also @ TechSpot: Google, Samsung unveil Chromebook, Chromebox with Chrome OS 19

TechSpot

Cpu at 100% memory + redirection issues

Discussion in 'Virus and Malware Removal' started by Manamiko, Mar 21, 2010.

Thread Status:
Not open for further replies.
Page 1 of 2

  1. Manamiko Newcomer, in training

    I suppose I should start this new thread off with the symptoms. Right now, I won't include all of the steps I have taken to find any threats, changes or additions to the computer, including all the software mentioned in the 8 step virus/malware removal guide, simply because it has not made a difference in this computers processing speed, and, if it has, minimal at best. Besides the cpu % issue, I also have a redirection infection for firefox, googling any website or link, and having to go directly to the address bar to navigate around it.This is a compaq presario 6000, and I am using it for a few months until I can afford to get a new desktop with reasonable specs for casual gaming, since my old one is basically useless to me due to a transformer blowing a couple weeks ago, frying the power supply and the motherboard, despite being on a so called *office grade* surge protector. Back to the problem at hand, the cpu memory usage stays at an idle 9-15%, opening any application or program, even just Run on the start menu will jump it to 35-40%, and moving any said screen around on the desktop , like Firefox , jumps the % to 100, where it stays at a constantly 100 while doing so or running an app/prog, such as a virus / spyware/ malware scan. Food for thought, I have attempted using services.msc to reduce to just the basic necessities on programs, and booted up in safe mode, before and after the 8 step virus / malware removal guide, and in vain, all symptoms remain the same. All drivers as far as I have checked are up to date.

    Specs are as follows:
    Windows XP Home Edition, SP3
    Amd Athlon(tm) XP 2200+
    1.80 Ghz, 736MB RAM
    S3 Graphics ProSavageDDR
    Realtek AC'97 Audio

    And now for the requested logs to get this started:
    P.S. I apologize if I can't edit and get the HJT log uploaded, this it keeps going to a *connection was reset by server* page, and may have to double post.
    Correction, I cannot get it to upload regardless of saving it as a txt or .log file, so I regret having to copy and paste the contents. This is rather irritating and I apologize.
    Edit: Is there a character Limit of some kind per post? I can create small edits, but I cannot paste the HJT log contents on here without getting a rediculous *connection was reset by server* page error.

    Attached Files:

    Manamiko, Mar 21, 2010
    #1

  2. Bobbye Helper on the Fringe

    I'm checking your problem and the 2 logs now. Go ahead and paste the HijackThis log in however you can. Maybe the first section, Running Processes on one reply and the rest on a second reply.

    We are having some problems with attaching and the moderators have been made aware of it
    Bobbye, Mar 21, 2010
    #2

  3. Manamiko Newcomer, in training

    HJT Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:29:03, on 3/21/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\RF Wireless Mouse\cm20.exe
    C:\WINDOWS\SM1BG.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    Manamiko, Mar 21, 2010
    #3

  4. Manamiko Newcomer, in training

    HJT log #2

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.com/info.dogpl.toolbar/
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.com/info.dogpl.toolbar/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe
    O4 - HKLM\..\Run: [LimeShop] wjview /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0a\aoltray.exe
    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    Manamiko, Mar 21, 2010
    #4

  5. Bobbye Helper on the Fringe

    It looks like you have (Fake AF – XP Smart Security, old name Antivirus XP 2010) in the system.

    Prepare the system for shutdown- but don't show it down. Instead, right click on the Taskbar> Task Manager> Processes tab> double click on the top frame over the CPU column. This will sort the usage amount in descending order. The only significant usage you should see now in the CPU column is for taskmgr, System and System Idle. Those 3 should add up to 100% of the CPU.

    See what other processes are using any significant CPU % over 1-2%. Give me the name of that process or processes.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
      Important! Save the renamed download to your desktop.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    • Double click on the setup file on the desktop to run
    • If prompted to download and install the Recovery Console, please do so.
      (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
    • If prompted to update, please allow.
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
    .
    Then Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Rescan with HJT and include new log with the Combofix report and Eset log. Include the HJT log if you can.

    Don't forget to let me know name of any high CPU processes when system is ready to be shutdown.
    Bobbye, Mar 21, 2010
    #5

  6. Manamiko Newcomer, in training

    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    There seems to be an ugly character limitation or some other problem posting, so im trying to finish off this log as best as possible.
    2nd Edit: I haven't been able to post the rest of the HJT log regardless of how I trim it here, or in a new post, and I can't Pm anyone until I reach the 30 post count, so for now until whatever this issue is gets resolved, I can't continue until you can read the full log incase there are additional instructions.
    Manamiko, Mar 21, 2010
    #6

  7. Manamiko Newcomer, in training

    Due to last night's issues, here are the logs, and I won't respond until later today when I get off work, and hopefully firefox will cooperate uploading today:

    Running Processes:
    System Idle Process: 81-94%
    taskmgr.exe/explorer.exe: 3%
    System: 0%, 236k
    those 4 are only superceeded when opening a program / app or moving a window of that prog, such as moving a firefox window *boosts firefox usage to 21-39% minimum*

    Attached Files:

    Manamiko, Mar 22, 2010
    #7

  8. Bobbye Helper on the Fringe

    I took another look at the HijackThis logs sections you posted and it's easy to see why the CPU is so active:

    All of these programs are auto-updating. That means each one is going to access the internet multiple times during the day, looking for updates. None need to run- you can update if needed whenever you open the program:
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

    These media program don't need to start on boot and run in the background:
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe

    There is a second firewall in addition to Comodo:
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui>> Sygate Secure Enterprise that implements firewall protection
    This will slow the system down and can also make it more vulnerable.

    Part of P2P, files sharing
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    This is starting from the temp file and should be removed.

    Duplicate security programs:
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    I would recommend removing Spyware Terminator, Spyware Doctor and all the other PC Tools.
    Add Spywareblaster instead:
    Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.

    The only questionable entries in the HJT log so far are:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    If you intentionally set the start page and search page to display as a blank page, there is no problem. If you have not, then we must look for MyWebSearch malware.

    That's about all I can do without the rest of the logs which has the Services on it. Just understand that all of the above load at Start and then run in the background. None need to, it's wasting the system resources.
    Bobbye, Mar 22, 2010
    #8

  9. Bobbye Helper on the Fringe

    Whoops! We were posting at the same time! I'm going to check the logs now.
    Bobbye, Mar 22, 2010
    #9

  10. Bobbye Helper on the Fringe

    These are 2 separate processes. there shouldn't be any CPU usage showing in explorer.exe when ready for shutdown. Don't get memory mixed up with the CPU usage> 23k is for memory, not CPU. Otherwise the list you left is perfectly normal.

    I have Firefox open with 7 tabs loaded> there is no CPU usage showing, just it's high memory usage.


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:

    Code:
    File::
c:\documents and settings\Andra\Local Settings\Application Data\1732168344.dll
c:\windows\System32\GameMon.des -service
c:\program files\LimeShop\System\Temp\limeshop_script0.htm

Folder::
c:\documents and settings\All Users\Application Data\Avg7
c:\program files\uTorrent
c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
c:\documents and settings\All Users\Application Data\TEMP

Driver::
npggsvc
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.

    What do you have for these programs?
    c:\program files\YourWare Solutions
    c:\program files\IObit
    c:\program files\Uniblue
    C:\Sandbox
    __________________
    Bobbye, Mar 22, 2010
    #10

  11. Manamiko Newcomer, in training

    The only associated file I personally know of is Uniblue, and it was for a Registry cleaner, but after getting Ccleaner I no longer worried about it. Any other software that you mentioned or found on here besides in the 8 step removal I have literally no idea, simply because this was my step-fathers old computer, and as I said, I have been attempting to get it up to speed for its specs for various small hobbies *Snes Emulation, oldschool mmo's such as diablo 2 & starcraft, etc.*

    One last question for this post, I did not follow any of your steps in your 3rd post in my thread, since you gave me more instructions in the 5th post. Do I still need to follow all your steps in the 3rd post? And if so, do I also need to run another combofix scan and attach the log?

    Here is the Combofix log after dragging and dropping the script file you created as of now:

    Edit: I have also been testing from google any websites I can think of that I commonly visit, such as youtube, and I have had zero redirection issues as of this step.

    Attached Files:

    Manamiko, Mar 22, 2010
    #11

  12. Bobbye Helper on the Fringe

    Then it should be uninstalled.

    Most of us don't recommend a Registry Cleaner. So if you aren't using it, it should be uninstalled.
    Regarding CCleaner: many of us recommend using the TFC- Temporary Files Cleaner instead. It doesn't have the tendencies that CCleaner does to remove inappropriate entries.

    Now, if the redirect has been resolved, it's up to your whether to continue. The about:blank issue needs to be handles as does the duplication in the security programs:

    As for What do you have for these programs?
    c:\program files\YourWare Solutions
    c:\program files\IObit
    c:\program files\Uniblue
    C:\Sandbox

    It would be best if you looked in Add/Remove Programs in the Control Panel to see what is installed for them. Everything I mentioned in Post 8 still exists and should be handled. Your concern about high CPU usage is at least partially related to all of those entries.

    Let me know what you want to do. If I set up script to help you with the removals, all you would need to do is run it and show me the report it gives after- same as you did above.
    Bobbye, Mar 23, 2010
    #12

  13. Manamiko Newcomer, in training

    Yes, I am ready to continue. CCleaner has been uninstalled , and I have installed TFC, ran it, and prompted a reboot. Pc speed is doing better since your last steps. The auto-run on startup programs have been handled (as far as I can tell in taskmgr) the two media programs have been dealt with accordingly, sygate firewall has been completely removed, limeshop has been removed, and the duplicate security programs have been removed, where I am only running an updated version of SpywareBlaster. The about:blank issue I have nothing personally to do with, and as for the ''What do you have for these programs?'':




    C:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (no installation in the Add/Remove C-panel
    C:\program files\IObit\IObit SmartDefrag - Smart Defrag installed in the Add/Remove C-panel
    C:\program files\Uniblue\RegistryBooster 2010 + SpeedUpMyPC - installed in the Add/Remove C-panel
    C:\Sandbox - the folder is empty, no indication of whats installed for it in the Add/Remove C-panel

    Edit: File ''C:\Program Files\Uniblue\RegistryBooster\unins000.dat'' does not exist. Cannot uninstall.
    File ''C:\Program Files\Uniblue\SpeedUpMyPC\unins000.dat'' does not exist. Cannot uninstall.
    FreeRAM Xp Pro has no insallation in the Add/Remove C-panel, Smart Defrag does, and I have not uninstalled it yet. I will be waiting for further instruction, since the script you write may include Smart Defrag.
    Manamiko, Mar 23, 2010
    #13

  14. Bobbye Helper on the Fringe

    Good job! Sorry, I'm doing this backwards!
    You can use HijackThis to show what is installed on the system and additionally, the autostarts. This should give you an overview of other processes you inherited but may not want to use:

    Use this page as a starting place:
    http://www.bleepingcomputer.com/tutorials/tutorial42.html#HTStartupList and go down the sections as follows:
    How to Generate Startup Listing:
    How to use the Process Manager
    How to use the Delete on Reboot tool
    HijackThis Configuration Options: you will not click on Scan for this. Instead, Choose the Config option when you start HijackThis, which is designated by the blue arrow in Figure 2, and then click on the Misc Tools button at the top: After you have viewed the installs and decided what you want to remove, Click on the Open Uninstall Manager
    [IMG]

    This will make it easier for you to not only see what's on the system, but remove some of what you want. There are additional screen shots for each section. We 'underuse' this program!

    When you have finished, run Combofix so I can see files and folders that are left. Then I'll set up the script to remove them. Remember to empty the recycle bin along the way and at the end. So we're almost finished and you should have a much better running system after.

    Screen shot courtesy Bleepingcomputer.
    Bobbye, Mar 23, 2010
    #14

  15. Manamiko Newcomer, in training

    Thanks! I have finished with the previous instructions on HijackThis, but I want you to know that while the processing speed has increased, atleast i would guess 15-25%, it is still not quite significant enough to watch a video on youtube, or attempt loading an emulator in window mode or full screen, with ALL other processes exited including firefox, to playback or run without a good deal of lagging. I also still have the issue with dragging a window of any kind across the desktop creating 100% cpu usage, thoough its not As bad as before we began this entire process. I should mention that this Desktop is around 6-8 years old, and it has been cleaned off inside and out gently and without any moisture added to any surfaces such as cleaners. I would replace the old chip with my Amd 64x2 chip from my old desktop, but I cannot successfully remove the clip that holds the heatsink to the frame for the chip on the motherboard. And now, without further stalling, here is the combofix log:

    Attached Files:

    Manamiko, Mar 23, 2010
    #15

  16. Bobbye Helper on the Fringe

    Do you mean that holding the left mouse button down on the top of a Window frame and dragging it causes the CPU to spike at 100%?

    I have a desktop in the age range. I think all electronics slow down with age. Mine did. Although I use overwriting instead of deleting and the fact that it still has 77% free resources, it is slower with age.
    Have you updated the drivers?


    • [1]. Close any open browsers.
      2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:

    Code:
    File::
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\PCPitstop
c:\documents and settings\Owner\Application Data\IObit
c:\documents and settings\All Users\Uniblue
c:\documents and settings\Owner\Application Data\Uniblue
c:\documents and settings\Owner\Application Data\Auslogics
c:\windows\system32\msCMTSrvc.exe
c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys
c:\program files\LimeShop\System\Temp\limeshop_script0.htm
c:\program files\Common Files\SM1updtr.dll

Folder::
c:\program files\PCPitstop
c:\program files\Uniblue
c:\program files\Auslogics
c:\program files\iWin.com
c:\program files\RealVegas Online Fun Only
c:\program files\Common Files\PC Tools

DirLook::
C:\Sandbox

Driver::
msCMTSrvc
PCDRDRV
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.

    Graphics software is old: VTPreset.exe" [2004-02-25 45056]

    Please reopen HJT to 'do system scan only'. Check the following entries:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    Close all Windows except HJT and click on "Fix Checked."
    Bobbye, Mar 24, 2010
    #16

  17. Manamiko Newcomer, in training

    Yes, holding the left mouse button down on the top of a Window frame and dragging it causes the CPU to spike at 100%, though it takes a couple seconds to spike up to 100% rather than instantly when we first began troubleshooting on this thread. As far as ive checked, the drivers are all up to date except for the possible bios/system, but i am unsure as to where to check for updates. The Bios information says phoenix technologies, and I have started another thread in the Motherboards forum and waiting on a response.

    Here is the combofix log, and thanks for all your help and support :) and one more thing. This is both funny and alittle embarrassing, but there was one option I NEVER checked because I have never had any reason to mess with it on my old desktop, and I completely forgot about it. Right-clicking the desktop, Properties > Settings Tab > Advanced > TroubleShoot Tab, Hardware Acceleration. My step-father had it set to None (haha) and I set it to Full (recommended) and it gave the performance / processing speed a good 50%+ or more boost. I can run emulation just fine without lag on bootup, the only possible issue left is the window dragging, and less, but still small lag in video playback, like on youtube. I suspect its as you said, that due to age, there are some things I can't control , although a fresh install of windows might help, he doesn't have the discs to do so.

    Attached Files:

    Manamiko, Mar 24, 2010
    #17

  18. Manamiko Newcomer, in training

    a bump to the top^
    Manamiko, Mar 25, 2010
    #18

  19. Bobbye Helper on the Fringe

    I'll be back with you as soon as I can. I'm helping some other members. Please don't bump the thread for a few hours.
    Bobbye, Mar 25, 2010
    #19

  20. Bobbye Helper on the Fringe

    Bobbye, Mar 25, 2010
    #20
Page 1 of 2
Thread Status:
Not open for further replies.