Sign in to follow this  
DrBB01

cpuz135_x64.sys loads after boot, then disappears

Recommended Posts

About 10 minutes after I boot my computer, I get a message from Online Armor that "C:\Windows\temp\cpuz135\cpuz135_x64.sys" wants to load. I can find no definitive explanation of what this program is other than it supposedly belongs to CPUID, which I do not knowingly have on my PC. I am concerned for two reasons in addition to the latter. First, it loads in a temp directory. Second, the entire directory almost immediately disappears.

Any ideas as to what this program is would be appreciate. I have scanned my PC with several anti-malware programs and nothing is identified.

Share this post


Link to post
Share on other sites

DrBB01,

Open Online Armor history.

Find the line about "C:\Windows\ temp\cpuz135\cpuz135_x64.sys" wants to load.

There is a (?) behind "C:\Windows\ temp\cpuz135\cpuz135_x64.sys"

Press the (?) to find more information about this file in Emsisoft Anti-Malware Network.

Copy the url from the webpage with information about the file, or copy the MD5 hash and paste it in your next reply.

Share this post


Link to post
Share on other sites

Thanks for the suggestion, ctrlaltdelete.

The URL is:

http://www.isthisfilesafe.com/ md5/66773AB99D02B466BFB5796D8D8808EE_details.aspx

[Note: I had to break up the URL; it kept breaking in the post. Just cut/paste it, then delete the space after "com/"].

The result is pretty vague and there does not appear to be an MD5 hash associated with it. When I click on the file name, I am shifted to the Autorun tab on OA. The fact that there is no information on an autorun file is that it is being run in a temp folder that is immediately deleted. Perhaps I should err on the side of caution and block the file until more is known about it....

_worry_fear_panic__by_Birdfeathers.gif

Any programs I can load on my PC that might suggest the application loading it after boot? Apparently the "legitimate" version of the file belongs to an application called CPUID, but I don't believe I have ever loaded that on my machine and can't find it in a search of my hard drive.

Share this post


Link to post
Share on other sites

Is or was a program named Soluto installed?

Does cpuz135_x64.sys show up in Online Armor Autoruns?

If so, what information is shown if you rightclick the file and choose "Show file information"?

Does cpuz135_x64.sys show up in Online Armor Programs?

If so, what information is shown if you rightclick the file and choose "Show file information"?

Did you search your hard drive for "CPUID" or for "cpuz135_x64.sys" ?

Share this post


Link to post
Share on other sites

Soluto must be part of the issue. I recently installed it about the time the issue arose. It does show up in Autoruns, but not Programs. In fact it shows up multiple times--but grayed out (presumably once for each time it runs and is deleted).

In Autoruns, all copies of the listing are identical:

File name is "C:\Windows emp\cpuz135\cpuz135_x64.sys"

File Date is "12/30/1899"

Registry Keys: "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cpuz135\ImagePath"

All of the other fields are blank. The "cpuz135" registry branch does not exist in the registry, supporting the hypothesis the program is created, then deleted by Soluto.

BTW, I searched my hard drive for CPUID and cpuz135.

How did you hit on Soluto as a possible cause? I didn't find this connection in a web search. Can I assume this is a benign issue?

Thanks again for your help.

Share this post


Link to post
Share on other sites

I didn't find a real connection between soluto and cpuz135_x64.sys in a web search, just noticed both are mentioned a lot in the same logs and that's why i asked if Soluto is or was installed.

If Soluto is still installed, i suggest to uninstall Soluto and check if this issue is solved by uninstalling Soluto. If you like to keep using Soluto, keep it :)

You could check with Autoruns ( http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx ) why and how cpuz135_x64.sys (drivers tab?) is loaded.

Share this post


Link to post
Share on other sites

ctrlaltdelete-- Well, I have taken a slightly different route than you suggest, perhaps more risky, but--hey--life's short.

I did download Autoruns, which provided no addidtional useful information other than it was starting as a service. It did not show up in when I listed my services, however, so I never knew it was categorized as one. However, I unchecked the box next to it so that it would not start on boot.

From a pure research perspective, this was a bad thing to do because--as I found out--it not only did not trigger an OA alert, I can find no other record of it on my PC, so I may have come to the end of my path in the quest to find out what cpu_z135.sys was doing--and how it launched.

On the other hand, the problem seems to be gone with no immediate change in my system other than one fewer alert is popping up. I'll give it a few days to a week and report back if there are new issues, particularly with Soluto.

Thanks for your help! --DrBB01

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.