA0B765B4} - \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan -> No File <==== ATTENTION Task: {A86D4226-69E2-43AF-A856-C4314068E9F9} - \WINZIPSS-WINZIPSSOneClickCare -> No File <==== ATTENTION Task: {B97C9527-C85F-49C7-857C-0D27BD212DD4} - \Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask -> No File <==== ATTENTION Task: {FD933675-0C35-4B5C-9546-046114FA4700} - \WINZIPSS-WINZIPSSAutoCheckUpdate7Days -> No File <==== ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Under Taskmanager>Processes I click the CPU column to sort
highest to lowest. The following stay around at the top.
None stay there more than 1 second. Sometimes they can
report 0% and still replace each other at the top of the list.
I do not have IE and Chrome open at the same time. I switch
between them often because they time out due to the CPU being
at 100%. I usually get to this forum by using Chrome. I did
notice that there are about 3 instances of Chrome in the
processes list, per TAB in my Chrome window.
explorer 08%
hpwuschd2.exe *32 02%
taskeng.exe *32 02%
mbae.exe *32 02%
taskmgr.exe *32 03%
FAHWindow64.exe 02%
Avast UI.exe *32 03%
csrss.exe 02%
NvBackend.exe *32 07%
Chrome.exe *32 08%
Even though there is no processes reporting a high percent,
the graphic Performence tab shows 100%, and the system
is very slugish, apps open slow or dont respond, music/video
stutter,while Farbar is running Fix, the title bar reports
(not responding) often, but then continues,etc.
At one point in the Fix, cpu% droped to 2%-4% while Farbar
was not responding.this lasted from 7:53am EDT until
8:17am when I closed Farbar. The log file was generated,
I hope all the info is there. Let me know if I should run it
again.
Hmmm, after closing Farbar the cpu% is staying very low still
at 2% - 4%.
The system suddenly stopped responding. I tried to reboot,
but it was frozen even though performance graph reported
cpu at 2%. I had to press and hold the Main Power button
to shut down. I restarted PC, I selected Normal mode.
CPU is back at 100%.
I started Chrome while watching CPU%, TeaTimer.exe *32 was
using between 17% and 32%, but after a few seconds
came down to 2%-3%.
Looks like FRST hung while emptying the temp folders, do you clean then often as it failed to full do it ?
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
I thought grime fighter took care of temp files.
It took less than 1 min to finish. I had to manually
Reboot. System never made it to login screen. It is stuck on a black screen with mouse pointer that Does move when I move
The mouse. Going to power it down by press and holding the main power button.rebooting it now, I selected start normally. CPU at 100%
I be afk for about 30 min, will check forum as soon as I get back.
any suggestions on what to try next?
OK next will be to try a clean boot
In the search box type Msconfig and select the programme that appears at the top
1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
https://dl.dropboxusercontent.com/u/73555776/Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
https://dl.dropboxusercontent.com/u/73555776/cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.
Booted faster, CPU still 100%, I opened mbam and enable option still gred out. I did not run an mbam scan.
What is showing as using the most CPU … Could you screenshot it please
Sorry for the slow response, CPU is stopping me from posting. Using my tablet this time.
Chrome is using a lot of memory along with WINZIPSSDefragSrv64.exe
Could you temporarily uninstall the following two programmes then reboot and see if there is a change :
WinZip System Utilities Suite
Chrome
Yes I can do that
I installed the WinZip utilities after the CPU issue.
But no problem uninstalling it.
Going to get my registration info for it first.
Yes do that
When it shoots to 100% do you note what is the highest using programme ?
I don’t notice, its at 100% before I can get task manager open.
Deleted chrome and WinZip utilities. No change. All processes are reported at 00 to 02%, graph is still at 100%.
Mabey uninstall mbam and reinstall it?
Mabey that would reset the enable buttons?
I don’t mind doing a system reinstall. I backed up her pictures,
Etc. Can’t find her disk tho. Would the windows 7 ISO on the Microsoft site work? I still got all the labels on her PC. It just froze up when I moved it to check for the labels. Rebooting…
sorry for the duplicate post, I did not notice that it went to a second page
Yes you can download a disc from here https://www.microsoft.com/en-gb/software-download/home … Windows 7, 8 and 10 are available
I can see nothing wrong that would cause these problems as all third party drivers are disabled in clean boot
Do a clean install of MBAM … Details here https://forums.malwarebytes.org/index.php?/topic/122284-mbam-clean-removal-process/
If that fails we may need to recheck system files … Or go for your re-install option