aolsoftware.exe 50% CPU utilization & higher

[mhilliard_14]

So about a few weeks, AIM 6.5[?] came out, and I upgraded from my standard 6.0 AIM version. Yes yes, the troubles that come with AOL, I'm slightly aware of, however the AIM programs is necessary for me to function as a normal high school student who greatly uses the internet, and AIM to commmunicate regarding homework and what not.

but to cut right to the chase, ever so recently, I've been having problems with "aolsoftware.exe" running at 50% CPU, and sometimes, even peaking out at about 80% CPU.

So, I guess the real reason why im asking is because I want to know what to do to fix this issue. I really don't know what is causing it to do this. It results in me CTRL + ALT + DEL and "ending tree" on aolsoftware.exe which only causes more problems, and makes Windows XP hang even more. Sometimes it resolves the issue for this session, but still reoccurs on next reboot.

[Also makes me have to improperly shut down my laptop... ]

Any help would be greatly appreciated.

 

[PBNinja101]

open up Start, Run, and type: "msconfig".

Go to Startup tab, and find aolsoftware.exe and untick it, apply and hit ok.

Now restart your PC when asked, and your problems have gone.

Simon

 

[Rik]

Doing that will be AIM suicide.

 

[howard_hopkinso]

I`d like to do a quick check for malware.

Go and read this thread HERE and post a HJT log as an attachment into this thread.

Regards Howard

 

[PBNinja101]

@Rik:

No it won't, that aolsoftware.exe opens up if not in the process list with AIM.

 

[mhilliard_14]

hijackthis log.

okay, here's the log.
ill stand by attention for you advise.
thanks.

 

[howard_hopkinso]

Your system is infected with a variety of malware.

I have therefore moved this thread to our Security forum.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mhilliard_14]

okay. i will be doing so now. ill reply back to you as soon as i finish completing yoru steps. may take a while, an hour you think?

 

[howard_hopkinso]

It may well take longer than that, but stay with it.

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mhilliard_14]

okay. will do.

bleh, housecall did not find a native bind? >_<
so skip the trendmicro step?

 

[howard_hopkinso]

It does say in the instructions, that if you have any problems with Housecall, then skip it.

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mhilliard_14]

im no sure if you're still avaiable, but i finished doing the aformentioned.
and yeah, didnt read that part. sorry. lol

attached is the new hjt log.

oh yeah. here's the combo fix log.
thanks again.

any new advise?

 

[howard_hopkinso]

You haven`t attached the AVG Antispyware log and neither have you let me know the results of the Panda Antirootkit scan.

You obviously have problems with reading and following instructions, let`s hope you can follow these instructions properly.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Go to add remove programmes in your control panel and uninstall anything to do with(if there).

viewpoint
viewpoint toolbar
viewpoint manager
Adssite Advanced Toolbar

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewpointService.exe
PowerReg Scheduler.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll

O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll

O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify

O4 - HKLM\..\Run: [WinFlip] C:\Documents and Settings\Michael Hilliard\Desktop\WFlip042\WinFlip.exe

O4 - S-1-5-21-3953384203-2845273737-423257267-1005 Startup: PowerReg Scheduler.exe (User '?')

O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

PowerReg Scheduler.exe<Search your system for this file and delete all instances found.
C:\WINDOWS\system32\gzmrotate.dll
C:\Program Files\Adssite Advanced Toolbar
C:\Program Files\viewpoint

Reboot into normal mode and rehide your protected OS files.

Go HERE, download and install the latest version of Java.

Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

Post fresh HJT, Combofix and AVG Antispyware logs. Also, let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mhilliard_14]

lol, okay okay.
so im a bad listener. sorry [:
okay will do tomorrow. hafta get my rest. will update soon. thanks again

**edit**
before i forget, the anti-rootkt came out clean. found no results?
and the avg? well ill do it again for update.
update you again tomorrow.

 

[howard_hopkinso]

Hee hee, no problem.

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mhilliard_14]

ahah. so i did save the avg scan [:

 

[howard_hopkinso]

That`s fine mate, just tracking cookies found, which are harmless.

Just post fresh HJT and Combofix logs after following the instructions in my post #13

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mhilliard_14]

do i delete the old J2SE Runtime Environments as well?
i dont want to delete anything that you didnt say to. lol

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
J2SE Runtime (TM) SE Runtime Environment 6 Update 1

so, delete all except "Java(TM) 6 Update 3"?

 

[howard_hopkinso]

Yes, that`s right, uninstall them all except for version 6 update 3.

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mhilliard_14]

mkay.
so while the avg anti-spyware is continuing its neverending process [lol], I'll update you with the two logs and information i have.

so far, i've completed all steps, with the exception of completing the AV Anti-Spyrware scan, which is currently in procecss.

Attached hereto are:
hijackthis log file [most recent from about 20 minutes ago.]
combofix log [recent log]

In regards to the "panda" software, i'll assume it was clean. items were scanned, and 0 rootkits detected, removed, or sent to panda.
[YAY!]

oh by the way, whats a rootkit?
I'll be updating you with the AVG Anti-Spyware log as soon as it completes.

Regards,
The listening Student

*****edit*****
I have now completed AVG antispyware scan, and are now attaching the log file. all instances have been deleted. [:


soo, whats up now Doc?

oh yeah, and i did everything else in your instructions before my last post, justing case you didnt know. [:

You obviously have problems with reading and following instructions, let`s hope you can follow these instructions properly.

oh yeah, and i did everything else in your instructions before my last post, justing case you didnt know. [:

 

[howard_hopkinso]

Sorry for the delay in getting back to you, but I`ve had some serious computer issues to deal with.

Your AVG log still says no action taken. However, as I sad before, it`s only showing tracking cookies, so no worries there.

Run Ccleaner as per step9 of these instructions. That should get rid of your cookies.

A rootkit is an infection that hides from normal detection methods. Hence the Panda Antirootkit instructions.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\system32\Uharc.exe
Folder::
C:\VundoFix Backups
C:\Qoobox

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mhilliard_14]

mkay.
listened;; completed; posting. =]

here's the combofix log, and the hijackthisupdated log.
and i did do as you instructed. [:
and in regards to avg showing as not cleaned, its probably because I saved the log before i hit clean. yeah, thats probably it.. :grinthumb

***edit***
by the way, what did the aforementioned "script code" do? just out of curiosity.

 

[howard_hopkinso]

The CFScript.txt deleted the files/folders it contained.

Now, we need to do the same again.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\mozregistry.dat
C:\Documents and Settings\Michael Hilliard\idvectra.exe
Folder::
C:\Documents and Settings\Michael Hilliard\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Qoobox

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[mhilliard_14]

attached are the two logs you requested.


btw, i hope your computer is back up and running. [:

 

[howard_hopkinso]

That all looks good.

Just delete the C:\Qoobox folder.

Unless you`re still having problems, you should be good to go.

Only if you`re not having problems, please do the following.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.