[RESOLVED] CPU at 100%- AVG and HJT Logs posted - Help Apreciated

  1. 27-01-2009  #1
    gomblue91
    gomblue91 is offline Newbie

    [RESOLVED] CPU at 100%- AVG and HJT Logs posted - Help Apreciated

    Yesterday i came back to my HP dv7, and all of the cpu was used up. It is not just one program doing all this but is many programs slowing it down with values at the greatest of about 50%. It has disabled windows defender and AVG. I have 64 bit so i am unable to run combofix. I do know quiet a bit about computers (build then when i can), and have done some programing, but have been stumped and stuck in safe mode now.

    Here are my system specs

    2.1 Ghz Dual Core AMD
    4 gigs ram
    110 gb free space
    windows 7 64 bit beta

    Here are my logs






    AVG

    AVG 8.0 Anti-Virus command line scanner
    Copyright (c) 1992 - 2008 AVG Technologies
    Program version 8.0.145, engine 8.0.0
    Virus Database: Version 270.9.10/1809 2008-11-24

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Run\\AVP Found Adware.Generic
    C:\boot\bcd Locked file. Not tested.
    C:\boot\BCD.LOG Locked file. Not tested.
    C:\Documents and Settings\ Locked file. Not tested.
    C:\hiberfil.sys Locked file. Not tested.
    C:\pagefile.sys Locked file. Not tested.
    C:\ProgramData\Desktop\ Locked file. Not tested.
    C:\ProgramData\Documents\ Locked file. Not tested.
    C:\ProgramData\Favorites\ Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0f c82defc19ab768d0bf98889c7 333f4_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\11 9d8dc20d2633872065b356dde 51163_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a 218bd471ce015bf2fac7fc545 3dec7_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c 57578d2f03505e9de093a0711 81a0d_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d 0ecbd3d44edfec5790cef95f8 23355_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\50 d335d703b3bb10dd57e45f0a9 2fe55_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72 c1196218d8087fd4c60521648 464ef_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b0 4bc0606073214a26d96b8437a 8e066_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb fd8783361adfb22ccec8b5c0b d7bb1_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3 bd7313abbbdbcb62aeedb87f8 59f11_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7 71a2469e384c00c589f5bba2a 85755_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd e6c39ea320ee08d92c4606d2d 67b1c_c5989f7b-5cf8-44b4-893d-12dc43b3eedb Locked file. Not tested.
    C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock Locked file. Not tested.
    C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin Locked file. Not tested.
    C:\ProgramData\Templates\ Locked file. Not tested.
    C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
    C:\Users\Default\Documents\My Music\ Locked file. Not tested.
    C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
    C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
    C:\Users\Default\NetHood\ Locked file. Not tested.
    C:\Users\Default\PrintHood\ Locked file. Not tested.
    C:\Users\Default\Recent\ Locked file. Not tested.
    C:\Users\Default\Templates\ Locked file. Not tested.
    C:\Users\Mick\AppData\Local\History\ Locked file. Not tested.
    C:\Users\Mick\AppData\Local\Microsoft\Windows\UsrC lass.dat Locked file. Not tested.
    C:\Users\Mick\AppData\Local\Microsoft\Windows\UsrC lass.dat.LOG1 Locked file. Not tested.
    C:\Users\Mick\AppData\Local\Microsoft\Windows\UsrC lass.dat.LOG2 Locked file. Not tested.
    C:\Users\Mick\Documents\My Music\ Locked file. Not tested.
    C:\Users\Mick\Documents\My Pictures\ Locked file. Not tested.
    C:\Users\Mick\Documents\My Videos\ Locked file. Not tested.
    C:\Users\Mick\NetHood\ Locked file. Not tested.
    C:\Users\Mick\NTUSER.DAT Locked file. Not tested.
    C:\Users\Mick\ntuser.dat.LOG1 Locked file. Not tested.
    C:\Users\Mick\ntuser.dat.LOG2 Locked file. Not tested.
    C:\Users\Mick\PrintHood\ Locked file. Not tested.
    C:\Users\Mick\Templates\ Locked file. Not tested.
    C:\Users\Public\Documents\My Music\ Locked file. Not tested.
    C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
    C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
    C:\Windows\bthservsdp.dat Locked file. Not tested.
    C:\Windows\CSC\v2.0.6\ Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT .LOG1 Locked file. Not tested.
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT .LOG2 Locked file. Not tested.
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT Locked file. Not tested.
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT.LOG1 Locked file. Not tested.
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT.LOG2 Locked file. Not tested.
    C:\Windows\System32\catroot2\edb.log Locked file. Not tested.
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
    C:\Windows\System32\config\DEFAULT Locked file. Not tested.
    C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
    C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
    C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
    C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
    C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
    C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
    C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
    C:\Windows\System32\config\SAM Locked file. Not tested.
    C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
    C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
    C:\Windows\System32\config\SECURITY Locked file. Not tested.
    C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
    C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
    C:\Windows\System32\config\SOFTWARE Locked file. Not tested.
    C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
    C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
    C:\Windows\System32\config\SYSTEM Locked file. Not tested.
    C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
    C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
    C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
    D:\System Volume Information\ Locked file. Not tested.

    ------------------------------------------------------------
    Objects scanned : 1224751
    Found infections : 0
    Found PUPs : 0
    Healed infections : 0
    Healed PUPs : 0
    Warnings : 1
    -----------------------------------------------------------


    HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:58:35 PM, on 1/27/2009
    Platform: Unknown Windows (WinNT 6.01.2904)
    MSIE: Internet Explorer v8.00 (8.00.7000.0000)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Digsby\lib\digsby-app.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP United States - Computers, Laptops, Servers, Printers and more
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP United States - Computers, Laptops, Servers, Printers and more
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8118
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Privoxy.lnk = C:\Program Files (x86)\Privoxy\privoxy.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab79352.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...k.cab56649.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_21 bd21dd0a38d98e\AESTSr64.exe (file missing)
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_21 bd21dd0a38d98e\STacSV64.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10624 bytes
  2. 29-01-2009  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Boot mode: Safe mode with network support
    Do not reside in this vulnerable mode unnecessarily - it could allow even worse problems to arise.



    Unfortunately, many of our anti-malware tools are not compatible with 64 bit O/Ss. Do not post a new HijackThis until all scans are completed. REBOOT between scans.


    Clean out TEMPORARY FILES procedures:
    To clean your temp folder, recycle bin, etc..please download this free tool:

    CCleaner CCleaner - Download

    Install Options:
    • Don't install any Toolbars, or other programs, should it ask you!
    • Just uncheck the option of installing the Yahoo toolbar.

    It will put a shortcut on your Desktop.

    Do not run CCleaner until requested later.




    Run CCleaner preferably in SAFE MODE (reboot tapping the F8 key after the beep).

    Select the ‘Options’ BUTTON option (top LEFT), ‘Advanced’ BUTTON, and then UNCHECK the ‘Only delete files in Windows Temp Folders older than 48 hours’ (often, the latest download traffic could be the bearer of bad content – RESET back to default after this particular cleaning).

    Select the ‘Cleaner’ BUTTON option (top LEFT), if not already selected. Use the ’Windows’ TAB up front by default.
    • Uncheck ‘Cookies’ option (advisable)
    • Optionally, Uncheck ‘Recently Typed URLs’ option (potentially still useful)
    • Click the ‘Analyse’ button.
    • Thereafter, click ‘Run Cleaner’ after you have reviewed what it proposes to clean.




    The following two tools do work in X64 but the first one (MBAM) is not compatible in real-time.




    * Please download Malwarebytes' Anti-Malware from HERE or HERE

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • Run the scan in SAFEMODE (tapping the F8 key on bootup), if necessary.
    • If an update is found, it will download and install the latest version.
    • If you encounter any problems while downloading the updates, manually download them from HERE and just double-click on mbam-rules.exe to install.
    • Once the program has loaded, you can initially select the often highly productive "Perform Quick Scan", then click Scan.
      ….. AND/OR go straight to the longer but more comprehensive scan:
    • It is also highly advisable to run the longer ”Full Scan” in addition to the above scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked , and click Remove Selected.
    • When disinfection is completed , a log will open in Notepad and you may be prompted to Restart(See Extra Note).
    • A run log is automatically saved by MBAM and can be viewed by clicking the Logs TAB in MBAM.
    • Copy&Paste the entire report(s) in your next reply along with a fresh HijackThis log.
    • Please post any current revised observations.

    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




    Download SUPERAntiSpyware (SAS) free home version:

    SUPERAntiSpyware.com - AntiAdware. AntiSpyware. AntiMalware.


    Install it and double-click the icon on your desktop to run it:
    • It will ask if you want to update the program definitions, click "Yes",
    • Let it through your firewall!
    • Under "Configuration and Preferences", click the Preferences BUTTON.
    • Click the Scanning Control TAB.
    • Under "Scanner Options" make sure the following and additional items are checked:
      • Close browsers before scanning
      • Scan for tracking cookies (default)
      • Terminate memory threats before quarantining.
      • Ignore System Restore/Volume Information on ME and XP
      • Click the Close button to leave the control center screen.
    • On the main screen, under "Scan for Harmful Software" click Scan your computer.
      • On the left check "C:\Fixed Drive".
      • On the right, under "Complete Scan", choose Perform Complete Scan.
      • Click "Next" to start the scan. Please be patient while it scans your computer.
      • After the scan is complete a summary box will appear. Click "OK".
      • Make sure everything in the white box has a check next to it, then click "Next".
      • It will quarantine what it found and if it asks if you want to reboot, click "Yes".
    • To retrieve the removal information - please do the following:
      • After reboot, double-click the "SUPERAntiSpyware icon" on your desktop.
      • Click "Preferences". Click the Statistics/Logs TAB.
      • Under "Scanner Logs", double-click "SUPERAntiSpyware Scan Log".
      • It will open in your default text editor (such as Notepad/Wordpad).
      • Please highlight everything , then right-click and choose copy.
    • Click close and close again to exit the program.
    • Please paste:
      • The SAS LOG information.
      • A new HijackThis LOG (with any current observations).
  3. 29-01-2009  #3
    gomblue91
    gomblue91 is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Thank you for your help!

    After posting on multiple forums, you were the only one to recomend Superantispyware

    On it, it found http://www.superantispyware.com/applicationdisplay.html?id=5244&trial=no&activated =no&appid={00E8CEEE-AAF8-4C7C-B4D6-B725B2D2B2DB}

    I deleted that and now i am back to peak performance!

    Thanks a bunch!
+ Reply to Thread
« HJT log | Programs keep freezing! »