CPU spiking at 100 percent

Good Evening,

Hope all is well. The issue I’m having with my computer is that it takes a long time for a website to load. When I hit the control, alt, delete button, the CPU is repeatedly spiking up to 100% and then it goes back down. I ran all of the scans in the Read Me instructions. I accidently quarantined the threat found from HitmanPro. I will attach the logs. Thank you for helping me.

 

Good afternoon, mslady99

Open RogueKiller again.

• Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
• When it opens, press the Scan button again.
• Once the scan has completed, press the Delete button.
• After deleting is finished, press the Fix Host button.
• Once that has finished press the Fix DNS button.
• When all operations have been completed, there will be a few new logs on your desktop.
• Attach RKreport[3].txt, RKreport[4].txt, and RKreport[5].txt to your next message. (How to attach)

__

Reviewing the rest of your logs now. You can do the above tasks in the meantime.

 

From Add/Remove Programs (via Control Panel), please uninstall the below:

• Coupon Printer for Windows
• Java(TM) 6 Update 3
• Sophos Anti-Rootkit 1.3.1
• Viewpoint Manager (Remove Only)
• Viewpoint Media Player

Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

I want you to read and follow these instructions: TDSSKiller - How to run

Let me know how the computer is running after you have completed these steps.

 

The scans are completed. The computer seems to be moving much faster now. I'm attaching the updated logs. Also, is there a way to disable iTunes from launching when I start the computer up? My iTunes account was hacked a few months ago and I’ve been too afraid to open it until I know it's clean. I noticed that one of the items I accidently quarantined yesterday had the words iTunes in it.

 

The file you quarantined via HitmanPro is actually related to an AOL installer:

• AOL 9.0 Optimized (America Online)
• AOL (America Online)
• Try AOL 90 Days Risk-Free (America Online)
• Try AOL 9.0 (America Online)

It was just in a subdirectory of a folder with itunes in it:

I would not worry about this as it's not an important file anyways.

Right now it does not look like it is starting up automatically because you have it turned off via MSConfig. We don't recommend managing startups this way. If you would like help follow these instructions:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• Attached is fixme.zip
• Inside of fixme.zip is fixme.reg
• Extract fixme.reg onto your desktop.
• Now double-click fixme.reg and allow it to merge into the registry.
• Once the merge was successful, reboot your computer.

__

Once you have rebooted your computer

Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

I ran theFixme.reg and the MGtools. Here is the zip log.

Thank you for helping me.

 

You're welcome.

According to these logs iTunes is not running on startup. That's what you wanted correct?

 

Run C:\MGtools\analyse.exe by double-clicking it (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Choose "Do a system scan only" and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

1. O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
2. O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
3. O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\MGTTOO~1\SPYBOT~1\SDHelper.dll
4. O23 - Service: RKKA - Unknown owner - C:\DOCUME~1\SHARESE\LOCALS~1\Temp\RKKA.exe (file missing)
5. O23 - Service: WBQSVMZ - Unknown owner - C:\DOCUME~1\SHARESE\LOCALS~1\Temp\WBQSVMZ.exe (file missing)

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

__

Delete this folder:

• C:\Documents and Settings\SHARESE\Local Settings\Application Data\Viewpoint

__

Once you have successfully completed the above steps and if you are no longer experiencing any other malware related problems, you can complete the steps below:

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe

 

Good Morning,

I ran the MGtools\analyse and I removed all of the programs. I ran the MGclean.bat, and toggle System Restore. The Windows Task Manager CPU is showing about 2 and 4 percent. I read the How to Protect yourself from malware guide and I noticed that AVG was not on the list of recommended antivirus. Should I change to one of those in the list?

 

Good afternoon,

Yes, we recommend changing to one of those in the list.

Be safe.