Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU constantly at 100% usage


  • Please log in to reply
11 replies to this topic

#1 izombie616

izombie616

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 AM

Posted 25 February 2014 - 09:37 AM

Last week I was playing a game like I usually do on my laptop, and it overheated. It has had an overheating problem, but for the past month I've had it on a cooling fan thats sitting on top of books on top of a tray so the fans are clear, and it hasnt overheated once like this (until last week). So I went to bed and the next day I went to use my laptop and the CPU usage is between 86-100% and its going so slow and laggy. Even opening google chrome it shoots to 100% and stays there. Playing games is now impossible and pretty much so is anything else. Before all this even when I played a game the CPU would usually stay between 50-85% CPU. I'm not sure what to do with this thing in order to keep it from becoming a large paperweight.

 

Laptop specs:

 

Windows Edition: Windows 7 Home Premium Service Pack 1

 

System:

 

Manufacturer: Dell

Model: M5010

Processor: AMD Phenom™ II N870 Triple-Core Processor 2.30 GHz

Installed Memory (RAM): 6.00 GB (5.75GB usable)

System type: 64-bit operating system

 



BC AdBot (Login to Remove)

 


#2 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:09:10 AM

Posted 25 February 2014 - 10:43 AM

Please download and run Speccy.  Once the scan has completed:

 

  1. Click File, and then click Publish Snapshot.
  2. In the Publish Snapshot dialog box, click Yes to enable Speccy to proceed.
  3. Speccy publishes the profile and displays a second Publish Snapshot.  Copy the URL to the clipboard, and paste it in your next post.


#3 izombie616

izombie616
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 AM

Posted 25 February 2014 - 05:31 PM

http://speccy.piriform.com/results/HjZhDZXNm4fce2wmxS2f7pc



#4 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:09:10 AM

Posted 26 February 2014 - 06:49 AM

I notice you have Java 6 installed on your computer.  Unless you need this version for a particular program, please uninstall it as it places your system at risk.

 

You should also update Java 7 the the latest version, which is Update 51.

 

As you have Norton 360 installed, I would suggest that you uninstall the following:

 

McAfee Security Scan - the scheduled scan service which you have running could conflict with Norton.

Spybot Search & Destroy - the Teatimer protection that you have running is a potential cause of conflict with Norton & McAfee.

 

There is evidence of at least adware running on your system, so please carry out the following:

 

Please download AdwCleaner by Xplode to your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Go through the identified items and uncheck any that you know are good and wish to keep.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the system has restarted.
  • Please copy and paste the content of that log in your next post.

 

 

Please download Junkware Removal Tool to your Desktop.

  • Please disable your security software (e.g. Antivirus) to avoid potential conflicts.
  • Right click JRT and select ‘Run as administrator’.
  • A command prompt window will open.  Press any key to start the scan.
  • On completion, a log will automatically open.
  • Please copy and paste the contents of the log in your post.

 

Please download Malwarebytes Anti-Malware to your Desktop.

  • Close all programs.
  • Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation onto your computer.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware checked. Then click on the Finish button.
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box.
  • 6On the Scanner tab, make sure the Perform full scan option is selected and then click on the Scan button to start scanning your computer for infections.
  • MBAM will now start scanning your computer for malware. This process can take quite a while.
  • When the scan is finished a message box will appear.  You should click on the OK button to close the message box and continue with the removal process.  If no malware is found the scan log will open now.
  • You will now be back at the main Scanner screen.  Click on the Show Results button.
  • You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
  • When MBAM has finished removing the malware, it will open the scan log. Copy and paste the contents of the log in your next post.

Edited by dls62, 26 February 2014 - 06:50 AM.


#5 izombie616

izombie616
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 AM

Posted 26 February 2014 - 01:21 PM

Alright, I updated Java to the new version, and uninstalled the old one.

 

I uninstalled the McAfee and Spybot S&D.

 

AdWCleaner log:

 

# AdwCleaner v3.019 - Report created 26/02/2014 at 08:38:37
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - ZOMBIE
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Mp3Tube Toolbar Service
Service Deleted : Updater Service for StartNow Toolbar
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\Mp3Tube Toolbar
Folder Deleted : C:\Program Files (x86)\StartNow Toolbar
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Users\Owner\AppData\Local\StartNow
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Mp3Tube Toolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Owner\AppData\Roaming\DSite
Folder Deleted : C:\Users\Owner\AppData\Roaming\StartNow Toolbar
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\WINDOWS\System32\Tasks\BrowserDefendert
File Deleted : C:\WINDOWS\Tasks\DSite.job
File Deleted : C:\WINDOWS\System32\Tasks\DSite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKCU\Software\a53d68ab26dba14
Key Deleted : HKLM\SOFTWARE\a53d68ab26dba14
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46897C77-E7A6-4C33-BFFB-E9C2E2718942}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4169167-0CAF-4B3D-B26C-2E2314856889}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4169167-0CAF-4B3D-B26C-2E2314856889}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4169167-0CAF-4B3D-B26C-2E2314856889}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B28245B-E6B4-48FE-9345-62534F5FE4E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{856327E3-1CC9-4A65-B698-0A2327519D72}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{46897C77-E7A6-4C33-BFFB-E9C2E2718942}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46897C77-E7A6-4C33-BFFB-E9C2E2718942}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Mp3Tube
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\Mp3Tube
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IspAssistant-Mp3Tube
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mp3Tube Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [14854 octets] - [26/02/2014 08:36:17]
AdwCleaner[S0].txt - [13429 octets] - [26/02/2014 08:38:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13490 octets] ##########
 
 
 
Junkware Removal log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Wed 02/26/2014 at  9:21:58.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3970621613-2186331906-255112259-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{53C51367-0FF9-4247-B3F6-6F17F43A9A21}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A59C167F-298F-30E1-8F0D-B7ED3F450647}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
Successfully deleted: [File] C:\WINDOWS\syswow64\sho708D.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\superfish"
Successfully deleted: [Folder] "C:\Program Files (x86)\superfish"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/26/2014 at  9:38:26.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.26.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Owner :: ZOMBIE [administrator]
 
2/26/2014 9:44:22 AM
mbam-log-2014-02-26 (09-44-22).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 454012
Time elapsed: 1 hour(s), 55 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 5
C:\AdwCleaner\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\Icona Pop - I Love It.mp3.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\updater-startnow-200-2.5[1].exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.4[1].exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
 
(end)
 


#6 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:09:10 AM

Posted 26 February 2014 - 03:03 PM

  • Please download Shortcut Cleaner from the following web page and save it to your Windows desktop.  Shortcut Cleaner Download Link - http://www.bleepingcomputer.com/download/shortcut-cleaner/
  • Once the file is downloaded, double-click on the sc-cleaner.exe file that should now be on your desktop. If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears. Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts and if any are found it will automatically clean them for you. When it is done, it will show you a log that contains a list of shortcuts that were cleaned. Please copy and paste the contents of the log in your next post.

 

  • We now need to reset the home page for Internet Explorer, Firefox, Chrome, and any other browsers you may have installed. Please perform the following steps for each of the installed browsers.
    1. Internet Explorer - Internet Explorer should already be reset. If not, then open IE and click on the Tools menu and then select Internet Options. On the General tab, change your home page to your desired home page and then close the options screen.
       
    2. Firefox- To reset Firefox click on the Tools menu and then select Option. When the settings screen opens, click on the General tab and change your home page to your desired site.
       
    3. Chrome - To reset Chome click on the menu button (chrome-menu.jpg). When the menu appears, click on the Settings menu option. When the Settings screen opens, click on the Set Pages link under the On Startup category to specify the pages that should start automatically when Chrome opens.

 

  • Please download SecurityCheck by screen317 to your Desktop. Run the program.  After it has finished a log will open.  Copy and paste the contents of the log in your next post.

 

  • Please download and run TFC by OldTimer.  You will be asked to reboot your system after the program has finished.

Edited by dls62, 26 February 2014 - 03:08 PM.


#7 izombie616

izombie616
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 AM

Posted 26 February 2014 - 04:23 PM

OK just want to say my laptop is running so much better already! The highest the CPU usage got was like 85% while one of the scans was running.
 
Shortcut Cleaner 1.2.9 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 
Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 02/26/2014 02:59:46 PM.
 
Scanning for registry hijacks:
 
 * No issues found in the Registry.
 
Searching for Hijacked Shortcuts:
 
Searching C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\
 
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
 
Searching C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
 
Searching C:\Users\Public\Desktop\
 
Searching C:\Users\Owner\Desktop
 
 
0 bad shortcuts found.
 
Program finished at: 02/26/2014 02:59:56 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
 
 
 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 


#8 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:10 AM

Posted 26 February 2014 - 04:29 PM

Just want to chime in that you could also download and run Process Explorer (available on this site). It's a neat little app that will give you lots of info on which processes are running and how much resources they are using. I often use it to diagnose buggy apps and memory leaks.



#9 izombie616

izombie616
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 AM

Posted 26 February 2014 - 04:32 PM

OK I will do that, thanks!



#10 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:09:10 AM

Posted 26 February 2014 - 04:46 PM

Ok, looking good.

 

Please update Adobe Reader to the latest version (XI) which will help protect you from PDF based threats.  Ignore the warning about Adobe Flash Player, you have the latest version.

 

A little cleanup to do.  Run AdwCleaner again but this time just click on Uninstall.  It will remove all the quarantined files, etc.

 

You can delete all the downloaded files from your Desktop, as well as the logs, but keep TFC if you want.  I run it about once a fortnight to give my PC a good clear-out.

 

Please have a look at this article by quietman7.  It has some good advice about keeping your PC secure.

 

Good luck and if you get any more problems please come back to us.



#11 izombie616

izombie616
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 AM

Posted 26 February 2014 - 05:49 PM

Done. And thanks so much! I will definatly come back here if I have issues in the future!



#12 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:09:10 AM

Posted 26 February 2014 - 06:19 PM

You're welcome. That's what BC is here for.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users