My mom's computer's CPU Usage keeps going to 100% and going back down to 10%.

[willmon18]

Description of problem, Hijackthis log is at the bottom, sorry it is so long I didn't want to miss a important detail. Games have become glitchy and the computer also sometimes does not download things completely. Also I watch DVDs and it is slow and glitchy possibly because the computer is using a lot of CPU usage even though nothing is on except the process manager I have from tune up utilities. It keeps saying 100% and going back down to like 10%. One thing I think is funny is that it keeps identifying one of my net-zero processes as a Trojan horse. It does that with my computer too. For some reason Netzero runs two process's called EXEC.EXE and one says Netzero and the other says Trojan Horse ZCast. If you want a screenshot of my process manager saying this you would have to show me where to get a small screenshot program. Also sometimes if I am on the computer playing games for a while and I try to connect to the Internet Netzero tells me Could not contact the network try again later. So I restart and then it works just fine. Here is the hijackthis log I looked at it and didn't really see anything wrong with it. Except for the fact that real player is on here and I believe somewhere in a thread I seen someone telling them to get rid of it.
Logfile of HijackThis v1.99.1
Scan saved at 8:30:52 AM, on 7/29/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\WT\WCMDMGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MICROSOFT ENCARTA\ENCARTA WORLD ENGLISH DICTIONARY 2001\QSHLFED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-AWARE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Quick Shelf.lnk = C:\Program Files\Microsoft Encarta\Encarta World English Dictionary 2001\QSHLFED.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll

[Vikesrock8411]

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually.
• At the end of the scan click on see report. Then click Save report

Please post that log in your next reply.

In your next post please include:

• Panda Activescan Log
• A new Hijackthis! Log

[willmon18]

Really must be a bad problem I guess. I hate winfixer and I don't know how it got there either. I have seen forums on how to fix it quite a process too. It seems interesting that it picked up a file on my mom's game as adware:Adware:Adware/NewAds Not disinfected C:\Program Files\Treasure Fall\Read Me.exe
Adware:Adware/NewAds Not disinfected C:\Program Files\Mah Jong Quest\debug.exe I hope you like the way I got the report quoted I thought it would be easier for you. I will try to do this from now on. But the monitor I was talking to you about in the other thread I am quite sure it is broken. Don't know what exactly is wrong with it I will contact HP about it they will give me some options on how to get it fixed.

Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UWFX5_0001_N57M2811NetInstaller.exe
Dialer:dialer.xd Not disinfected c:\windows\switchagreement.txt
Adware:adware/dollarrevenue Not disinfected c:\windows\KEYBOARD171.dat
Adware:adware/maxifiles Not disinfected c:\program files\common files\InetGet
Adware:adware/windowenhancer Not disinfected c:\windows\system\SBUtils
Adware:Adware/WindowEnhancer Not disinfected C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
Virus:Trj/Goldun.HV Disinfected C:\WINDOWS\SYSTEM\dvd4free.dll
Virus:Trj/Agent.AGR Disinfected C:\WINDOWS\SYSTEM\pgntpyb.dll
Virus:Trj/ConHook.P Disinfected C:\WINDOWS\SYSTEM\nnnmlkh.dll
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\hp authorized customer@www.myaffiliateprogram[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\hp authorized customer@www.burstbeacon[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\hp authorized customer@belnk[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\hp authorized customer@ad.yieldmanager[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\hp authorized customer@belnk[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Cookies\hp authorized customer@tribalfusion[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Cookies\hp authorized customer@mediaplex[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\hp authorized customer@apmebf[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\WINDOWS\Cookies\hp authorized customer@qksrv[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\WINDOWS\Cookies\hp authorized customer@adultfriendfinder[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\hp authorized customer@ad.yieldmanager[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Cookies\hp authorized customer@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Cookies\hp authorized customer@doubleclick[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\WINDOWS\Cookies\hp authorized customer@bluestreak[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Cookies\hp authorized customer@ads.pointroll[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Cookies\hp authorized customer@realmedia[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\WINDOWS\Cookies\hp authorized customer@ads.addynamix[1].txt
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Cookies\hp authorized customer@2o7[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\WINDOWS\Cookies\hp authorized customer@questionmarket[1].txt
Spyware:Cookie/Adserver Not disinfected C:\WINDOWS\Cookies\hp authorized customer@z1.adserver[1].txt
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2811NetInstaller.exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\HP\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\HP\bin\KillIt.exe
Hacktool:HackTool/ProcLog.A Not disinfected C:\HP\bin\ProcessLogger.exe
Virus:Trj/Reboot.F Disinfected C:\HP\bin\Rebooter.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\HP\bin\Terminator.exe
Potentially unwanted tool:Application/KillApp.C Not disinfected C:\HP\bin\KillWind.exe
Potentially unwanted tool:Application/KillApp.C Not disinfected C:\HP Internet\Surfboard\KillWind.exe
Adware:Adware/NewAds Not disinfected C:\Program Files\Windows\WinUpdate.exe[²ªÇ]
Adware:Adware/NewAds Not disinfected C:\Program Files\Treasure Fall\Read Me.exe
Adware:Adware/NewAds Not disinfected C:\Program Files\Mah Jong Quest\debug.exe

[Vikesrock8411]

Please download the Suspicious File Packer. Unzip it your Desktop

Double click on sfp.exe to run it. Paste the following text into the box that pops up.

• 
  C:\Program Files\Windows\WinUpdate.exe
  C:\Program Files\Treasure Fall\Read Me.exe
  C:\Program Files\Mah Jong Quest\debug.exe
  

Then click continue. It will create a file called requested-files[Date and Time].cab Please upload that file here.

Download haxfix.exe
and save it to your desktop.

• Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
• Checkmark "Create a desktop icon"
• Click "Next"
• When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
• Click "Finish"

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

• Select option 1. Make logfile by typing 1 and then pressing Enter
• Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)
• Copy the contents of that logfile and paste it into this thread.

[willmon18]

Sorry it took me so long to reply the threads I have been subscribing to have been disappearing for some reason. I had to look through the threads I have posted and seen that you have replyed. Anyways, I submitted that file to the website but I can't do anything more because of the fact that the computer must badly be messed up it told me that the haxfix was a Bad command or file name in the Dos window and in a notepad that pops up says Unsupported version. I have seen wierd things in msdos mode. I was trying to update the bios once and it gave me the same problem bad command or file name.

[Vikesrock8411]

I apologize for the "Unsupported Version" error, that was my fault.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\Program Files\Windows\WinUpdate.exe
  C:\Program Files\Treasure Fall\Read Me.exe
  C:\Program Files\Mah Jong Quest\debug.exe
  c:\windows\downloaded program files\UWFX5_0001_N57M2811NetInstaller.exe
  c:\windows\switchagreement.txt
  c:\windows\KEYBOARD171.dat
  c:\program files\common files\InetGet
  c:\windows\system\SBUtils
  C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2811NetInstaller.exe
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Run a new scan with Hijackthis and post the log here, also let me know how the Pc is running.

[willmon18]

All were deleted and I did not receive any messages that you mentioned. I had to get the following application you asked for from www.killbox.net the site you gave me did not work. But sorry about the confusion of the OS's I believe that you seen my windows xp on the side. I was asumming that you would of seen the windows me thing in the hijack this log. And here is the new hijackthislog Logfile of HijackThis v1.99.1
Scan saved at 3:31:44 PM, on 8/8/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\ISAFE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {4AC8D076-6435-43DB-B43A-0C346FECC8F6} - (no file)
O2 - BHO: (no name) - {A792BD61-9CB2-488F-88E5-67BA1CB2C19F} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [CAISafe] C:\WINDOWS\SYSTEM\ZoneLabs\isafe.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F9F3920B-2F24-437A-A224-D49F0004A172} (CAlambikCtl Class) - http://www.net-viewer.com/dls/AutoInstall.exe
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab

[Vikesrock8411]

Thanks for letting me know about the Killbox link, I have now changed it in my saved speech.

How is the PC running now, any better?

[willmon18]

Well it seems if it is running correctly except that my task manager is still going up to 100% and it won't stop going up there and going back down to a small percentage 10%. It is as if something is working in the background I don't know what though.

[Vikesrock8411]

Sorry for the delay, not sure where my email went

Please download SilentRunners.vbs - Right click & choose Save As... SilentRunners.vbs

Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts

Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete.

When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply

[willmon18]

Well I think the website has its subscriptions to stuff messed up because I was subscribed to this and for some reason I did not have it subscribed anymore. And do you know of anyway of making it not say originally posted by because when I make a quote it says originally posted by instead of some other thing.

Quote:

Originally Posted by Silent Runners.vbs log. Well I guess that is what it is anyways.

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows Me (Millennium Edition)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"USBMMKBD" = "usbmmkbd.exe" ["Hewlett-Packard Company"]
"Hidserv" = "Hidserv.exe run" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"CountrySelection" = "pctptt.exe" ["PCtel, Inc."]
"PCTVOICE" = "pctvoice.exe" ["PCtel, Inc."]
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]
"StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]
"TrueVector" = "C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service" ["Zone Labs, LLC"]
"CAISafe" = "C:\WINDOWS\SYSTEM\ZoneLabs\isafe.exe" ["Computer Associates International, Inc."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
PerUser_CVT_Inis\(Default) = "Windows Setup - FAT32 Converter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\UPNPUI.DLL" [MS]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec Directcd Shell Extension"
-> {HKLM...CLSID} = "Adaptec Directcd Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adaptec\DirectCD\shellex.dll" ["Adaptec"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVSHELL.DLL" ["NVIDIA Corporation"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NVCPL.DLL" ["NVIDIA Corporation"]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\PROGRAM FILES\WINRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Plus!.bmp"


Enabled Scheduled Tasks:
------------------------

"Tune-up Application Start" -> launches: "walign" [MS]
"PCHealth Scheduler for Data Collection" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]
"1-Click Maintenance" -> launches: "C:\PROGRAM FILES\TUNEUP UTILITIES 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\SYSTEM\imslsp.dll ["Zone Labs, LLC"] , 01 - 06, 17
C:\WINDOWS\SYSTEM\ZoneLabs\vetredir.dll ["Computer Associates International, Inc."] , 07 - 09, 16
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 10
C:\WINDOWS\SYSTEM\msafd.dll [MS], 11 - 13
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 14 - 15


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "MSN Messenger Service"
"Exec" = "C:\PROGRA~1\MESSEN~1\MSMSGS.EXE" [MS]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL" ["Sun Microsystems, Inc."]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome"

Missing lines (compared with English-language version):
[Strings]: 2 lines

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "TuneUp" = "file://C|/WINDOWS/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzs9x09\Driver = "hpzs9x09.dll" ["HP"]
usbmon.dll\Driver = "usbmon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 31 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 15 seconds.
---------- (total run time: 74 seconds)

[Vikesrock8411]

That log is clean. Let's see if we can catch what is running.

Download Process Explorer. Unzip it to your desktop. Double click on procexp.exe

Keep an eye on the "CPU" column. "System Idle Processs" will most likely be taking up a large portion of the CPU. If any other program shows a large number in that column please report it's name here.

[willmon18]

Well thank you for the good process manager it told me that my other process manager was telling me incorrect stuff. This process manager gave me more in depth information and also told me that the CPU useage was not really that high unless I had that other process manager up. It also did the same to me in Windows XP I now realize but when I used the XP task manager it told me differnet. But anyways I know the problem to my mom's computer it is her recovery disks from hp. She has recovered it as in did not reformat just basically put everything back on it, it originally had and keep everything else. It is kind of like doing a repair install but a little different. I believe it is just a reprograming disk it reprograms everything like it was when we first bought it. But it will still have everything on it that was there before the reprogramming. I really believe that all the programs get messed up in the process and don't work entirely right. She has done a recover more than once. But I believe the main problem is the OS Windows ME the worst OS ever made. But it does have its ups and downs like Windows 98 they are both almost identical they are both hard to infect with virus's and such. I am going to try to get a cheap usb hard drive and store all the stuff my mom needs on the hard drive and then do a reformat. The thing that bothers me is that she doesn't even have a real ME disk only a recovery disk to totally wipe everything off and put it to exactly like it was when we bought it nothing else what so ever. Ever since I bought this Windows XP Home Edition Service Pack 2 disk I have been wanting to wipe my mom's hard drive off and put this on it but my mom hates XP she says but I think it is a lie I hear her keep repeating over and over she loves her Windows ME. I tried to convice her to install Windows 98 but she says she hates it to and she doesn't even realize it is almost exactly identical to Windows ME... Oh well I guess. You can mark this thread as resolved if you wish I don't want to have anymore trouble with this hunk of junk any longer. The only thing I can think of is have someone convince her to change OS's but I don't know if you could do that. You can try if you wish send her an email at casuwalters@hotmail.com, She really needs to change her OS badly I am sure you would know this as well as I do I am advancing in computers everyday and this is almost the first thing I found out when striving to find out more about computers.