1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

CPU Spikes from close to 0% to upper 70's

Discussion in 'Virus & Other Malware Removal' started by thejackal007, Oct 5, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. thejackal007

    thejackal007 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    22
    Hi! My system keeps slowing down every once in a while and it's driving me nuts. I opened up Task Manager and it's showing the CPU usage will go from the single digits to 70% and beyond to the occasional 100%. Sometimes I'll have Firefox open when this happens, but I've noticed it already with nothing open and a fresh restart. I scan regularly with AVG, use CCleaner and Glary Utilities to keep the registry looking good and defrag often. I have my log ready and I hope it can help us figure out what may be going on. Thanks in advance for looking at this! Log follows...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:13:43 PM, on 10/5/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programs\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programs\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Razer\Diamondback\razerhid.exe
    C:\Programs\AVG\AVG8\avgtray.exe
    C:\Programs\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programs\Juice\Juice.exe
    C:\Programs\Trillian\trillian.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Razer\Diamondback\razertra.exe
    C:\Program Files\Razer\Diamondback\razerofa.exe
    C:\Programs\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Programs\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\Programs\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programs\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Fun Desktop Wallpaper Changer] C:\Program Files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Rapportexe] "C:\Program Files\Trusteer\Rapport\bin\RapportService.exe" -start -after_boot
    O4 - S-1-5-18 Startup: Juice.lnk = C:\Programs\Juice\Juice.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Trillian.lnk = C:\Programs\Trillian\trillian.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Juice.lnk = C:\Programs\Juice\Juice.exe (User 'Default user')
    O4 - .DEFAULT Startup: Trillian.lnk = C:\Programs\Trillian\trillian.exe (User 'Default user')
    O4 - Startup: Juice.lnk = C:\Programs\Juice\Juice.exe
    O4 - Startup: Trillian.lnk = C:\Programs\Trillian\trillian.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160778251779
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5700 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1 alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply with a new hijackthis log.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
     
  3. thejackal007

    thejackal007 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    22
    Alright, I downloaded Malwarebytes shortly after my first post and ran it. I found 4 items and removed them. I did another scan tonight with recent updates and will post the logs.

    Malwarebytes' Anti-Malware 1.28
    Database version: 1274
    Windows 5.1.2600 Service Pack 3

    10/15/2008 10:41:04 PM
    mbam-log-2008-10-15 (22-41-04).txt

    Scan type: Quick Scan
    Objects scanned: 47361
    Time elapsed: 5 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    The HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:43:17 PM, on 10/15/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programs\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programs\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Razer\Diamondback\razerhid.exe
    C:\Programs\AVG\AVG8\avgtray.exe
    C:\Programs\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programs\Juice\Juice.exe
    C:\Programs\Trillian\trillian.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Razer\Diamondback\razertra.exe
    C:\Program Files\Razer\Diamondback\razerofa.exe
    C:\Programs\Sonique\sqstart.exe
    C:\Programs\FastStone Image Viewer\FSViewer.exe
    C:\Programs\Mozilla Firefox\firefox.exe
    C:\Programs\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\Programs\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programs\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Fun Desktop Wallpaper Changer] C:\Program Files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Rapportexe] "C:\Program Files\Trusteer\Rapport\bin\RapportService.exe" -start -after_boot
    O4 - S-1-5-18 Startup: Juice.lnk = C:\Programs\Juice\Juice.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Trillian.lnk = C:\Programs\Trillian\trillian.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Juice.lnk = C:\Programs\Juice\Juice.exe (User 'Default user')
    O4 - .DEFAULT Startup: Trillian.lnk = C:\Programs\Trillian\trillian.exe (User 'Default user')
    O4 - Startup: Juice.lnk = C:\Programs\Juice\Juice.exe
    O4 - Startup: Trillian.lnk = C:\Programs\Trillian\trillian.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160778251779
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5880 bytes


    In general, it runs better but still does the occasional high CPU percentage. It doesn't slow the PC down nearly as much (sorry, I should have saved the first log from before), but it still does slow down at times. Can you see anything weird in here?
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You might try disabling some of the O4's that are not required and see if that makes a difference. Also the Nero indexing service.

    Your Java is out of date. Use Secunia software inspector & update checker and remove all old versions from add/remove programs.
     
  5. thejackal007

    thejackal007 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    22
    Just taking out the Indexing so far seems to have made a decent improvement. I'm trying to remove the 2 Creative ones (CThelper and CTXFIHLP.EXE now to see if anything is better. Do you have any other suggestions?
     
  6. thejackal007

    thejackal007 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    22
    Almost forgot the new log. I got rid of the CTHELPER through Hijack this, but it's showing up in the log towards the top. Is this normal?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:59:57 PM, on 10/19/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programs\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programs\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Razer\Diamondback\razerhid.exe
    C:\Programs\AVG\AVG8\avgtray.exe
    C:\Programs\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programs\Juice\Juice.exe
    C:\Programs\Trillian\trillian.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Razer\Diamondback\razertra.exe
    C:\Program Files\Razer\Diamondback\razerofa.exe
    C:\Programs\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Programs\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\Programs\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programs\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Fun Desktop Wallpaper Changer] C:\Program Files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programs\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Rapportexe] "C:\Program Files\Trusteer\Rapport\bin\RapportService.exe" -start -after_boot
    O4 - S-1-5-18 Startup: Juice.lnk = C:\Programs\Juice\Juice.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Trillian.lnk = C:\Programs\Trillian\trillian.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Juice.lnk = C:\Programs\Juice\Juice.exe (User 'Default user')
    O4 - .DEFAULT Startup: Trillian.lnk = C:\Programs\Trillian\trillian.exe (User 'Default user')
    O4 - Startup: Juice.lnk = C:\Programs\Juice\Juice.exe
    O4 - Startup: Trillian.lnk = C:\Programs\Trillian\trillian.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160778251779
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5467 bytes
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Remove the checkmark from:

    CTHELPER.EXE


    Click Apply - OK afterwards, then reboot. When the SCU window appears during reboot, ignore the message. Place a checkmark in the window, then click OK.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/756343

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice