CPU high usage / slow computer

Hi All,
I have an Acer 5633 laptop, 1.66GHz, and 2.5 RAM, running Windows XP/SP3, Not exact state of the art, but it did work ok for me.
All was well up until about 2 weeks ago, I was watching a mp4 file as I frequently do, and it suddenly slowed up, became unwatchable. Ever since then my CPU has been running at 40-50% with nothing running, with a few things running 70-90%. I can just about use email and firefox ok, but anything like Mediaplayer Classic, itunes or heavy use virus scanner slows it up massively.
I have gone through READ & RUN ME FIRST.Malware remover guide, tried my best to follow it to the letter. Things are a little better, with nothing running CPU usage is only 10-15% but as soon as I run mediaplayer, itunes or a scan it goes up to 80-90% and slows completely. Prior to 2 weeks ago I used to have everything open and no such problems :cry

Have also read similar posts but where my knowledge is lacking is understanding the logs from the various scans. The scans did not highlight any obvious malware. Your help would be greatly appreciated.
Here are my logs:

 

Hi and welcome to Major Geeks, ingo67!

Please also attach C:\MGlogs.zip

 

Sorry, thought I might have missed something.
Also, forgot to mention, protection previously was ZoneAlarm and Avast - now removed. Just have MS Essentials now.
Thanks again

 

From Add/Remove Programs (via Control Panel), please uninstall the below:

• J2SE Runtime Environment 5.0 Update 11
• Java(TM) 6 Update 22
• Java(TM) 6 Update 24

Run C:\MGtools\analyse.exe by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Shut down your protection software now to avoid possible conflicts.
Note: This is actually Trend Micro HiJackThis - v2.0.4
Choose Do a system scan only and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  
  You will have to rename yours back to ComboFix.exe!
  • If it is not on your desktop, the below will not work.
• Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
• Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]DirLook::[/COLOR]
C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
C:\Documents and Settings\ingo67\Local Settings\Application Data\AnVir
[COLOR="DarkRed"]FireFox::[/COLOR]
FF - ProfilePath - c:\documents and settings\ingo67\Application Data\Mozilla\Firefox\Profiles\ssk6cz1v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
[COLOR="DarkRed"]Folder::[/COLOR]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
C:\Documents and Settings\ingo67\Local Settings\Application Data\Conduit
[COLOR="DarkRed"]RegLock::[/COLOR]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,c7,0e,bb,78,1b,d6,44,b9,2e,4e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,c7,0e,bb,78,1b,d6,44,b9,2e,4e,\
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

Now install the current version of Sun Java from: Sun Java Runtime Environment

Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

No obvious improvement :confused

 

You're right. I missed the real source. This fix below should address these. Also, note that I am removing some traces of former AV/AS/FW programs such as McAfee, Panda, SunBelt, Ad-Aware, Avast, and Zone Alarm. This should also alleviate some stress on the CPU.

Run C:\MGtools\analyse.exe by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Shut down your protection software now to avoid possible conflicts.
Note: This is actually Trend Micro HiJackThis - v2.0.4
Choose Do a system scan only and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4


Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  • If it is not on your desktop, the below will not work.
• Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
• Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]Driver::[/COLOR]
hteqb
SBRE
Lbd
MEMSWEEP2
0065811316138863mcinstcleanup
SDTHOOK
WinRM
[COLOR="DarkRed"]File::[/COLOR]
c:\windows\TEMP\006581~1.EXE
c:\windows\system32\drivers\SBREDrv.sys
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\system32\73.tmp
c:\windows\system32\drivers\SDTHOOK.SYS
[COLOR="DarkRed"]Folder::[/COLOR]
C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\LocalService\Local Settings\Application Data\ZoneAlarm
C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm_Security
C:\Program Files\Common Files\McAfee
C:\Program Files\MyWebSearch
C:\Documents and Settings\All Users\Application Data\AVAST Software
C:\Documents and Settings\ingo67\Local Settings\Application Data\ZoneAlarm
C:\Documents and Settings\ingo67\Local Settings\Application Data\PackageAware
c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[COLOR="DarkRed"]NetSvc::[/COLOR]
hteqb
WinRM
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"m3ffxtbr@mywebsearch.com"=-

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​