CPU 100%, HiJackThis Logfile included

[helpmeplease]

Hello everyone,
A couple of weeks ago my computer suddenly became very slow. After a 4
minute startup, CPU usage runs constantly at 100%, mostly explorer.exe is
taking up the cpu usage but it alternates with many other processes including
svchost and idleprocesses. The HijackThis log file is below... I hope some
one can help me. Thank you in advance


HiJack This logfile......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:43 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\BitDefender\BitDefender
Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update
Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://ucsbuxa.ucsb.edu:9000/ucsblibrary
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} -
C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [IntelliPoint] C:\Program Files\Microsoft
IntelliPoint\point32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender
2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program
Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program
Files\Windows Live
Toolbar\Components\en-us\msntabres.dll.mui/229?62d140dc2f7344a988d04daa9f3437ef
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program
Files\Windows Live
Toolbar\Components\en-us\msntabres.dll.mui/230?62d140dc2f7344a988d04daa9f3437ef
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF:
START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{6F15376B-864A-4D1B-877B-1138679D4065}:
NameServer = 68.6.16.30,68.2.16.30
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender
S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update
Service\livesrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common
Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. -
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program
Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

 

[Xandros]

Hello everyone,
A couple of weeks ago my computer suddenly became very slow. After a 4
minute startup, CPU usage runs constantly at 100%, mostly explorer.exe is
taking up the cpu usage but it alternates with many other processes
including
svchost and idleprocesses. The HijackThis log file is below... I hope some
one can help me. Thank you in advance

Please do not post HiJackThis or anyother large file to these groups. There
are many, mamny people who come here who are using dial-up and also pay by
the minute for their downloads. This slows them down and costs them a lot.
You should post HiJackThis Logs to any of the popular forums set up to help
with them. For example take this link and post your logfile there
http://aumha.net/viewforum.php?f=30

 

[Gerry]

As you have been told HijackThis logs are dealt with by specialist
forums. However, why do you thinks you have malware? High CPU activity
can be caused by misbehaving programmes and this could be your problem.

How much RAM memory?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the boxes
before Peak Memory Usage and Virtual Memory size. What are the figures
for the 6 processes using the largest amounts?

Do you leave your computer on 24/7?

Process Explorer provides more information than Task Manager.

Download Process Explorer.

For further information about Process Explorer see here:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

A new addition to Process Explorer is that you can now right click on a
process and search Online for relevant information.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Hello everyone,
A couple of weeks ago my computer suddenly became very slow. After a 4
minute startup, CPU usage runs constantly at 100%, mostly
explorer.exe is taking up the cpu usage but it alternates with many
other processes including svchost and idleprocesses. The HijackThis
log file is below... I hope some one can help me. Thank you in advance


HiJack This logfile......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:43 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\BitDefender\BitDefender
Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update
Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://ucsbuxa.ucsb.edu:9000/ucsblibrary
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no
file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live
Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar -
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program
Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows
Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default
Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [IntelliPoint] C:\Program Files\Microsoft
IntelliPoint\point32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE
/AUTORUN O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender
2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program
Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open in new background tab -
res://C:\Program Files\Windows Live
Toolbar\Components\en-us\msntabres.dll.mui/229?62d140dc2f7344a988d04daa9f3437ef
O8 - Extra context menu item: Open in new foreground tab -
res://C:\Program Files\Windows Live
Toolbar\Components\en-us\msntabres.dll.mui/230?62d140dc2f7344a988d04daa9f3437ef
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug -
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -
C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF:
START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: ppctlcab -
http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF:
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{6F15376B-864A-4D1B-877B-1138679D4065}:
NameServer = 68.6.16.30,68.2.16.30
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) -
BitDefender S.R.L. - C:\Program Files\Common
Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common
Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service
(default)) - Analog Devices, Inc. - C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe O23 - Service: BitDefender Virus Shield
(VSSERV) - BitDefender S.R.L. - C:\Program
Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender -
C:\Program Files\Common Files\BitDefender\BitDefender
Communicator\xcommsvr.exe

 

[Poprivet`]

Looks like a great big RTFM is in order for the OP

 

[Sam Hobbs]

I don't see anywhere that helpmeplease says anything about malware. The
closest that helpmeplease says is that "suddenly became very slow" and "CPU
usage runs constantly at 100%" and helpmeplease lists a few culprits, none
of which are suggested as being malware.

Did you read what Xandros said about large files? There was no need to
retain the entire original message in your reply.

As you have been told HijackThis logs are dealt with by specialist
forums. However, why do you thinks you have malware? High CPU activity can
be caused by misbehaving programmes and this could be your problem.

How much RAM memory?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the boxes
before Peak Memory Usage and Virtual Memory size. What are the figures
for the 6 processes using the largest amounts?

Do you leave your computer on 24/7?

Process Explorer provides more information than Task Manager.

Download Process Explorer.

For further information about Process Explorer see here:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

A new addition to Process Explorer is that you can now right click on a
process and search Online for relevant information.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

[Remander clipped]

 

[Gerry]

Sam

HijackThis is primarily used to detect malware.
http://en.wikipedia.org/wiki/HijackThis

Is a 11 kb large?



~~~~


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

I don't see anywhere that helpmeplease says anything about malware.
The closest that helpmeplease says is that "suddenly became very
slow" and "CPU usage runs constantly at 100%" and helpmeplease lists
a few culprits, none of which are suggested as being malware.

Did you read what Xandros said about large files? There was no need to
retain the entire original message in your reply.

As you have been told HijackThis logs are dealt with by specialist
forums. However, why do you thinks you have malware? High CPU
activity can be caused by misbehaving programmes and this could be
your problem. How much RAM memory?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the
boxes before Peak Memory Usage and Virtual Memory size. What are the
figures for the 6 processes using the largest amounts?

Do you leave your computer on 24/7?

Process Explorer provides more information than Task Manager.

Download Process Explorer.

For further information about Process Explorer see here:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

A new addition to Process Explorer is that you can now right click
on a process and search Online for relevant information.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

[Remander clipped]

 

[Peter Foldes]

Gerry

Try and snip the post next time. No need to include all of the OP's post that includes the Hijack log

 

[Gerry]

Peter

I do snip when I think about it. Sometimes when I did do I get
complaints about that. Seems I can't win <G>. However, 11 kb is not
really going to test a 56k connection.

--
~~~~


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Frank Saunders MS-MVP IE,OE/WM]

Peter

I do snip when I think about it. Sometimes when I did do I get complaints
about that. Seems I can't win <G>. However, 11 kb is not really going to
test a 56k connection.

Where I live 26,400 is a really good connection.

 

[Sam Hobbs]

Yes, 11 kb is definitely large if it is not relevant to the response and
therefore useless.

You are saying that use of HijackThis implies something. I don't make
assumptions such as that. To the extent that malware is suspected, I would
request that the person asking the original question provide clarification
so the conversation does not get excessive such as it is here.

HijackThis was used by helpmeplease to provide data. If you doubt that
malware is a problem then that is useful feedback for helpmeplease. You
however indicated that helpmeplease stated a suspicion that the cause is
malware. Misinterpretation of what helpmeplease said can create irrelevant
discussion.

Sam

HijackThis is primarily used to detect malware.
http://en.wikipedia.org/wiki/HijackThis

Is a 11 kb large?



~~~~


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

I don't see anywhere that helpmeplease says anything about malware.
The closest that helpmeplease says is that "suddenly became very
slow" and "CPU usage runs constantly at 100%" and helpmeplease lists
a few culprits, none of which are suggested as being malware.

Did you read what Xandros said about large files? There was no need to
retain the entire original message in your reply.

As you have been told HijackThis logs are dealt with by specialist
forums. However, why do you thinks you have malware? High CPU
activity can be caused by misbehaving programmes and this could be
your problem. How much RAM memory?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the
boxes before Peak Memory Usage and Virtual Memory size. What are the
figures for the 6 processes using the largest amounts?

Do you leave your computer on 24/7?

Process Explorer provides more information than Task Manager.

Download Process Explorer.

For further information about Process Explorer see here:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

A new addition to Process Explorer is that you can now right click
on a process and search Online for relevant information.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~



helpmeplease wrote:
Hello everyone,
A couple of weeks ago my computer suddenly became very slow. After
a 4 minute startup, CPU usage runs constantly at 100%, mostly
explorer.exe is taking up the cpu usage but it alternates with many
other processes including svchost and idleprocesses. The HijackThis
log file is below... I hope some one can help me. Thank you in
advance

[Remander clipped]

 

[Sam Hobbs]

I do understand that (and feel as if I resemble it too); both in terms of
not thinking about it (I might do that) and in terms of getting criticism
regardlous.

 

[Bill P]

Hello everyone,
A couple of weeks ago my computer suddenly became very slow. After a 4
minute startup, CPU usage runs constantly at 100%, mostly explorer.exe is
taking up the cpu usage but it alternates with many other processes
including
svchost and idleprocesses. The HijackThis log file is below... I hope some
one can help me. Thank you in advance

Hi
Copy and paste your logfile here
http://hijackthis.de/index.php?langselect=english and you will see for
yourself that there are some entries that should be fixed although whether
they will solve your problem is another matter.
regards
Bill

 

[Gerry]

As you have been told HijackThis logs are dealt with by specialist
forums. However, why do you thinks you have malware? High CPU activity
can be caused by misbehaving programmes and this could be your problem.

How much RAM memory?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the boxes
before Peak Memory Usage and Virtual Memory size. What are the figures
for the 6 processes using the largest amounts?

Do you leave your computer on 24/7?

Process Explorer provides more information than Task Manager.

Download Process Explorer.

For further information about Process Explorer see here:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

A new addition to Process Explorer is that you can now right click on a
process and search Online for relevant information.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Sam

An extra 9 kb actually plus the extra 2 kb to test.

HijackThis, sometimes abbreviated HJT, is freeware spyware-removal tool
for Microsoft Windows originally created by Merijn Bellekom, and later
sold to Trend Micro.
http://en.wikipedia.org:80/wiki/HijackThis

You are just being argumentative.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Yes, 11 kb is definitely large if it is not relevant to the response
and therefore useless.

You are saying that use of HijackThis implies something. I don't make
assumptions such as that. To the extent that malware is suspected, I
would request that the person asking the original question provide
clarification so the conversation does not get excessive such as it
is here.
HijackThis was used by helpmeplease to provide data. If you doubt that
malware is a problem then that is useful feedback for helpmeplease.
You however indicated that helpmeplease stated a suspicion that the
cause is malware. Misinterpretation of what helpmeplease said can
create irrelevant discussion.

Sam

HijackThis is primarily used to detect malware.
http://en.wikipedia.org/wiki/HijackThis

Is a 11 kb large?



~~~~


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

I don't see anywhere that helpmeplease says anything about malware.
The closest that helpmeplease says is that "suddenly became very
slow" and "CPU usage runs constantly at 100%" and helpmeplease lists
a few culprits, none of which are suggested as being malware.

Did you read what Xandros said about large files? There was no need
to retain the entire original message in your reply.


As you have been told HijackThis logs are dealt with by specialist
forums. However, why do you thinks you have malware? High CPU
activity can be caused by misbehaving programmes and this could be
your problem. How much RAM memory?

Try Ctrl+Alt+Delete to select Task Manager and click the
Performance Tab. Under Commit Charge what is the Total, the Limit
and the Peak? You should be able to gather more information from
Task Manager.
With the Processes tab open select View, Select, Columns and check
the boxes before Peak Memory Usage and Virtual Memory size. What
are the figures for the 6 processes using the largest amounts?

Do you leave your computer on 24/7?

Process Explorer provides more information than Task Manager.

Download Process Explorer.

For further information about Process Explorer see here:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

A new addition to Process Explorer is that you can now right click
on a process and search Online for relevant information.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~



helpmeplease wrote:
Hello everyone,
A couple of weeks ago my computer suddenly became very slow. After
a 4 minute startup, CPU usage runs constantly at 100%, mostly
explorer.exe is taking up the cpu usage but it alternates with
many other processes including svchost and idleprocesses. The
HijackThis log file is below... I hope some one can help me.
Thank you in advance

[Remander clipped]

 

[Gerry]

Oh well Frank we cannot all live in the back of beyond. I guess living
where you do has it's compensations.

An interesting link but I expect you have seen it before
http://cc.msnscache.com/cache.aspx?q=72447145302848&mkt=en-US&lang=en-US&w=9b594260&FORM=CVRE

--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Sam Hobbs]

Sam

An extra 9 kb actually plus the extra 2 kb to test.

HijackThis, sometimes abbreviated HJT, is freeware spyware-removal tool
for Microsoft Windows originally created by Merijn Bellekom, and later
sold to Trend Micro.
http://en.wikipedia.org:80/wiki/HijackThis

You are just being argumentative.

That's strange; I have the impression that you are being argumentative.

 

[Sam Hobbs]

That is what helpmeplease is asking; what the information shows, whether the
cause is misbehaving programmes or what. I see no conclusion of cause by
helpmeplease.

 

[Gerry]

Sam

What helpful suggestion have you contributed to this conversation that
will benefit helpmeplease <[email protected]>?


~~~~


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~