100% cpu usage...kind of unusual

[Anonymous Danny]

Ok, so my friend in college has a cpu that is at 100% usage. It is a very unsual circumstance. They took their cpu from home to college. Before they left, the installed WIndowns Service Pack 2, Ad-Aware, Spybot S&D, and AVG Free, as well as uninstalled Norton Anti-Virus. Now at college they are experience difficulty. CPU usage is at 100%. It looks almost as if spoolsv.exe is causing the problem, even though that's not a virus. Programs are running slowly, their printer no longer works properly. And it's all crazy. I don't know if the programs he installed before he left had anything to do these problems (SP2 seems to sometimes cause issues). I told my friend to run hijack and send me the log of the events here they are.



Does anybody see anything unusual that could be causing these problems? It came up quite unexpectedly. My friend, who by the way, is not me, would appreciate the help.

 

[Didou]

Attachment, attachment, attachment !

 

[Anonymous Danny]

Sorry bout that. Ok log file is now in the attachment

 

[RealBlackStuff]

Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager.
On Windows 95/98/ME, press CTRL+ALT+DELETE.
On Windows NT/2000/XP, press CTRL+SHIFT+ESC.
Click the Processes tab, select the process (if there) and click End Process for:
GameDrvr.exe
Weather.exe

Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\AWS\WeatherBug\Weather.exe

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
Fix ALL your O16 - DPF: entries
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).

To fix these:
O10 - Unknown file in Winsock LSP: c:\windows\system32\shc\network\rdp\ibe\icelsp_8.0.614.0.dll
Download LSPFix from http://cexx.org/lspfix.htm
1. Run LSPFix.
2. Check 'I know what I'm doing'.
3. Select 'icelsp_8.0.614.0.dll'.
4. Click the right-pointing arrow (moves it to the "remove" page).
5. Click 'Finished'.

Boot normal. When all OK, switch System Restore back on.

Tell your friend to STOP using Internet Explorer and to get Firefox instead!

 

[Anonymous Danny]

A few questions about doing that.

1. The programs that seem to be needing removal are AIM toolbar, Weatherbug, and the Tangent Game Drive that comes with AIM. Is there any reason the safe mode needs to be entered. Could the programs just be uninstalled in the Add/Remove Programs list?

2. If system restore is turned off, does that delete all previous restore points?

3. If so, would it at all be a god idea to do a system restore first to see if that fixes the problem?

 

[RealBlackStuff]

Delete AIM toolbar as well if you like, up to you.
The safe mode guarantees minimum interference from other programs.
System Restore OFF deletes all restore points. The reason for that is that most likely that crap is alo included inside one or more of your restore points, so OUT with the suckers.
Do NOT do a restore point, unless it is one from BEFORE the infection with both of them. You would also lose a lot of other stuff, which you (and I) don't know WHAT it is.