help slow computer, Hijack this report

[maxamillion]

Hi, can someone please help, my cpu is stuck at about 60%-90% all the time. I've ran Eset scan in safe mode but it found nothing. I also tried panda online scan but it kept freezing

I have amd x2 6400 black edition

3.5 gb ram, windows vista 32 bit

9800 gt video card

Thanks in advance guys!

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:13 PM, on 4/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:7900;http=127.0.0.1:7900;https=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.44.66;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;wustat.windows.com;.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;symantec.com;.nai.com;.networkassociates.com;.dir.untd.com;.prod.untd.com;.2mdn.net;cf.netzero.net;qs.netzero.net;*.advertising.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: D - {A5E9C3D1-E1E1-35DC-8F11-DFCE6B5BF0BD} - C:\Windows\system32\xwr10958.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: Windows Defender %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: hpsysdrv c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: CanonMyPrinter C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: OpwareSE4 "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: JMB36X IDE Setup C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: itype "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: Start WingMan Profiler C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: QuickTime Task "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: egui "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: SoundMAXPnP C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: NvCplDaemon RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: NvMediaCenter RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: SunJavaUpdateSched "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: UVS12 Preload C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKCU\..\Run: http://ehTray.exe C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: Sidebar C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: NVIDIA nTune "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: swg C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: Sidebar %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: WindowsWelcomeCenter rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: Sidebar %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HWDN1 Wireless Utility.lnk = C:\Program Files\Hawking\Common\RaUI.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {03A89EFD-E023-5707-A22D-45F77558EB4C} (ILINCInstall73 Class) - http://learnlinc.ugf.edu/LearnLinc/download/ilinci76.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9085 bytes

[minidv2dvd]

what is using the cpu? use the task manager/processes/double click on cpu to bring the highest users to the top.

[zoobie]

try posting it in the adaware forums

[Bjs]

Disable spybot before hand.

In hijackthis uncheck the following

O2 - BHO: D - {A5E9C3D1-E1E1-35DC-8F11-DFCE6B5BF0BD} - C:\Windows\system32\xwr10958.dll
O4 - HKLM\..\Run: itype "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: Start WingMan Profiler C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: QuickTime Task "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: SunJavaUpdateSched "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: swg C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

And these.

O4 - HKCU\..\Run: Sidebar C:\Program Files\Windows Sidebar\sidebar.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe

Also anything to do with google and java.

Reboot after.

Next > http://www.pc-panic.com/blog/winsock-fix-windows-xp-sp2-vista/... read and do.

Nvidia files should not be listed in lsp.

Next, head to www.malwarebytes.org, install, update, scan ... items found = delete objects > reboot.

Then use taskmanager if problems still persist to track running tasks consuming cpu.

[maxamillion]

Windows explorer seems to be the heaviest user of my cpu

I've removed spybot from my computer and ran that malrarebytes scan. It found 12 items that were then deleted.
when you say uncheck the items you listed does that mean you want me to check them and then remove them from the list?

Sorry for the newbe question but I'm not familiar with Hijack this.

[INFRATOM]

Some virus and spywares are very sophisticated and impossible to detect because they don't show under windows tasks or services. Most of them are internet behavior monitoring so everything you do is continuously reported or you may have a sharing program running. In my opinion reformat and reinstall takes about 2 hours lets say and trouble shooting takes 2 days then it is easier to rebuild time wise and keep a clean image of basic install with updates so next time would take less time.
That said, disconnect from internet and restart see if you still have the problem, if not its one of the internet based programs. Put your firewall on panic mode and delete all exceptions then one by one firewall pops for permission then eventually you'll find it But it is sure and easier to rebuild. And avoid all those junk programs

[Baldrick]

Use the [code][/code]-bbtag for log files and the topic doesn't get so wiiiide. I added it to your first post.

[torrentkid]

There are certain processes that get hooked up with the Explorer.exe process & many other Windows critical processes. So please run this http://www.filehippo.com/download_autoruns/ & save the report on the tab that says "Everything" & paste it here as per 'Bladrick's suggestion. And then we can take it up from there.

[steptoe]

Also, if you have autoupdates turned on, turn it OFF ..... You can also download any updates manually or just turn it on now and then if paranoid about an update being needed, but it can and does cause more trouble than fixing by updating a security patch and clashing with other software which then needs another update to fix what the update broke trying to fic to start with

Its a major resource hogger and after suggesting to friends who complainw hy everything is so slow they have noticed a big increase in general

[stiltman]

This is what I pretty much hate about HiJackThis. Unless you are an expert on every program and driver avaliable, it doesn't mean much to post the log file. Many Many programs tie themselves to startups and drivers and BHOs

This again is the main reason I use SuperAntiSpyware and MalwareByte. If those 2 can not clean something out, I will use ComboFix which can be very discructive if you don't know what you are doing

[roma_turok]

You can copy and paste to this site for automatic analyze: http://www.hijackthis.de/

[maxamillion]

Thanks guys for all your help.
After running many online and virus scans. A-squad free edition found a few Trojans and other high risk virus's.
I deleted them restarted and my cpu is finally back to its normal range 5-15% idle.

Thanks again!

[jagabo]

It should be more like 1 percent at idle.

[Bjs]

It should be 0 at idle.

And yes, I meant for you to place a check mark in the box in front of those items and let hijackthis remove them