Persistant CPU peak

Bring up Task Manager by pressing CTRL-ALT-DEL simultaneously and then click Processes.

Which process or processes are spiking when this happens? If not malware, it could be a virus or spyware scanner type program. Let's find out.

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Is this your ISP's IP address.

216.251.128.9 = [ cache02.sohoskyway.net ]
OrgName: SOHO Skyway
OrgID: SOSK
Address: 1000-701 W. Georgia
City: Vancouver
StateProv: BC
PostalCode: V7Y-1G2
Country: CA
NetRange: 216.251.128.0 - 216.251.159.255
CIDR: 216.251.128.0/19
NetName: SOHO-SKYWAY
NetHandle: NET-216-251-128-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.SOHOSKYWAY.NET
NameServer: NS2.SOHOSKYWAY.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1999-11-16
Updated: 2002-02-11
TechHandle: ZS197-ARIN
TechName: SOHO Skyway
TechPhone: 1-604-482-1222
TechEmail: abuse@sohoskyway.net

When did these problems start?
Try the following:
Press CTRL-ALT-DEL simultaneously to bring up Task Manager and use it to end the below processes one at a time and see if ending any of them impacts this problem:

qttask.exe
realsched.exe
gcasServ.exe
gcasDtServ.exe
brsvc01a.exe
brss01a.exe
Brmfrmps.exe
InCD.exe
Autolaunch.exe
AppServices.exe
hpqcmon.exe
hpgs2wnd.exe
pptd40nt.exe
hpgs2wnf.exe
Acrotray.exe
SmartUI.exe
ONENOTEM.EXE

Let me know if any of these appear to impact your CPY useage problem.
After terminating all of these you will need to reboot to get the running again but first complete the below.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab

After clicking Fix, exit HJT. Now reboot.

 

Okay! And if you no longer work at that place, have HJT fix the below line too:
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C60DF55-01B5-48AA-B268-51C24D053DA6}: NameServer = 216.251.128.9,216.251.128.8

 

That is Microsoft's Antispyware program. At this point, I would not use it. It detects to many false positives and has other problems too. Just use the items we recommend like Ad-Aware SE, Spybot S&D and SpywareBlaster. How much of a difference did shutting it down make.

 

What do you mean by peaks? How high, how often and how long do they last?

Try repeating the process killing procedure to see what could be next?

One other step to check, unplug your connection to the internet (physically unplug it). Do you still see peaks?