TechSpot

aolsoftware.exe 50% CPU utilization & higher

By mhilliard_14
Oct 29, 2007
  1. So about a few weeks, AIM 6.5[?] came out, and I upgraded from my standard 6.0 AIM version. Yes yes, the troubles that come with AOL, I'm slightly aware of, however the AIM programs is necessary for me to function as a normal high school student who greatly uses the internet, and AIM to commmunicate regarding homework and what not.

    but to cut right to the chase, ever so recently, I've been having problems with "aolsoftware.exe" running at 50% CPU, and sometimes, even peaking out at about 80% CPU.

    So, I guess the real reason why im asking is because I want to know what to do to fix this issue. I really don't know what is causing it to do this. It results in me CTRL + ALT + DEL and "ending tree" on aolsoftware.exe which only causes more problems, and makes Windows XP hang even more. Sometimes it resolves the issue for this session, but still reoccurs on next reboot.

    [Also makes me have to improperly shut down my laptop... :mad: ]

    Any help would be greatly appreciated.
     
  2. PBNinja101

    PBNinja101 TS Rookie Posts: 48

    open up Start, Run, and type: "msconfig".

    Go to Startup tab, and find aolsoftware.exe and untick it, apply and hit ok.

    Now restart your PC when asked, and your problems have gone.

    Simon
     
  3. Rik

    Rik Banned Posts: 3,814

    Doing that will be AIM suicide.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`d like to do a quick check for malware.

    Go and read this thread HERE and post a HJT log as an attachment into this thread.

    Regards Howard :)
     
  5. PBNinja101

    PBNinja101 TS Rookie Posts: 48

    @Rik:

    No it won't, that aolsoftware.exe opens up if not in the process list with AIM.
     
  6. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    hijackthis log.

    okay, here's the log.
    ill stand by attention for you advise.
    thanks.
     

    Attached Files:

  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected with a variety of malware.

    I have therefore moved this thread to our Security forum.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    okay. i will be doing so now. ill reply back to you as soon as i finish completing yoru steps. may take a while, an hour you think?
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It may well take longer than that, but stay with it.

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    okay. will do.

    bleh, housecall did not find a native bind? >_<
    so skip the trendmicro step?
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It does say in the instructions, that if you have any problems with Housecall, then skip it. ;)

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    im no sure if you're still avaiable, but i finished doing the aformentioned.
    and yeah, didnt read that part. sorry. lol

    attached is the new hjt log.

    oh yeah. here's the combo fix log.
    thanks again.

    any new advise?
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You haven`t attached the AVG Antispyware log and neither have you let me know the results of the Panda Antirootkit scan.

    You obviously have problems with reading and following instructions, let`s hope you can follow these instructions properly.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    viewpoint
    viewpoint toolbar
    viewpoint manager
    Adssite Advanced Toolbar

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Viewpoint Manager Service

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ViewpointService.exe
    PowerReg Scheduler.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll

    O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll

    O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify

    O4 - HKLM\..\Run: [WinFlip] C:\Documents and Settings\Michael Hilliard\Desktop\WFlip042\WinFlip.exe

    O4 - S-1-5-21-3953384203-2845273737-423257267-1005 Startup: PowerReg Scheduler.exe (User '?')

    O4 - Startup: PowerReg Scheduler.exe

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    PowerReg Scheduler.exe<Search your system for this file and delete all instances found.
    C:\WINDOWS\system32\gzmrotate.dll
    C:\Program Files\Adssite Advanced Toolbar
    C:\Program Files\viewpoint

    Reboot into normal mode and rehide your protected OS files.

    Go HERE, download and install the latest version of Java.

    Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

    Post fresh HJT, Combofix and AVG Antispyware logs. Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    lol, okay okay.
    so im a bad listener. sorry [:
    okay will do tomorrow. hafta get my rest. will update soon. thanks again

    **edit**
    before i forget, the anti-rootkt came out clean. found no results?
    and the avg? well ill do it again for update.
    update you again tomorrow.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hee hee, no problem. ;)

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    ahah. so i did save the avg scan [:
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s fine mate, just tracking cookies found, which are harmless.

    Just post fresh HJT and Combofix logs after following the instructions in my post #13

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    do i delete the old J2SE Runtime Environments as well?
    i dont want to delete anything that you didnt say to. lol

    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 3
    J2SE Runtime (TM) SE Runtime Environment 6 Update 1

    so, delete all except "Java(TM) 6 Update 3"?
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, that`s right, uninstall them all except for version 6 update 3.

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    mkay.
    so while the avg anti-spyware is continuing its neverending process [lol], I'll update you with the two logs and information i have.

    so far, i've completed all steps, with the exception of completing the AV Anti-Spyrware scan, which is currently in procecss.

    Attached hereto are:
    hijackthis log file [most recent from about 20 minutes ago.]
    combofix log [recent log]


    In regards to the "panda" software, i'll assume it was clean. items were scanned, and 0 rootkits detected, removed, or sent to panda.
    [YAY!]

    oh by the way, whats a rootkit?
    I'll be updating you with the AVG Anti-Spyware log as soon as it completes.

    Regards,
    The listening Student

    *****edit*****
    I have now completed AVG antispyware scan, and are now attaching the log file. all instances have been deleted. [:


    soo, whats up now Doc?

    oh yeah, and i did everything else in your instructions before my last post, justing case you didnt know. [:

    oh yeah, and i did everything else in your instructions before my last post, justing case you didnt know. [:
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Sorry for the delay in getting back to you, but I`ve had some serious computer issues to deal with.

    Your AVG log still says no action taken. However, as I sad before, it`s only showing tracking cookies, so no worries there.

    Run Ccleaner as per step9 of these instructions. That should get rid of your cookies.

    A rootkit is an infection that hides from normal detection methods. Hence the Panda Antirootkit instructions.

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:




    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    mkay.
    listened;; completed; posting. =]

    here's the combofix log, and the hijackthisupdated log.
    and i did do as you instructed. [:
    and in regards to avg showing as not cleaned, its probably because I saved the log before i hit clean. yeah, thats probably it.. :grinthumb

    ***edit***
    by the way, what did the aforementioned "script code" do? just out of curiosity.
     
  23. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The CFScript.txt deleted the files/folders it contained.

    Now, we need to do the same again.

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:

    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  24. mhilliard_14

    mhilliard_14 TS Rookie Topic Starter Posts: 31

    attached are the two logs you requested.


    btw, i hope your computer is back up and running. [:
     
  25. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That all looks good.

    Just delete the C:\Qoobox folder.

    Unless you`re still having problems, you should be good to go.

    Only if you`re not having problems, please do the following.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of mhilliard_14 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...