# Solved: CPU constantly at 100%



## TechMaster7000 (Jul 11, 2011)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, 64 bit
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8173 Mb
Graphics Card: AMD Radeon HD 6670, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 324407 MB;
Motherboard: ASUSTeK Computer INC., P8Z68-V LX
Antivirus: avast! Antivirus, Updated and Enabled

Hi, not sure if this is the right category but it seems to be close enough.

So, here's my problem, it started yesterday after I installed Planetside 2 (I don't think that was the cause). I noticed that my fan was running very loudly after I closed Planetside so I opened CoreTemp to find that both cores were running at 100% and at 40 degrees which is typical when my CPU is using that much. So I opened task manager as well to see what the cause was, and then CoreTemp instantly dropped to idle 0-2% and the temperature went back to 30 degrees (normal for idle). There was nothing unusual running in task manager and when I checked the performance tab, it was running idle there too.

I restarted the computer and the same thing happened so I done a boot-time scan with avast and it found this: C:\Windows\SysWOW64\update\scrypt121016.cl It said it was Unix:Malware-gen. I moved it to the chest. It didn't make a difference.

Another unusual thing was massive usage of the disk by a process called AvastSvc.exe but it's gone now and hasn't come back. The CPU fan also seems to be running quieter now but CoreTemp still says 100% whenever task manager or process manager or resource monitor isn't open.

Also, the computer doesn't seem to be performing any slower.

Sorry about the length.

Any advice?

Thanks.


----------



## foxidrive (Oct 20, 2012)

Open a CMD prompt and launch this to create file.txt in the current folder.
tasklist >file.txt

Then try this command and see if the CPU drops. If it is malware and it's hiding from task manager then it may hide from tasklist too, but if the cpu load doesn't drop while this is happening then you might have the process name in the file.txt and you can google the odd task names.

for /L %a in (1,1,40) do tasklist


----------



## TechMaster7000 (Jul 11, 2011)

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 5,864 K
smss.exe 360 Services 0 1,204 K
csrss.exe 568 Services 0 4,420 K
wininit.exe 644 Services 0 4,576 K
csrss.exe 652 Console 1 10,368 K
winlogon.exe 708 Console 1 7,644 K
services.exe 748 Services 0 10,700 K
lsass.exe 756 Services 0 13,864 K
lsm.exe 764 Services 0 4,372 K
svchost.exe 868 Services 0 10,372 K
svchost.exe 964 Services 0 8,832 K
atiesrxx.exe 124 Services 0 4,440 K
svchost.exe 164 Services 0 22,516 K
svchost.exe 488 Services 0 260,228 K
svchost.exe 560 Services 0 40,168 K
svchost.exe 1116 Services 0 17,936 K
atieclxx.exe 1192 Console 1 7,072 K
svchost.exe 1344 Services 0 31,940 K
AvastSvc.exe 1472 Services 0 4,216 K
spoolsv.exe 1556 Services 0 13,260 K
svchost.exe 1600 Services 0 17,056 K
armsvc.exe 1780 Services 0 3,860 K
AppleMobileDeviceService. 1884 Services 0 9,880 K
atkexComSvc.exe 1256 Services 0 13,684 K
aaHMSvc.exe 1832 Services 0 8,824 K
AsSysCtrlService.exe 2020 Services 0 6,216 K
AsusFanControlService.exe 1844 Services 0 8,944 K
mDNSResponder.exe 2060 Services 0 6,660 K
PnkBstrA.exe 2172 Services 0 4,636 K
svchost.exe 2204 Services 0 7,448 K
WLIDSVC.EXE 2240 Services 0 13,952 K
WLIDSVCM.EXE 2584 Services 0 4,324 K
SearchIndexer.exe 2692 Services 0 22,284 K
svchost.exe 2932 Services 0 7,092 K
taskeng.exe 2988 Console 1 7,640 K
dwm.exe 3048 Console 1 36,368 K
taskhost.exe 3160 Console 1 11,108 K
AsRoutineController.exe 3260 Console 1 700 K
explorer.exe 3268 Console 1 77,080 K
RAVCpl64.exe 3576 Console 1 12,408 K
AI Suite II.exe 3648 Console 1 6,960 K
sidebar.exe 3656 Console 1 45,288 K
SkyDrive.exe 3672 Console 1 32,224 K
Steam.exe 3712 Console 1 33,344 K
svchost.exe 3800 Services 0 53,988 K
IAStorIcon.exe 3992 Console 1 22,344 K
AvastUI.exe 4000 Console 1 6,068 K
MOM.exe 3420 Console 1 4,644 K
wmpnetwk.exe 4144 Services 0 8,032 K
CCC.exe 4636 Console 1 5,380 K
AlertHelper.exe 4236 Console 1 528 K
AsAPHider.exe 4536 Console 1 596 K
IAStorDataMgrSvc.exe 4992 Services 0 19,648 K
svchost.exe 3496 Services 0 21,396 K
iPodService.exe 1824 Services 0 8,696 K
firefox.exe 3888 Console 1 257,656 K
audiodg.exe 1200 Services 0 17,816 K
cmd.exe 1308 Console 1 3,908 K
conhost.exe 3088 Console 1 7,380 K
tasklist.exe 2724 Console 1 6,616 K
WmiPrvSE.exe 2656 Services 0 7,240 K

Hi, thanks. Well, nothing jumped out at me. I searched a few of them and they are all legit. The same thing happened in terms of load. When CoreTemp is open on its own, 100%. When task manager is open, 0-2%. I also done a full system scan with MalwareBytes and it found nothing either. Do you think something might have just got corrupted? Or it is malware that is really good at hide and seek?

Thanks.

Okay, I have established that it stops running as soon as I open a monitoring application such as process explorer, task manager or resource monitor. It is not hiding from them but completely stops once it is opened. I know this because I started playing planetside and it was 11 frames, as soon as I opened task manager, 50 frames.

Any suggestions on how to get rid of it?


----------



## foxidrive (Oct 20, 2012)

I have no ideas.

There are two people that posted here with the similar symptoms. Maybe you can join and contact them to see if they resolved it.

http://forums.whirlpool.net.au/archive/1655478


----------



## foxidrive (Oct 20, 2012)

I found this script with the same name - this is a backup script. http://ifailhard.com/tmobile/wap/in...nbWluZXIvYmxvYi9tYXN0ZXIvc2NyeXB0MTIxMDE2LmNs

I wonder what would happen if you put the script back where it came from.... I can't say if that's a fair thing to try, but you could open the script with a text viewer and check the text at the bottom to see if the script above is the same one. It could be a false positive by the AV and that is triggering some bizarre behaviour because the script is missing - from where ever it came from. That's just a guess.


----------



## TechMaster7000 (Jul 11, 2011)

No I found that script too, the whole 100% thing was happening before I moved it to the chest. Must be some new malware. It's really annoying because I have to keep task manager open all the time. I then deleted it from the chest because I'm an idiot so maybe someone else can check to see if it's the same.


----------



## blues_harp28 (Jan 9, 2005)

Post a Hjt log - to see what is running on your system.
Hijack this 2.04

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* .
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* use the AnalyseThis button, its findings are dangerous if misinterpreted.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Also post the uninstall log from Hjt log
Start HiJackThis.
At the bottom right - Other Stuff 
Click on Config > Misc Tools.
Click > Open Uninstall Manager.
Click > Save List.
Save the uninstall list file on your desktop.
It will then open in Notepad.
Click Edit > Select All > Edit > Copy-and-Paste the uninstall list in the reply box.


----------



## foxidrive (Oct 20, 2012)

Maybe the guys with hijackthis logs can help.


----------



## blues_harp28 (Jan 9, 2005)

First thehrca, you should have started your own thread - this one belongs to TechMaster7000.
I will ask the Moderators to split your posts - please wait until they do so, before you post again.


----------



## TechMaster7000 (Jul 11, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:38:40, on 23/11/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Users\Rian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Rian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: http://www.samsungsetup.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: 
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.17\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.17\AsusFanControlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10676 bytes

Adobe Acrobat X Pro - English, Français, Deutsch
Adobe After Effects CS5.5
Adobe Digital Editions
Adobe Dreamweaver CS6
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator CS5.1
Adobe Photoshop CS6
Adobe Reader XI
AI Suite II
Apple Application Support
Apple Software Update
Application Profiles
Application Profiles
Asmedia ASM104x USB 3.0 Host Controller Driver
avast! Free Antivirus
Borderlands 2
Catalyst Control Center - Branding
DAEMON Tools Lite
FARO LS 1.1.406.58
FileHippo.com Update Checker
FileZilla Client 3.6.0.1
Football Manager 2013
Grand Theft Auto IV
HiJackThis
HydraVision
i-Menu 1.2
Intel(R) Rapid Storage Technology
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 17.0 (x86 en-US)
Need for Speed Most Wanted
Nero Burning ROM 10
Nero Burning ROM 10
Nero BurnRights 10
Nero Control Center 10
Nero Core Components 10
Notepad++
OpenAL
PDF Settings CS6
PlanetSide 2
PunkBuster Services
Python 3.1.1
QuickTime
Rapture3D 2.4.9 Game
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Samsung ML-1860 Series
Steam
tools-linux
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
VC80CRTRedist - 8.0.50727.6195


----------



## blues_harp28 (Jan 9, 2005)

Download the Free version of SuperAntiSpyware

*SuperAntiSpyware*
Click on the install icon - allow it to update during the install process.
Select the Quick Scan option.
Click Scan your Computer.
Any infections or problems will be highlighted in red.
After the scan is finished.
Click Continue.
Check that everything is listed.
Click Remove Threats.
Click OK - then click Finish
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start SuperAntiSpyware again.
Click View Scan Logs.
Highlight the scan log entry.
Click - View Selected Log.
The scan log will appear in Notepad.
Copy and paste in your next post.


----------



## TechMaster7000 (Jul 11, 2011)

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.122.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.questions.technicpack.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.questions.technicpack.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.sonyonlineentertainment.112.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjnyqoc5gko.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.dennispublishing.112.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkyupczikq.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkoojc5gcq.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wflywhajmgq.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.adworkmedia.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.adworkmedia.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjk4kgcpghp.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfmiwnajogo.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aeliggajifp.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6whl4kkd5sho.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aelokgdpkkp.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wgkiuiajklp.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wgk4ahdpigp.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkigldzglq.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wflosiczseo.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjmialcjmco.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aelicicpsko.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkiakd5mbp.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wgmywpdzgcq.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlokgazmap.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfk4kiajadq.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wcmykhcpefp.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wckigpcjcbo.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aeliwjazclo.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.account.thewarz.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.account.thewarz.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.timeinc.122.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.ipcmedia.122.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
int.sitestat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
int.sitestat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.mediacollege.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.mediacollege.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfmykpc5obo.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
tracking100.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.pcworldcommunication.122.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmmywjajilq.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.premiumtv.122.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
stat.aldi.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.account.live.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.account.live.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.account.live.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkoqmdzslo.stats.esomniture.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.account.station.sony.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.account.station.sony.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.elitepvpers.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.elitepvpers.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.elitepvpers.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\RIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F57ULION.DEFAULT\COOKIES.SQLITE ]

The problem still persists even after removing all of these and restarting the computer.


----------



## blues_harp28 (Jan 9, 2005)

TechMaster7000 said:


> So, here's my problem, it started yesterday after I installed Planetside 2 (I don't think that was the cause)


Have you uninstalled Planetside 2 - to see if it is the cause?

Start > Search box > Type
msconfig
In msconfig - Start up tab.
Untick all entries *Except*

*C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui*

Apply > Ok > Reboot your Pc.

The System Configuration Utility box appear on retstart - saying changes have been made.
Tick the box on the lower left and then OK.

*Any entry can be re-enabled using msconfig - if it needs to be*
http://netsquirrel.com/msconfig/index.html
-----
Install Service Pack 1
Learn how to install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/installwindows7sp1


----------



## TechMaster7000 (Jul 11, 2011)

I haven't uninstalled PS2 because I know a lot of people that have the game and aren't having this problem.

I disabled all but Avast on startup but that didn't work either.

About SP1, I had my updates disabled but I enabled them and there was 84 important updates (600MB) available so I installed them all. None of them said SP1 and it still doesn't say SP1 under Computer > Properties. How do I install it because the link said it would just appear in the update thing. I didn't install any optional updates, maybe its one of those?

Thanks.


----------



## blues_harp28 (Jan 9, 2005)

Download Windows 7 and Windows Server 2008 R2 Service Pack 1 
http://www.microsoft.com/en-us/download/details.aspx?id=5842

windows6.1-KB976932-X64.exe - 903.2 MB


----------



## TechMaster7000 (Jul 11, 2011)

Hi, sorry for the delay. I got SP1 installed through Windows Update eventually after figuring out why it wasn't showing up.

The problem still remains even after the installation.

This is getting really repetitive but any other suggestions?


----------



## blues_harp28 (Jan 9, 2005)

TechMaster7000 said:


> This is getting really repetitive but any other suggestions?


 If 'it started yesterday after I installed Planetside 2'
Would that not be the first thing to check?
Uninstall Planetside 2 and see what difference it makes.


----------



## TechMaster7000 (Jul 11, 2011)

Hi, okay I uninstalled Planetside 2 and it is still doing the same thing. I made sure all PS2 data was gone then done a restart and still no difference.


----------



## blues_harp28 (Jan 9, 2005)

Open Task Manager.
Click on Processes Tab.
Click on View tab > Select columns
Make sure that Image Path Name + Command Line are Ticked.

Post a Screenshot of the above. 
http://library.techguy.org/wiki/TSG_Posting_a_Screenshot


----------



## TechMaster7000 (Jul 11, 2011)

Hi, heres the screenshots (one with all processes ticked too)


----------



## blues_harp28 (Jan 9, 2005)

Despite 58 processes running - the above screenshots are showing CPU Usage: 2%.
Your screenshot - your post # 1 are showing Max Temp of 40 C - Core #0
and 38 C for - Core #1.

The Load of 100% seems to be related to the load on the system after you installed Planetside 2 or when the Task Manager and other applications are opened or closed.
But the title of your thread says - 'CPU constantly at 100%'.


----------



## foxidrive (Oct 20, 2012)

This appears to be the problem - see the first post and the images from it.



TechMaster7000 said:


> I noticed that my fan was running very loudly after I closed Planetside so I opened CoreTemp to find that both cores were running at 100% and at 40 degrees which is typical when my CPU is using that much. So I opened task manager as well to see what the cause was, and then CoreTemp instantly dropped to idle 0-2% and the temperature went back to 30 degrees (normal for idle).


When he closed Task Manager the CPU load shot up again.


----------



## blues_harp28 (Jan 9, 2005)

When running a graphic + processor intensive game - CPU - Temps etc will raise and maybe use the maximum of the Pc resources.
Once the game is closed - it will take time for the Pc to return to its normal running state.
Fans running slower - CPU will be lower and Temps will also be lower.

So, with the game no longer running and the Pc still returning to normal - is it not posible that as the Task Manager is opened - the normal Pc state has been reached at the same time?

The load on the system may be 100% at times but the core temperatures are still within the safety range.


----------



## foxidrive (Oct 20, 2012)

foxidrive said:


> When he closed Task Manager the CPU load shot up again.


----------



## blues_harp28 (Jan 9, 2005)

TechMaster7000 said:


> So I *opened* task manager as well to see what the cause was, and then CoreTemp instantly *dropped to idle 0-2%* and the temperature went back to *30 degrees (normal for idle)*


We await TechMaster7000's reply


----------



## foxidrive (Oct 20, 2012)

Didn't you read the following posts after the original one?

The CPU load dropped to idle whenever task manager or tasklist was running, and shot up to full load when they were closed.


----------



## TechMaster7000 (Jul 11, 2011)

Hi, this screen recording should clear up any confusion. This is from a fresh restart so there is no PS2 running or anything like that.


----------



## foxidrive (Oct 20, 2012)

Look here: http://answers.microsoft.com/en-us/...load-100/5936cbd2-a758-4a27-946f-0bac401d56f3


----------



## blues_harp28 (Jan 9, 2005)

You are saying that the 'CoreTemps were running at 100%'
Core Temperatures recorded were - Max Temp of 40 C - Core #0 and 38 C for - Core #1.

You are watching the Load Setting in the Core Temp Program.
The Load setting in the Core Temp Program - is recording just that - the Load on the system and that may well go up and down.

The CPU will also fluctuate but from what you have shown us - they return to the minimum CPU usage, after time.
Your screenshot of the Task Manager post # 20 - 58 processes were running but the CPU Usage: 2%.
If you do not use the Core Temp Program and the Task Manager is closed - what problem are you having with your Pc?


----------



## foxidrive (Oct 20, 2012)

EDIT: removed, coz someone will be annoyed.


----------



## TechMaster7000 (Jul 11, 2011)

Progress at last!! I have that file in my SysWOW64 folder instead of the system32 folder but someone else said they had it there too. I am going to try them instructions for removing it now!


----------



## TechMaster7000 (Jul 11, 2011)

Done! Thanks so much! It has resolved the problem completely.

The trojan must be very new since that post was only made 3 days ago.

I hope this and the other thread on MS forums helps others who are having the same problem.


----------



## foxidrive (Oct 20, 2012)

Good one. Thanks for the closure too. :thumbsup:


----------



## blues_harp28 (Jan 9, 2005)

I don't know what you have deleted - just one file I hope.
The SysWOW64 stands for 'Windows on 64-bit Windows' and it contains all the 32-bit binary files that are required and runs on top of the 64 bit system.
The 32-bit application needs to read to or from the Windows\System32 folder.


----------



## TechMaster7000 (Jul 11, 2011)

Yes, it was just one file - igfxupdate.exe - Definitely not legit and deleting it definitely solved the problem.

Thanks for your help!


----------



## blues_harp28 (Jan 9, 2005)

:up:


----------

