0

Hi I have been experiencing high CPU usage for the past few days. Upon investigation I found out that the iphlpsvc was constantly running at 25% alongwith gpsvc, together putting the CPU usage to frequently 100%.

I ran MBAM and AVAST scans I assume they couldnt find anything to fix this issue, as it is still ongoing. I then unistalled my internet USB software and reinstalled it. After that gpsvc appear to have not surfaced again. However iphlpsvc is still around 25%.

Please help in resolving the issue.

MBAM log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/6/2015
Scan Time: 9:10:43 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.06.07
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: dell

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 894589
Time Elapsed: 1 hr, 57 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:03 PM, on 4/14/2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
D:\Kies\Kies.exe
C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
D:\Kies\KiesTrayAgent.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Broadband\Broadband.exe
C:\Users\dell\Downloads\ProcessExplorer\procexp.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3188
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.0.0.3 www.anchorfree.net
O1 - Hosts: 127.0.0.2 www.mefeedia.com
O1 - Hosts: 127.0.0.3 anchorfree.net
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe
O4 - HKLM..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKCU..\Run: [] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU..\Run: [KiesPreload] D:\Kies\Kies.exe /preload
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2053481140-3118605377-2713162400-1019..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'fbwuser3D74')
O4 - HKUS\S-1-5-21-2053481140-3118605377-2713162400-1019..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'fbwuser3D74')
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip..{426792E7-BB1C-4B19-8185-75DDFFE80965}: NameServer = 119.159.255.36 116.71.241.216
O17 - HKLM\System\CCS\Services\Tcpip..{66DF69A3-8F2B-4788-B133-80D1F830624F}: NameServer = 119.159.255.36 116.71.241.216
O17 - HKLM\System\CS2\Services\Tcpip..{BFCF4363-A2B4-490F-9CEF-74D531696C81}: NameServer = 119.159.255.36 116.71.241.216
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Broadband. OUC (Broadband. RunOuc) - Unknown owner - C:\Program Files (x86)\Broadband\UpdateDog\ouc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsx86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10310 bytes

GMER log

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-04-14 23:25:17
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6475GSX rev.GT002D 596.17GB
Running: o3q6fr6x.exe; Driver: C:\Users\dell\AppData\Local\Temp\kxldapod.sys

---- Devices - GMER 2.1 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800477b2c0
Device \Driver\atapi \Device\Ide\IdePort0 fffffa800477b2c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa800477b2c0
Device \Driver\atapi \Device\Ide\IdePort2 fffffa800477b2c0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 fffffa800477b2c0
Device \Driver\atapi \Device\Ide\IdePort3 fffffa800477b2c0
Device \Driver\a7xgfwgz \Device\Scsi\a7xgfwgz1 fffffa8005a142c0
Device \Driver\a7xgfwgz \Device\Scsi\a7xgfwgz1Port4Path0Target0Lun0 fffffa8005a142c0
Device \FileSystem\Ntfs \Ntfs fffffa800477f2c0

---- Modules - GMER 2.1 ----

Module \SystemRoot\System32\Drivers\a7xgfwgz.SYS fffff8800587c000-fffff880058c0000 (278528 bytes)
---- Processes - GMER 2.1 ----

Library C:\Users\dell\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll (*** suspicious ) @ C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2084] (Application Ontology library/NVIDIA Corporation)(2015-04-02 11:49:08) 0000000073b30000
Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates{944601A8-41DD-4414-91D3-5B25F4E956C2}\mpengine.dll (
suspicious ) @ C:\Windows\System32\svchost.exe [3272] (Microsoft Malware Protection Engine/Microsoft Corporation)(2011-08-25 21:58:34) 000007fef3fd0000
Process C:\ProgramData\DatacardService\HWDeviceService64.exe (
suspicious ) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [5888](2011-03-14 15:27:34) 000000013f670000
Process C:\ProgramData\DatacardService\DCSHelper.exe (
suspicious ) @ C:\ProgramData\DatacardService\DCSHelper.exe [4444] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2011-03-14 15:27:28)0000000000400000
Process C:\ProgramData\Broadband\OnlineUpdate\ouc.exe (
suspicious ) @ C:\ProgramData\Broadband\OnlineUpdate\ouc.exe [5644](2013-07-01 19:05:0000000000400000
Library C:\ProgramData\Broadband\OnlineUpdate\mingwm10.dll (
suspicious ) @ C:\ProgramData\Broadband\OnlineUpdate\ouc.exe [5644](2013-07 000000006fbc0000
Library C:\ProgramData\Broadband\OnlineUpdate\libgcc_s_dw2-1.dll (
suspicious ) @ C:\ProgramData\Broadband\OnlineUpdate\ouc.exe [5644](2013-07-01 19:05:10) 000000006e940000
Library C:\ProgramData\Broadband\OnlineUpdate\QtCore4.dll (
suspicious ) @ C:\ProgramData\Broadband\OnlineUpdate\ouc.exe [5644](2013-07-0000000006a1c0000
Library C:\ProgramData\Broadband\OnlineUpdate\QtNetwork4.dll (
suspicious ) @ C:\ProgramData\Broadband\OnlineUpdate\ouc.exe [5644](201000000006ff00000
Library C:\ProgramData\Broadband\OnlineUpdate\QueryStrategy.dll (
suspicious ) @ C:\ProgramData\Broadband\OnlineUpdate\ouc.exe [5644](2013-07-01 19:05:10) 000000006efc0000
Library C:\ProgramData\Broadband\OnlineUpdate\QtXml4.dll (
suspicious ) @ C:\ProgramData\Broadband\OnlineUpdate\ouc.exe [5644](2013-07-01000000006ed40000
Process C:\ProgramData\DatacardService\DCSHelper.exe (
suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [6108] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2011-03-14 15:27:28)0000000000400000

---- EOF - GMER 2.1 ----

I couldnt find the avast scan.

2
Contributors
2
Replies
15
Views
2 Years
Discussion Span
Last Post by jazzyjaj
0

Sometimes things just get stuck - not malware, just bugs. Kill the processes that are taking up the CPU and shut down the services that started them (if possible). Then, see if they are restarted or not. That may give you a clue as to what is going on.

0

any clue why it happens?

It just happens every now and then. Sometimes it is constant high CPU usage.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.