CPU high usage / slow computer (part ii)

No obvious improvement :confused

 

Re: CPU high usage / slow computer

You're right. I missed the real source. This fix below should address these. Also, note that I am removing some traces of former AV/AS/FW programs such as McAfee, Panda, SunBelt, Ad-Aware, Avast, and Zone Alarm. This should also alleviate some stress on the CPU.

http://img38.imageshack.us/img38/7284/yse.gif Run C:\MGtools\analyse.exe by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Shut down your protection software now to avoid possible conflicts.
Note: This is actually Trend Micro HiJackThis - v2.0.4
Choose Do a system scan only and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4


http://img839.imageshack.us/img839/3005/combofixicon.gif Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  • If it is not on your desktop, the below will not work.
• Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
• Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]Driver::[/COLOR]
hteqb
SBRE
Lbd
MEMSWEEP2
0065811316138863mcinstcleanup
SDTHOOK
WinRM
[COLOR="DarkRed"]File::[/COLOR]
c:\windows\TEMP\006581~1.EXE
c:\windows\system32\drivers\SBREDrv.sys
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\system32\73.tmp
c:\windows\system32\drivers\SDTHOOK.SYS
[COLOR="DarkRed"]Folder::[/COLOR]
C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\LocalService\Local Settings\Application Data\ZoneAlarm
C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm_Security
C:\Program Files\Common Files\McAfee
C:\Program Files\MyWebSearch
C:\Documents and Settings\All Users\Application Data\AVAST Software
C:\Documents and Settings\ingo67\Local Settings\Application Data\ZoneAlarm
C:\Documents and Settings\ingo67\Local Settings\Application Data\PackageAware
c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[COLOR="DarkRed"]NetSvc::[/COLOR]
hteqb
WinRM
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"m3ffxtbr@mywebsearch.com"=-

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

http://img822.imageshack.us/img822/6835/baticon.gif Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

Hi THISISU,
Thanks again for your help with my previous thread using my username ingo67. I have been trying to post the the further details you requested but found my username did not work anymore; sent an email to admin and they replied "There is no user named ingo67 for some reason..." :cry
Also I cannot sent you a private message because of my lowly status, so just hope you see this new post. I am beginning to think I must have done something to upset someone up high!!!!!

Anyway, continuing on..........computer is still experiencing problems; with just Firefox open CPU is running normally, but open a new page, usage goes upto 70-80%. Mediaplayer Classic will just about run ok, but a little sound distortion and slow video when stop/start. iTunes sound distorted and slow. Windows sounds and beeps distorted sound. CPU can hang at 70% for ages then go back to normal.Start up process is about 10 minutes, before problems about 2-3 minutes. Another thing to mention, keep getting loads of Windows Updates, 1 or 2 a day, is this significant, don't remember them being so frequent.
Here are the latest logs, although they were done a few days ago.Thanks again.

 

No problem. I'm not sure what caused that. I've only seen it one other time with another user. I copied some of our posts from the old thread to this one for reference.

http://img853.imageshack.us/img853/6741/addremovexp.gif From Add/Remove Programs (via Control Panel), please uninstall the below:

• Windows Internet Explorer 7 <-- you have IE8 installed.

Now download GooredFix by jpshortstuff to your desktop.
See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win 7).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear.
• Please attach the GooredFix.txt log to your next reply (it can be found on your desktop). (How to attach items to your post)

http://img839.imageshack.us/img839/3005/combofixicon.gif Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  • If it is not on your desktop, the below will not work.
• Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
• Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]DirLook::[/COLOR]
C:\Documents and Settings\All Users\Application Data\Driver Tool
[COLOR="DarkRed"]Registry::[/COLOR]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"WINRM"=-

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

http://img685.imageshack.us/img685/3557/tdsskiller.gif Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished. (How to attach items to your post)


Please download MBRCheck by GeeksToGo to your desktop.
See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (Vista and Win7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (How to attach items to your post)

http://dus.x10.mx/canned/otlicon.gifPlease download OTL by Old Timer to your desktop.

• See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif
• Double-click OTL.exe to run (Vista and Win7 right click and select Run as administrator)
• When the window appears, underneath Output at the top-right, make sure Standard Output is selected.
• Select Scan All Users.
• Under the Extra Registry section, check Use SafeList.
• Check the boxes beside LOP Check and Purity Check.
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  netsvcs
  %systemdrive%\*.exe
  /md5start
  atapi.sys
  csrss.exe
  explorer.exe
  ipnat.sys
  ipsec.sys
  regedit.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  %systemroot%\*. /mp /s
  %windir%\assembly\tmp\U /s
  %windir%\assembly\GAC\*.ini
  %windir%\assembly\GAC_MSIL\*.ini
  %windir%\assembly\gac_32\*.ini
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• When the scan is complete, Notepad will open with the results of the OTL scan.
• Close Notepad.
• There will be two log files on your desktop entitled OTL.txt and Extras.txt.
• Attach both OTL.txt and Extras.txt to your next message. (How to attach items to your post)

http://img822.imageshack.us/img822/6835/baticon.gif Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

CPU high usage / slow computer (part iii)

Hi Thisisu,
Don't seem to be able to reply to the previous post, oh well at least it allows me to log on this time. Is it me or is the world against me !!!

I have followed previous instructions, but could not find Windows Internet Explorer 7 - only IE 8 which I did not delete.
Computer is still as slow as ever unfortunately :cry

Here are the logs

 

Re: CPU high usage / slow computer (part iii)

More logs and thanks again.

 

Ok good, the OTL log revealed quite a bit.

http://dus.x10.mx/canned/otlicon.gifNow we need to make use of OTL by Old Timer.

• Double-click OTL.exe to run (Vista and Win7 right-click and select Run as administrator)
• When OTL opens, copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  [COLOR="DarkRed"]:processes[/COLOR]
  killallprocesses
  [COLOR="DarkRed"]:otl[/COLOR]
  IE - HKU\S-1-5-21-965538431-174517517-2159886411-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
  FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
  O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No CLSID value found.
  O3 - HKU\S-1-5-21-965538431-174517517-2159886411-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
  O3 - HKU\S-1-5-21-965538431-174517517-2159886411-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O3 - HKU\S-1-5-21-965538431-174517517-2159886411-1005\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
  O3 - HKU\S-1-5-21-965538431-174517517-2159886411-1005\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
  [2011/09/14 23:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
  [2011/09/12 12:10:43 | 000,000,000 | ---D | C] -- C:\XComboFix
  [2010/06/17 16:37:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ipupuxidi.bin
  [2010/06/17 16:37:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tromihikiciluci.dat
  [2010/06/17 17:37:23 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
  [2002/05/24 16:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
  [2009/03/14 04:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
  [2009/04/14 17:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
  [2009/09/15 19:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
  [2010/04/01 02:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
  [2007/02/28 21:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
  [2007/02/28 21:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZILLAbar
  [2011/07/26 23:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ingo67\Application Data\searchquband
  [2007/09/02 11:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ingo67\Application Data\Uniblue
  [2007/06/01 00:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ingo67\Application Data\Olil
  [2009/10/28 11:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ingo67\Application Data\Oxalyz
  [2009/04/17 10:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ingo67\Application Data\Nayw
  [2008/06/02 00:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ingo67\Application Data\Zabo
  [2008/10/04 14:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ingo67\Application Data\Owilk
  [COLOR="DarkRed"]:services [/COLOR]
  [COLOR="DarkRed"]:files[/COLOR]
  dir "C:\Documents and Settings\ingo67\Application Data\FreeAudioPack\" /c
  xcopy %Temp%\smtmp\1 "%allusersprofile%\Start Menu" /H /I /S /Y /C
  xcopy %Temp%\smtmp\2 "%userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
  xcopy %Temp%\smtmp\3 "%appdata%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
  xcopy %Temp%\smtmp\4 "%allusersprofile%\Desktop" /H /I /S /Y /C
  ipconfig /flushdns /c
  [COLOR="DarkRed"]:reg[/COLOR]
  [COLOR="DarkRed"]:commands[/COLOR]
  [purity]
  [createrestorepoint]
  [emptytemp]
  [emptyflash]
  

• Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• When complete, Notepad will open.
• Close Notepad.
• A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Attach this log to your next message. (How to attach items to your post)

• Now open OTL again and click the http://img683.imageshack.us/img683/4483/quickscanotl.png button
  Note: This automatically updates the OTL.txt log on your desktop.
• Attach OTL.txt to your next message. (How to attach items to your post)

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

CPU high usage / slow computer (part iv)

Hi Thisisu & Admin,

I have once again tried to reply to the "part ii" post as requested but all I get is "You do not have permission to access this page", so I have no alternative to start a new thread. I cannot understand this, I access other forums with no problems. Is it something to do with the malware cleaning process, I am mystified.

Anyway, back to the original problem, performance still seem the same to me, only 10% usage with just Firefox open, but load a new page, run itunes, media player just slows. Sound distortion remains. Also about 6 windows updates have run since running the last programmes.
Thisisu, thanks again for your patience; it seems to be a stubborn problem, any leads on what it might be ?
Here are the logs:

 

Not seeing anything bad in the new OTL log.

ESET Online Scanner
Remember to attach your log from ESET Online Scanner (How to attach items to your post)

Starting to also think this is partially software related because of the following in Extras.txt:

Code:

Error - 19/09/2011 00:22:14 | Computer Name = PJIACER5633 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072f78, P2 endsearch, P3 search, P4 3.0.8402.0,
 P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P8 NIL, P9 NIL, P10 NIL.
 
Error - 19/09/2011 13:49:43 | Computer Name = PJIACER5633 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072f78, P2 endsearch, P3 search, P4 3.0.8402.0,
 P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 19/09/2011 13:25:28 | Computer Name = PJIACER5633 | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly.  It has
 done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds:
 Restart the service.
 
Error - 19/09/2011 13:25:28 | Computer Name = PJIACER5633 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
15000 milliseconds: Restart the service.
 
Error - 19/09/2011 13:25:28 | Computer Name = PJIACER5633 | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless WiFi Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 19/09/2011 13:39:42 | Computer Name = PJIACER5633 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMF Service service to
 connect.
 
Error - 19/09/2011 13:39:42 | Computer Name = PJIACER5633 | Source = Service Control Manager | ID = 7000
Description = The IMF Service service failed to start due to the following error:
   %%1053
 
Error - 19/09/2011 13:41:12 | Computer Name = PJIACER5633 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Intel(R) PROSet/Wireless
 Event Log service to connect.
 
Error - 19/09/2011 13:41:12 | Computer Name = PJIACER5633 | Source = Service Control Manager | ID = 7000
Description = The Intel(R) PROSet/Wireless Event Log service failed to start due
 to the following error:   %%1053
 
Error - 19/09/2011 13:42:39 | Computer Name = PJIACER5633 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
 with DCOM within the required timeout.

Error - 19/09/2011 13:49:42 | Computer Name = PJIACER5633 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.111.2476.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.7604.0     Error
 code: 0x80072f78     Error description: The server returned an invalid or unrecognized
 response 

For troubleshooting purposes, I would uninstall all of the below and see if the same problems occur.

• Intel(R) PROSet/Wireless WiFi Software
• Advanced SystemCare 4
• IObit Malware Fighter
• Microsoft Antimalware
• Microsoft Security Client
• Microsoft Security Essentials
• Microsoft Application Error Reporting
• Smart Defrag 2
• Symantec KB-DocID:2003093015493306
• Acer Screensaver
• eSupportQFolder
• Game Booster 3
• MarketResearch

 

CPU high usage / slow computer (part v)

Hi Admin,
Please could you merge with original thread as once again I cannot reply, thanks.

Hi Thisisu,
I have run ESET scanner and deleted several of the programmes request, but some I could not locate or computer would not allow a delete.
Deleted;
Advanced Care System 4
IObit Malware Fighter
Smart Defrag 2
Acer Screen Saver
Games Boost 3

Could NOT Delete
MS AntiMalware

Did NOT want to Delete;
MS Security Essentials (me only realtime antivirus software)
Intel(R) PROset Wireless WiFi Software (only have access to internet thru wifi)

Could not locate;
MS Security Client
MS Application Error Reporting
Symantec KB Doc
eSupportQfolder
MarketResearch

The problem still persists.

Attached is the ESET log

 

At this point, since your latest logs have been clean of malware, I do not think you are having any more malware related issues.

I would recommend seeking additional help on the high CPU usage in the software forum.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!