Help needed. slow pc and high cpu usage

View previous topic View next topic Go down

Help needed. slow pc and high cpu usage

Post by Scanboy on Mon Aug 17, 2009 9:11 pm

Hello, i have some doubts that i have malware, virus or spyware because my pc is so slow and i have a lot of cpu usage. I have also noticed that i can not use the system restore in my XP each time i use it, it fails and the message shown says: System could not restore to that date.

I have scaned with Avast,Malwarebytes,Ad.aware and i find nothing other than some cookies and a toolbar that i can't remember its name which i didn't install at all. Please help lol...
here is my hijack log:

iLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:04, on 17.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\miman\Mine dokumenter\Downloads\winlogon.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.3.3.2.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Programfiler\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&ksporter til Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NUI - Sysinternals - [You must be registered and logged in to see this link.] - C:\DOCUME~1\miman\LOKALE~1\Temp\NUI.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 5402 bytes

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Belahzur on Mon Aug 17, 2009 9:59 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.3.3.2.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O23 - Service: NUI - Sysinternals - [You must be registered and logged in to see this link.] - C:\DOCUME~1\miman\LOKALE~1\Temp\NUI.exe
    O24 - Desktop Component AutorunsDisabled: (no name) - (no file)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Mon Aug 17, 2009 10:38 pm

Contents of the MBAM Log

Malwarebytes' Anti-Malware 1.40
Database version: 2644
Windows 5.1.2600 Service Pack 3 (Safe Mode)

18.08.2009 00:35:37
mbam-log-2009-08-18 (00-35-37).txt

Scan type: Quick Scan
Objects scanned: 114823
Time elapsed: 15 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Belahzur on Tue Aug 18, 2009 3:46 pm

Hello.
I think the log was cut off, MBAM shows it detected 1 file, I need to see what that 1 file is.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Tue Aug 18, 2009 5:37 pm

I looked at MBAM Quarantine and it says this.

Vendour: RougeInstaller
Category: File
Item: C:/RECYCLERS/S 1-5-21-417003821544656790119-292353331-1005/Dc24 exe
Reference:67276

Does this help at all??

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Belahzur on Tue Aug 18, 2009 8:37 pm

Hello.
Few more things left to try yet.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Tue Aug 18, 2009 9:57 pm

Hello

Here is the results

2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.0 - Norsk
Adobe Shockwave Player 11
BitComet 1.13
Choice Guard
Conexant HDA D110 MDC V.92 Modem
Dell Touchpad
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Glary Utilities 2.14.0.711
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hurtigreparasjon for Windows Media Player 11 (KB939683)
Hurtigreparasjon for Windows XP (KB952287)
Hurtigreparasjon for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 15
Kritisk oppdatering for Windows Media Player 11 (KB959772)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NOR
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NOR
Microsoft .NET Framework 3.5 Language Pack SP1 - nor
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Norwegian (Bokmål)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Oppdatering (KB963678)
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007
Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007
Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007
Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007
Microsoft Office Powerpoint 2007 Help Oppdatering (KB963669)
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Norwegian (Bokmål)) 2007
Microsoft Office Proof (Norwegian (Nynorsk)) 2007
Microsoft Office Proofing (Norwegian (Bokmål)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007
Microsoft Office Word 2007 Help Oppdatering (KB963665)
Microsoft Office Word MUI (Norwegian (Bokmål)) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 4.0 SP2 (KB954430)
OGA Notifier 1.7.0105.35.0
OPERATION7
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB943729)
Oppdatering for Windows XP (KB951978)
Oppdatering for Windows XP (KB955839)
Oppdatering for Windows XP (KB961503)
Oppdatering for Windows XP (KB967715)
Oppdatering for Windows XP (KB973815)
QuickSet
RDC
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Segoe UI
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127-v2)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB963027)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB969897)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB972260)
Sikkerhetsoppdatering for Windows Media Encoder (KB954156)
Sikkerhetsoppdatering for Windows Media Player (KB952069)
Sikkerhetsoppdatering for Windows Media Player (KB973540)
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)
Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)
Sikkerhetsoppdatering for Windows XP (KB923561)
Sikkerhetsoppdatering for Windows XP (KB923789)
Sikkerhetsoppdatering for Windows XP (KB938464-v2)
Sikkerhetsoppdatering for Windows XP (KB941569)
Sikkerhetsoppdatering for Windows XP (KB946648)
Sikkerhetsoppdatering for Windows XP (KB950760)
Sikkerhetsoppdatering for Windows XP (KB950762)
Sikkerhetsoppdatering for Windows XP (KB950974)
Sikkerhetsoppdatering for Windows XP (KB951066)
Sikkerhetsoppdatering for Windows XP (KB951376-v2)
Sikkerhetsoppdatering for Windows XP (KB951748)
Sikkerhetsoppdatering for Windows XP (KB952004)
Sikkerhetsoppdatering for Windows XP (KB952954)
Sikkerhetsoppdatering for Windows XP (KB954459)
Sikkerhetsoppdatering for Windows XP (KB954600)
Sikkerhetsoppdatering for Windows XP (KB955069)
Sikkerhetsoppdatering for Windows XP (KB956572)
Sikkerhetsoppdatering for Windows XP (KB956744)
Sikkerhetsoppdatering for Windows XP (KB956802)
Sikkerhetsoppdatering for Windows XP (KB956803)
Sikkerhetsoppdatering for Windows XP (KB957097)
Sikkerhetsoppdatering for Windows XP (KB958644)
Sikkerhetsoppdatering for Windows XP (KB958687)
Sikkerhetsoppdatering for Windows XP (KB958690)
Sikkerhetsoppdatering for Windows XP (KB959426)
Sikkerhetsoppdatering for Windows XP (KB960225)
Sikkerhetsoppdatering for Windows XP (KB960715)
Sikkerhetsoppdatering for Windows XP (KB960803)
Sikkerhetsoppdatering for Windows XP (KB960859)
Sikkerhetsoppdatering for Windows XP (KB961371)
Sikkerhetsoppdatering for Windows XP (KB961373)
Sikkerhetsoppdatering for Windows XP (KB961501)
Sikkerhetsoppdatering for Windows XP (KB963027)
Sikkerhetsoppdatering for Windows XP (KB968537)
Sikkerhetsoppdatering for Windows XP (KB969898)
Sikkerhetsoppdatering for Windows XP (KB970238)
Sikkerhetsoppdatering for Windows XP (KB971557)
Sikkerhetsoppdatering for Windows XP (KB971633)
Sikkerhetsoppdatering for Windows XP (KB971657)
Sikkerhetsoppdatering for Windows XP (KB973346)
Sikkerhetsoppdatering for Windows XP (KB973354)
Sikkerhetsoppdatering for Windows XP (KB973507)
Sikkerhetsoppdatering for Windows XP (KB973869)
Sonic Activation Module
Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR
Spyware Doctor 6.1
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb972691)
VC80CRTRedist - 8.0.50727.762
Veoh Web Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WIMGAPI
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
XML Paper Specification Shared Components Language Pack 1.0
Yahoo! Messenger

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Belahzur on Wed Aug 19, 2009 12:11 am

Hello.

I see that you are running BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitComet 1.13
    Java(TM) 6 Update 15


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Wed Aug 19, 2009 1:17 pm

Okay i have deleted both of them what more should i do, if there is more to do??

I have another thing to ask, you see when ever i want to watch a video be it on youtube or anyother place my cpu usage reaches 100% and when i watch the video in full screen the audio and picture are not in sync. Do you know what can cause this??? Malware, spyware, virus????

Thanks for the help so far..

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Belahzur on Wed Aug 19, 2009 7:06 pm

Hello.
What's your download speed? are you on (A)DSL? the video will download really slowly if your on 56k dial-up.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Wed Aug 19, 2009 8:30 pm

My speed is 54 Mbps and i have a DSL modem. I was always able to watch all videos in full screen without any problems, until a while ago when my pc started going slow and my cpu usage became more and more high.

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Belahzur on Wed Aug 19, 2009 8:52 pm

Can you post a new Hijack This log please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Wed Aug 19, 2009 9:05 pm

I have just noticed that i can not open my start button i keep on pressing it but it won't open don't know why it was doing fine a minute ago.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:39, on 19.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programfiler\Spyware Doctor\pctsAuxs.exe
C:\Programfiler\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programfiler\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\miman\Mine dokumenter\Downloads\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.3.3.2.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programfiler\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ISTray] "C:\Programfiler\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-4170038215-446790119-292353331-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'All')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NUI - Sysinternals - [You must be registered and logged in to see this link.] - C:\DOCUME~1\miman\LOKALE~1\Temp\NUI.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

--
End of file - 6176 bytes

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Belahzur on Thu Aug 20, 2009 12:19 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.3.3.2.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-21-4170038215-446790119-292353331-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'All')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Now, why did you uninstall avast too? because now you have no AV active, this is very dangerous.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Thu Aug 20, 2009 8:21 am

Hi

I did what you mentioned above what's next??

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Thu Aug 20, 2009 10:26 am

I installed Avira Antivir and i found 2 viruses so i thought i should post it here. I was wondering if you knew how i can scan those 4 files that could not be opened??



Premium Security Suite
Report file date: 20. august 2009 10:18

Scanning for 1649209 virus strains and unwanted programs.

Licensee : Aj Jobel
Serial number : 2203165581-ISECE-0001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : miman
Computer name : MYLP

Version information:
BUILD.DAT : 9.0.0.381 29019 Bytes 29.07.2009 10:21:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.07.2009 12:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 08:21:42
ANTIVIR2.VDF : 7.1.5.88 2668032 Bytes 10.08.2009 07:55:07
ANTIVIR3.VDF : 7.1.5.139 425984 Bytes 20.08.2009 07:55:11
Engineversion : 8.2.1.3
AEVDF.DLL : 8.1.1.1 106868 Bytes 28.07.2009 12:31:50
AEscript.DLL : 8.1.2.25 459130 Bytes 20.08.2009 07:55:21
AESCN.DLL : 8.1.2.4 127348 Bytes 23.07.2009 08:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 23.07.2009 08:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 28.07.2009 12:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.07.2009 08:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 20.08.2009 07:55:20
AEHELP.DLL : 8.1.6.0 233846 Bytes 20.08.2009 07:55:13
AEGEN.DLL : 8.1.1.57 356725 Bytes 20.08.2009 07:55:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 23.07.2009 08:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2902785 Bytes 15.05.2009 14:28:32
RCTEXT.DLL : 9.0.37.0 90369 Bytes 17.04.2009 09:04:17

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users\Programdata\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,+JOKE,+PCK,+SPR,

Start of the scan: 20. august 2009 10:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '50' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Programfiler\Glary Utilities\encryptexe.exe
[DETECTION] Contains recognition pattern of the W32/Induc.A Windows virus
C:\Programfiler\Glary Utilities\joinexe.exe
[DETECTION] Contains recognition pattern of the W32/Induc.A Windows virus
C:\RECYCLER\S-1-5-21-4170038215-446790119-292353331-500\Dc1.exe
[WARNING] The file could not be opened!
C:\RECYCLER\S-1-5-21-4170038215-446790119-292353331-500\Dc3.exe
[WARNING] The file could not be opened!
C:\RECYCLER\S-1-5-21-4170038215-446790119-292353331-500\Dc4.exe
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Programfiler\Glary Utilities\encryptexe.exe
[DETECTION] Contains recognition pattern of the W32/Induc.A Windows virus
[NOTE] The file was moved to '4af02376.qua'!
C:\Programfiler\Glary Utilities\joinexe.exe
[DETECTION] Contains recognition pattern of the W32/Induc.A Windows virus
[NOTE] The file was moved to '4af62377.qua'!


End of the scan: 20. august 2009 12:18
Used time: 1:53:15 Hour(s)

The scan has been done completely.

5337 Scanned directories
178360 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
4 Files cannot be scanned
178354 Files not concerned
1728 Archives were scanned
4 Warnings
3 Notes

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Belahzur on Thu Aug 20, 2009 7:18 pm

Hello.
Didn't find much.

The locked files are windows file and locked for a reason.

C:\RECYCLER is your recycle bin, we'll run another quick program soon.

As for Glary Utilities, I would uninstall/remove them.
I looked at what it does, tweaks machine performance by their website says, no doubt includes registry cleaners.

Registry cleans are dangerous, if they remove a wrong key, your machine will no longer work AT ALL!!

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Fri Aug 21, 2009 8:01 pm

Sorry that am replying a day late Smile

I did as you mentioned and i did another scan it didn't find anything but i will just post the log anyway lol:) I am still having the same issue while watching videos, the audio just keeps on going while the picture is not moving at all. And my cpu usage gets to like 100% when i try play videos.


Premium Security Suite
Report file date: 21. august 2009 21:13

Scanning for 1651491 virus strains and unwanted programs.

Licensee : Aj Jobel
Serial number : 2203165318-ISECE-0001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : miman
Computer name : MYLP

Version information:
BUILD.DAT : 9.0.0.381 29019 Bytes 29.07.2009 10:21:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.07.2009 12:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 08:21:42
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21.08.2009 13:02:26
ANTIVIR3.VDF : 7.1.5.147 2560 Bytes 21.08.2009 13:02:27
Engineversion : 8.2.1.3
AEVDF.DLL : 8.1.1.1 106868 Bytes 28.07.2009 12:31:50
AESCRIPT.DLL : 8.1.2.25 459130 Bytes 20.08.2009 07:55:21
AESCN.DLL : 8.1.2.4 127348 Bytes 23.07.2009 08:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 23.07.2009 08:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 28.07.2009 12:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.07.2009 08:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 20.08.2009 07:55:20
AEHELP.DLL : 8.1.6.0 233846 Bytes 20.08.2009 07:55:13
AEGEN.DLL : 8.1.1.57 356725 Bytes 20.08.2009 07:55:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 23.07.2009 08:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2902785 Bytes 15.05.2009 14:28:32
RCTEXT.DLL : 9.0.37.0 90369 Bytes 17.04.2009 09:04:17

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users\Programdata\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,+JOKE,+PCK,+SPR,

Start of the scan: 21. august 2009 21:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '50' files ).


Starting the file scan:

Begin scan in 'C:\Drivers\'
Begin scan in 'C:\Programfiler\'
Begin scan in 'C:\WINDOWS\'


End of the scan: 21. august 2009 21:53
Used time: 39:06 Minute(s)

The scan has been done completely.

2883 Scanned directories
75071 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
75071 Files not concerned
785 Archives were scanned
0 Warnings
0 Notes




Premium Security Suite
Report file date: 21. august 2009 21:57

Scanning for 1651491 virus strains and unwanted programs.

Licensee : Aj Jobel
Serial number : 2203165318-ISECE-0001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : miman
Computer name : MYLP

Version information:
BUILD.DAT : 9.0.0.381 29019 Bytes 29.07.2009 10:21:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.07.2009 12:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 08:21:42
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21.08.2009 13:02:26
ANTIVIR3.VDF : 7.1.5.147 2560 Bytes 21.08.2009 13:02:27
Engineversion : 8.2.1.3
AEVDF.DLL : 8.1.1.1 106868 Bytes 28.07.2009 12:31:50
AESCRIPT.DLL : 8.1.2.25 459130 Bytes 20.08.2009 07:55:21
AESCN.DLL : 8.1.2.4 127348 Bytes 23.07.2009 08:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 23.07.2009 08:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 28.07.2009 12:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.07.2009 08:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 20.08.2009 07:55:20
AEHELP.DLL : 8.1.6.0 233846 Bytes 20.08.2009 07:55:13
AEGEN.DLL : 8.1.1.57 356725 Bytes 20.08.2009 07:55:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 23.07.2009 08:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2902785 Bytes 15.05.2009 14:28:32
RCTEXT.DLL : 9.0.37.0 90369 Bytes 17.04.2009 09:04:17

Configuration settings for the scan:
Jobname.............................: Processes
Configuration file..................: c:\programfiler\avira\antivir desktop\process.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,+JOKE,+PCK,+SPR,

Start of the scan: 21. august 2009 21:57

The scan of running processes will be started
Scan process 'avscan.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '27' Module(s) have been scanned
Scan process 'chrome.exe' - '27' Module(s) have been scanned
Scan process 'chrome.exe' - '62' Module(s) have been scanned
Scan process 'avcenter.exe' - '117' Module(s) have been scanned
Scan process 'taskmgr.exe' - '35' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '60' Module(s) have been scanned
Scan process 'explorer.exe' - '114' Module(s) have been scanned
Scan process 'alg.exe' - '34' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '41' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '34' Module(s) have been scanned
Scan process 'avmailc.exe' - '40' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '42' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'scardsvr.exe' - '23' Module(s) have been scanned
Scan process 'spoolsv.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '167' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
30 processes with 1459 modules were scanned


End of the scan: 21. august 2009 21:58
Used time: 01:24 Minute(s)

The scan has been done completely.

0 Scanned directories
1459 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1459 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Origin on Sat Aug 22, 2009 4:53 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Sat Aug 22, 2009 8:28 pm

Here is the combo-fix txt, sorry but it seems i have to break it up in to two posts. Hope that is fine???

ComboFix 09-08-22.04 - miman 22.08.2009 21:53.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1014.690 [GMT 2:00]
Kjører fra: c:\documents and settings\miman\Skrivebord\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\234841.msi
c:\windows\Installer\2a94c7.msi
c:\windows\Installer\2a94cd.msi
c:\windows\Installer\3c8668.msi
c:\windows\Installer\WMEncoder.msi

.
((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-22 til 2009-08-22 )))))))))))))))))))))))))))))))))
.

2009-08-22 08:15 . 2009-08-22 08:15 -------- d-----w- c:\documents and settings\All.MYLP\Mine dokumenter
2009-08-21 07:52 . 2009-08-21 07:52 -------- d-----w- C:\DivX Movies
2009-08-20 19:55 . 2009-08-22 15:15 -------- d--h--r- c:\documents and settings\miman\Siste
2009-08-20 07:41 . 2009-08-20 07:41 -------- d-----w- c:\docume~1\miman\PROGRA~1\Avira
2009-08-20 07:32 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-20 07:32 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 07:32 . 2009-05-08 12:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-08-20 07:32 . 2009-02-24 11:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-08-20 07:32 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-20 07:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-20 07:32 . 2009-08-20 07:33 -------- d-----w- c:\documents and settings\All Users\Programdata\Avira
2009-08-20 07:32 . 2009-08-20 07:32 -------- d-----w- c:\programfiler\Avira
2009-08-18 13:44 . 2009-08-18 13:59 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-18 12:43 . 2009-08-18 12:43 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-08-17 21:26 . 2009-08-17 21:26 -------- d-----w- c:\documents and settings\NetworkService\Skrivebord
2009-08-17 19:08 . 2009-08-17 19:08 -------- d-----w- C:\ERDNT
2009-08-17 17:52 . 2009-08-17 17:52 369472 ----a-w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\FontCache3.0.0.0.dat
2009-08-17 14:05 . 2009-08-17 14:06 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-08-17 11:02 . 2009-08-17 11:04 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-08-17 10:52 . 2009-08-17 14:06 -------- d-----w- c:\programfiler\Uniblue
2009-08-17 10:47 . 2009-08-17 10:53 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-08-17 09:47 . 2009-08-17 09:47 -------- d-----w- c:\documents and settings\LocalService\Skrivebord
2009-08-17 08:10 . 2009-08-17 08:10 -------- d-----w- c:\documents and settings\All.MYLP\Skrivebord
2009-08-17 08:10 . 2009-08-17 08:10 -------- d--h--w- c:\documents and settings\All.MYLP\Skrivere
2009-08-17 08:10 . 2009-08-17 08:10 -------- d--h--r- c:\documents and settings\All.MYLP\Siste
2009-08-17 08:10 . 2009-08-17 08:10 -------- d-----w- c:\documents and settings\All.MYLP\Lokale innstillinger\Programdata\Microsoft Help
2009-08-17 08:10 . 2009-08-17 08:10 -------- d-----r- c:\documents and settings\All.MYLP\Start-meny
2009-08-17 08:09 . 2009-08-20 08:11 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP
2009-08-17 08:06 . 2009-08-17 14:06 -------- d-----w- c:\docume~1\miman\PROGRA~1\Uniblue
2009-08-17 08:06 . 2009-08-17 10:59 -------- d-----w- c:\documents and settings\All Users\Programdata\DriverScanner
2009-08-17 08:03 . 2009-08-17 08:03 -------- d-----w- c:\docume~1\miman\PROGRA~1\IObit
2009-08-17 07:59 . 2009-08-17 07:59 -------- d-----w- c:\programfiler\Opera
2009-08-17 07:58 . 2009-08-17 07:58 -------- d-----w- c:\documents and settings\miman\Lokale innstillinger\Programdata\Help
2009-08-16 20:17 . 2009-08-16 20:17 -------- d-----w- c:\programfiler\VS Revo Group
2009-08-16 19:58 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-16 19:55 . 2009-08-18 13:58 -------- d-----w- c:\programfiler\Lavasoft
2009-08-13 06:34 . 2009-08-22 16:58 -------- d-----w- c:\documents and settings\All.MYLP\Tracing
2009-08-13 06:34 . 2009-08-13 06:34 83904 ----a-w- c:\documents and settings\All.MYLP\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-08-13 06:32 . 2009-08-13 06:32 -------- d-----w- c:\documents and settings\All.MYLP\Lokale innstillinger\Programdata\Mozilla
2009-08-10 22:58 . 2009-08-17 08:40 -------- d--h--w- c:\documents and settings\All.MYLP\Lokale innstillinger
2009-08-10 22:58 . 2009-08-17 07:17 -------- d-----w- c:\documents and settings\All.MYLP\Lokale innstillinger\Programdata\Microsoft
2009-08-10 22:58 . 2009-08-17 07:17 -------- d-----w- c:\documents and settings\All.MYLP\Favoritter
2009-08-10 22:58 . 2009-08-11 14:04 -------- d-----w- c:\documents and settings\All.MYLP\Lokale innstillinger\Programdata\Adobe
2009-08-10 22:58 . 2009-08-17 07:17 -------- d--h--w- c:\documents and settings\All.MYLP\Maler
2009-08-10 22:58 . 2009-08-17 07:17 -------- d--h--r- c:\documents and settings\All.MYLP\Programdata
2009-08-10 22:58 . 2009-08-22 08:15 -------- d-----w- c:\documents and settings\All.MYLP
2009-08-10 21:22 . 2009-08-10 21:37 -------- d-----w- c:\documents and settings\All Users\Programdata\SITEguard
2009-08-10 21:15 . 2009-08-10 21:15 -------- d-----w- c:\programfiler\Fellesfiler\iS3
2009-08-10 21:14 . 2009-08-17 07:23 -------- d-----w- c:\documents and settings\All Users\Programdata\STOPzilla!
2009-08-10 00:37 . 2009-08-10 00:37 83904 ----a-w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-08-09 20:40 . 2009-08-17 08:10 -------- d-----w- c:\programfiler\Panda Security
2009-08-09 13:49 . 2009-08-17 08:09 -------- d-----w- c:\programfiler\Yahoo!
2009-08-08 14:13 . 2009-08-08 14:13 -------- d-----w- c:\programfiler\IObit
2009-08-08 12:01 . 2009-08-08 12:01 -------- d-----w- c:\programfiler\Alwil Software
2009-08-07 19:45 . 2009-08-07 19:45 -------- d-----w- c:\documents and settings\miman\Lokale innstillinger\Programdata\ESET
2009-08-07 19:37 . 2009-08-07 19:37 -------- d-----w- c:\documents and settings\miman\Lokale innstillinger\Programdata\Opera
2009-08-07 19:24 . 2009-08-17 07:58 -------- d-----w- c:\documents and settings\All Users\Programdata\ESET
2009-08-07 19:16 . 2009-08-07 19:16 -------- d-----w- c:\programfiler\ESET
2009-08-07 19:06 . 2009-08-17 07:48 -------- d-----w- c:\documents and settings\All Users\Programdata\SecTaskMan
2009-08-07 17:50 . 2009-08-07 17:50 -------- d-----w- c:\docume~1\miman\PROGRA~1\Malwarebytes
2009-08-07 17:49 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-07 17:49 . 2009-08-07 17:49 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
2009-08-07 17:49 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-07 17:49 . 2009-08-17 07:56 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2009-08-07 16:34 . 2009-05-31 16:13 1503472 ----a-w- C:\WindowsXP-KB890582-x86-Symbols-NOR.exe
2009-08-07 16:34 . 2009-05-31 16:13 1651952 ----a-w- C:\WindowsXP-KB890582-x86-NOR.exe
2009-08-07 16:09 . 2009-08-07 16:09 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-06 20:52 . 2009-08-18 13:58 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft
2009-08-06 20:16 . 2009-08-17 07:47 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2009-08-06 19:34 . 2009-08-06 19:42 -------- d-----w- c:\documents and settings\miman\.housecall6.6
2009-07-30 15:29 . 2009-07-30 15:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-30 15:29 . 2009-07-30 15:29 -------- d-----w- c:\docume~1\miman\PROGRA~1\skypePM
2009-07-30 15:23 . 2009-07-30 16:21 -------- d-----w- c:\documents and settings\All Users\Programdata\Skype
2009-07-30 08:01 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-07-29 22:56 . 2009-07-29 22:56 -------- d-----w- c:\documents and settings\All Users\Programdata\Messenger Plus!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 15:52 . 2009-05-14 09:02 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help
2009-08-19 12:43 . 2009-07-10 17:57 -------- d-----w- c:\programfiler\BitComet
2009-08-17 21:13 . 2009-05-14 09:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-17 11:31 . 2009-05-14 08:02 81036 ----a-w- c:\windows\system32\perfc014.dat
2009-08-17 11:31 . 2009-05-14 08:02 446752 ----a-w- c:\windows\system32\perfh014.dat
2009-08-17 07:28 . 2009-07-03 14:38 -------- d-----w- c:\documents and settings\All Users\Programdata\Yahoo!
2009-08-16 12:58 . 2009-05-14 09:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-10 21:47 . 2009-08-10 21:47 2328 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-05 09:01 . 2009-05-14 08:02 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 12:49 . 2009-07-03 10:12 -------- d-----w- c:\programfiler\Microsoft Silverlight
2009-07-23 16:27 . 2009-07-23 16:27 -------- d-----w- c:\programfiler\Messenger Plus! Live
2009-07-18 01:20 . 2009-05-14 09:04 -------- d-----w- c:\programfiler\Microsoft.NET
2009-07-17 19:04 . 2009-05-14 08:01 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2009-05-14 08:03 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 11:50 . 2009-07-10 11:50 -------- d-----w- c:\docume~1\miman\PROGRA~1\GlarySoft
2009-07-10 11:17 . 2009-07-10 11:17 -------- d-----w- c:\documents and settings\All Users\Programdata\Office Genuine Advantage
2009-07-08 15:41 . 2009-07-08 15:41 -------- d-----w- c:\programfiler\Veoh Networks
2009-07-06 00:44 . 2009-05-14 08:14 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-05 22:57 . 2009-07-03 17:07 -------- d-----w- c:\docume~1\miman\PROGRA~1\DivX
2009-07-05 18:03 . 2009-07-05 18:03 -------- d-----w- c:\documents and settings\All\Programdata\DivX
2009-07-03 14:55 . 2009-07-03 14:50 -------- d-----w- c:\docume~1\miman\PROGRA~1\WebCam Recorder
2009-07-03 14:40 . 2009-07-03 14:40 -------- d-----w- c:\docume~1\miman\PROGRA~1\Yahoo!
2009-07-03 14:37 . 2009-07-03 14:37 -------- d-----w- c:\programfiler\DivX
2009-07-03 14:37 . 2009-07-03 14:37 -------- d-----w- c:\programfiler\Fellesfiler\DivX Shared
2009-07-03 14:33 . 2009-07-03 14:33 0 ----a-w- c:\windows\nsreg.dat
2009-07-03 14:29 . 2009-07-03 14:29 83904 ----a-w- c:\documents and settings\miman\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-07-03 13:56 . 2009-07-03 13:56 83904 ----a-w- c:\documents and settings\All\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-07-03 12:02 . 2009-07-03 12:00 -------- d-----w- c:\documents and settings\All Users\Programdata\Mozilla Firefox
2009-07-03 11:54 . 2009-07-03 11:54 83904 ----a-w- c:\documents and settings\Gjest\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT
2009-07-03 11:21 . 2009-07-03 11:21 -------- d-----w- c:\programfiler\Solent
2009-07-03 10:42 . 2009-07-03 10:42 -------- d-----w- c:\programfiler\Windows Media Components
2009-07-03 10:11 . 2009-07-03 10:11 -------- d-----w- c:\programfiler\Microsoft
2009-07-03 10:11 . 2009-07-03 10:10 -------- d-----w- c:\programfiler\Windows Live
2009-07-03 10:11 . 2009-07-03 10:11 -------- d-----w- c:\programfiler\Windows Live SkyDrive
2009-07-03 10:02 . 2009-07-03 10:02 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live
2009-06-29 16:01 . 2009-05-14 08:02 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:01 . 2009-05-14 08:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:01 . 2009-05-14 08:01 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 12:16 . 2009-06-25 12:16 -------- d-----w- c:\documents and settings\All Users\Programdata\Dell
2009-06-25 12:16 . 2009-06-25 12:16 -------- d-----w- c:\programfiler\Dell
2009-06-25 12:16 . 2009-06-25 12:16 -------- d--h--w- c:\programfiler\InstallShield Installation Information
2009-06-25 12:16 . 2009-06-25 12:16 -------- d-----w- c:\documents and settings\LocalService\Programdata\InstallShield
2009-06-25 12:04 . 2009-06-25 12:04 -------- d-----w- c:\programfiler\CONEXANT
2009-06-25 12:04 . 2009-06-25 12:04 -------- d-----w- c:\programfiler\Sigmatel
2009-06-25 12:04 . 2009-06-25 12:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-06-25 12:04 . 2009-06-25 12:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-25 12:04 . 2009-06-25 12:04 -------- d-----w- c:\programfiler\DellTPad
2009-06-16 14:43 . 2009-05-14 08:02 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:43 . 2009-05-14 08:01 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2009-05-14 08:02 76800 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:45 . 2009-05-14 08:02 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:16 . 2009-05-14 08:01 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:22 . 2009-05-14 08:12 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2009-05-14 08:02 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2009-05-14 08:02 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programfiler\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programfiler\mozilla firefox\plugins\ssldivx.dll

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Sat Aug 22, 2009 8:29 pm

Rest of the txt.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^miman^Start-meny^Programmer^Oppstart^Innholdsfortegnelse for OneNote.onetoc2]
backup=c:\windows\pss\Innholdsfortegnelse for OneNote.onetoc2Startup

[HKLM\~\startupfolder\C:^Documents and Settings^miman^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"c:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13235:TCP"= 13235:TCP:BitComet 13235 TCP
"13235:UDP"= 13235:UDP:BitComet 13235 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16.08.2009 21:58 64160]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [20.08.2009 09:32 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\programfiler\Avira\AntiVir Desktop\avfwsvc.exe [20.08.2009 09:32 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programfiler\Avira\AntiVir Desktop\avmailc.exe [20.08.2009 09:32 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [20.08.2009 09:32 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programfiler\Avira\AntiVir Desktop\avwebgrd.exe [20.08.2009 09:32 434945]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [20.08.2009 09:32 69632]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 16:49 1029456]
S3 NUI;NUI;c:\docume~1\miman\LOKALE~1\Temp\NUI.exe --> c:\docume~1\miman\LOKALE~1\Temp\NUI.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}]
msiexec /fup {C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-08-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4170038215-446790119-292353331-1005Core.job
- c:\documents and settings\miman\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-07-03 14:30]

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4170038215-446790119-292353331-1005UA.job
- c:\documents and settings\miman\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-07-03 14:30]

2009-08-17 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
- - - - TOMME PEKERE FJERNET - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
------- Tilleggsskanning -------
.
IE: &Search
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\programfiler\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\docume~1\miman\PROGRA~1\Mozilla\Firefox\Profiles\qiyyb9kz.default\
FF - plugin: c:\documents and settings\miman\Lokale innstillinger\Programdata\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\NPOP7PlugIn.dll
FF - plugin: c:\programfiler\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programfiler\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: yahoo.homepage.dontask - truec:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-22 22:10
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-4170038215-446790119-292353331-1005\Software\Microsoft\Windows\CurrentVersion\UnreadMail\flamboi_01@live.co.uk]
@Denied: (Full) (Administrators)
"MessageCount"=dword:00000002
"TimeStamp"=hex:96,54,98,69,e6,10,ca,01
"Application"="http://www.hotmail.com/"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'lsass.exe'(1360)
c:\programfiler\Avira\AntiVir Desktop\avsda.dll
.
Tidspunkt ferdig: 2009-08-22 22:18
ComboFix-quarantined-files.txt 2009-08-22 20:18

Pre-Run: 21 709 479 936 byte ledig
Post-Run: 21 811 212 288 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows" /noexecute=optin /fastdetect

323 --- E O F --- 2009-08-21 07:50

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Origin on Tue Aug 25, 2009 3:24 pm

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Fri Aug 28, 2009 8:57 am

Hi

I scaned my computer and it took like 3 hours to complet, but it did not find any virus or malware,spyware and the like. However when i tried to click the see report button and save as text the scan would not respond and then crash and close on it's own. I have tried to do the scan like 20 time since Tuesday til today but on different occasions but the end result is still the same it crash when the scanning is complete.

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Fri Sep 11, 2009 7:22 am

bump.bump...bump lol.

Hi i haven't gotten a reply since 28 Aug, and my laptop is still having a high cpu usage when i use it. please help Sad tearing

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Origin on Sat Sep 12, 2009 5:24 am

So sorry for the lateness,

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31483
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Sat Sep 12, 2009 6:43 pm

It is ok, at least you guys are trying to help out as much as you can. So thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:00, on 12.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Avira\AntiVir Desktop\avguard.exe
C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programfiler\Avira\AntiVir Desktop\avmailc.exe
C:\Programfiler\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programfiler\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Innholdsfortegnelse for OneNote.onetoc2
O8 - Extra context menu item: E&ksporter til Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NUI - Unknown owner - C:\DOCUME~1\miman\LOKALE~1\Temp\NUI.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe

--
End of file - 5269 bytes

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Belahzur on Sat Sep 12, 2009 10:26 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Innholdsfortegnelse for OneNote.onetoc2
    O23 - Service: NUI - Unknown owner - C:\DOCUME~1\miman\LOKALE~1\Temp\NUI.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

I recommend you remove the Java Quick Starter because it's not needed.
To do so, follow these instructions.

Go to Start > Control Panel > Java.
In the Java control panel, open the click the Advanced tab. Click the + in front of Miscellaneous and uncheck the Java Quick Starter box.

See [You must be registered and logged in to see this link.] for more info.

Reboot normally.
How is it now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Scanboy on Sun Sep 13, 2009 10:34 am

I did what you said and now the cpu usage is not at 100% when i turn my pc on. But still its around 29-33% when am surfing one website then when i try to navigate to another one or another page it spikes to 66-80% cpu usage and comes back down to 29-33%. Worst of all is when am trying to watch a video on youtube, the usage goes up to 100% and is doesn't come down at all.

And the java quick starter was already removed when i checked it out. Thanks for the help.

Scanboy
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-08-17
Gender Gender : Male
OS OS : XP
Points Points : 26705
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help needed. slow pc and high cpu usage

Post by Dr Jay on Wed Sep 16, 2009 9:12 pm

Since this issue appears to be solved, this topic is now closed and being marked solved.

If you need the topic reopened, PM an administrator, moderator, or staff.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum