Jump to content

System resources being hogged in regular mode starting at bootup


nickster
 Share

Recommended Posts

System resources are being hogged. I downloaded Norton System Works, but the PC hangs and I only get the Norton splash screen after a few minutes, then I waited 30 minutes to see iff my system could get norton started for me to run a scan. It still was showing the splash screen. All programs I tried are affected by this. I am using safe mode and running Superanti spyware now, and have several other anti malware/virus programs I'll try to run in safe mode. Norton won't run in safe mode. I ran an AVG complete scan while in safe mode, but the report only listed about 50 locked files. It didn't mention anything I took as a red flag.

It is slow right off the bat in regular mode, but I don't have enough time to open my browser or start anything before the system hangs.

I may need to boot from a disk with anti/mal/virus program on it.

Link to comment
Share on other sites

Hi, nickster.

What makes you thing your machine is infected?

Can you reach Windows desktop? If so, can you post a screenshot of all running processes in Task Manager?

I am online now for college, in safe mode. I'll capture a screenshot in regular mode later tonight. For now, here is the current safe mode w/networking screenshot of task mgr and the super antispyware report.

Text of Superantispyware report (is red) (won't let me attach a works document):

I have not booted normally after Superantispywae did its scan, but it detected what it considers potentially malicious items.

SUPERAntiSpyware Scan Log
/>http://www.superantispyware.com

Generated 09/26/2011 at 02:36 PM

Application Version : 5.0.1118

Core Rules Database Version : 7728

Trace Rules Database Version: 5540

Scan type : Complete Scan

Total Scan Time : 00:48:34

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator

Memory items scanned : 430

Memory threats detected : 0

Registry items scanned : 73602

Registry threats detected : 23

File items scanned : 58016

File threats detected : 82

Adware.MyWebSearch/FunWebProducts

(x86) HKLM\SOFTWARE\MyWebSearch

(x86) HKLM\SOFTWARE\MyWebSearch\bar

(x86) HKLM\SOFTWARE\MyWebSearch\bar#Maximized

(x86) HKLM\SOFTWARE\MyWebSearch\bar#Visible

(x86) HKLM\SOFTWARE\MyWebSearch\bar#pid

(x86) HKLM\SOFTWARE\MyWebSearch\bar#fwp

(x86) HKLM\SOFTWARE\MyWebSearch\bar#tiec

(x86) HKLM\SOFTWARE\MyWebSearch\bar#Dir

(x86) HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir

(x86) HKLM\SOFTWARE\MyWebSearch\bar#sr

(x86) HKLM\SOFTWARE\MyWebSearch\bar#pl

(x86) HKLM\SOFTWARE\MyWebSearch\bar#un

(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant

(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid

(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp

(x86) HKLM\Software\FocusInteractive

(x86) HKLM\Software\FocusInteractive\bar

(x86) HKLM\Software\FocusInteractive\bar\Switches

(x86) HKLM\Software\FocusInteractive\bar\Switches#ok

(x86) HKLM\Software\FocusInteractive\bar\Switches#od

(x86) HKLM\Software\FocusInteractive\bar\Switches#nk

(x86) HKLM\Software\FocusInteractive\bar\Switches#nd

C:\Program Files (x86)\MyWebSearch\bar\1.bin

C:\Program Files (x86)\MyWebSearch\bar\2.bin

C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files (x86)\MyWebSearch\bar\Settings

C:\Program Files (x86)\MyWebSearch\bar

C:\Program Files (x86)\MyWebSearch

Malware.Trace

C:\Windows\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job

(x86) HKU\S-1-5-21-2852480957-4085591632-1622588118-1001\Software\NtWqIVLZEWZU

Adware.Tracking Cookie

.avgtechnologies.112.2o7.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.specificclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.yieldmanager.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.r1-ads.ace.advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.media6degrees.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.imrworldwide.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.yadro.ru [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.advertising.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.mediabrandsww.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.content.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.content.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.media6degrees.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.lucidmedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.technoratimedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.adultfriendfinder.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LA5OB7IS.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\NICK RABUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.atdmt.com [ C:\USERS\NICK RABUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

.doubleclick.net [ C:\USERS\NICK RABUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/CDesc[Generic]

ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/ADDINMANA.DLL

C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP

ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/NSISSCRIPTEDITOR.DLL

ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/PREVIEW.DLL

ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/PROJECTZIP.DLL

ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/RESOURCEID.DLL

ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/ADDINS/STYLEMANA.DLL

ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/RACODECOMPLETE.DLL

ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/RAFILE.DLL

ZIP ARCHIVE( C:\USERS\NICK RABUS\DESKTOP\DDDDD\DESKTOP\POE\NASM\RADASM.ZIP )/WBDLL.DLL

Link to comment
Share on other sites

Hi, nickster.

What makes you thing your machine is infected?

Can you reach Windows desktop? If so, can you post a screenshot of all running processes in Task Manager?

I put the tsk mgr screenshot into a Works doc, but can't upload a Works doc. saved as a png:and attached to this reply

post-6996-0-99907200-1317094605_thumb.pn

Link to comment
Share on other sites

What I would do is a new install of Windows. There appears to be a lot of spyware/adware/malware in the SASW report which makes me think that a clean install of the O/S is the quickest and easiest option.

When you get going again, install an anti-virus and an anti-malware program ahead of doing almost anything else - and, like Pat Willener said, not Norton/Symantec. Don't install multiple anti-virus programs - if you want a second opinion on viruses use an online service such as Trend HouseCall.

Do you have ZoneAlarm installed? The presence of vsmon.exe suggests that you do. If you do, I don't feel there is a need for it now that Windows has an effective firewall. If you don't then this term sometimes points to a virus, spyware, trojan or worm infection.

Also, and not wishing to judgemental, your SASW report shows some very dubious cookies and possible trojans - not things I would want on my computers.

Link to comment
Share on other sites

I am with -pops-. Although recovering your machine to a safe/reliable state is more efficient with a previously created system image, a clean install of the OS is the only other way to insure the return of a heathy system. It is possible to clean your system of malware, but with the removal of viri/malware there is often the colateral damage of removing legitamate files necessary for the machine to perform at par. Most likely, one will fix a specific issue to have another raise its ugly head.

In your log is:

Malware.Trace

C:\Windows\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job

(x86) HKU\S-1-5-21-2852480957-4085591632-1622588118-1001\Software\NtWqIVLZEWZU

This entry is associated with Fake-Alert (a trojan downloader) or something similar. Did/do you by chance have pop-ups informing you that there were hundreds of infections on your machine and that you needed/need to remove the infections by clicking on a certain window?

As it is now in the wee hours here, I will give the logs another looking-over with fresh eyes later today. If you care to continue resolving this issue, I will be more than happy to lend a hand. In the meantime, please post a similarly formatted screenshot of all running processes in Task Manager from Windows normal mode with your next post.

Toodles

:flowers:

Link to comment
Share on other sites

I am with -pops-. Although recovering your machine to a safe/reliable state is more efficient with a previously created system image, a clean install of the OS is the only other way to insure the return of a heathy system. It is possible to clean your system of malware, but with the removal of viri/malware there is often the colateral damage of removing legitamate files necessary for the machine to perform at par. Most likely, one will fix a specific issue to have another raise its ugly head.

In your log is:

Malware.Trace

C:\Windows\TASKS\{22116563-108C-42c0-A7CE-60161B75E508}.job

(x86) HKU\S-1-5-21-2852480957-4085591632-1622588118-1001\Software\NtWqIVLZEWZU

This entry is associated with Fake-Alert (a trojan downloader) or something similar. Did/do you by chance have pop-ups informing you that there were hundreds of infections on your machine and that you needed/need to remove the infections by clicking on a certain window?

As it is now in the wee hours here, I will give the logs another looking-over with fresh eyes later today. If you care to continue resolving this issue, I will be more than happy to lend a hand. In the meantime, please post a similarly formatted screenshot of all running processes in Task Manager from Windows normal mode with your next post.

Toodles

:flowers:

I have been busy with college and work, so haven't booted to regular mode yet, but here is the Malwarebytes log. I haven't gotten a pop up recently about being infected, but I have never clicked on ads like pop ups that have an urgent request to download their "product"

Thank you.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7821

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 9.0.8112.16421

9/28/2011 7:49:17 PM

Malwarebytes log 2011-09-28 (19-48-51)

Scan type: Full scan (C:\|)

Objects scanned: 373074

Time elapsed: 1 hour(s), 14 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{b33ee05e-0e9f-5672-5ac7-4fedac3dbf5c} (Adware.Ezula) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{eca3e63b-2d45-2cad-efb1-65fd6c346935} (Adware.LoudMo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\CB0GKKO4NC (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\OUU6KC5WPX (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\Software\FLV Direct Player (Adware.FLVPlayer) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.

I have told Malwarebytes to remove and apparently did.

Link to comment
Share on other sites

Run this program to remove Norton. Find your version from the list provided on the webpage. There are instructions for usage; including backing up your product key in case you want to reinstall.

As the original topic is:

"System resources being hogged in regular mode starting at bootup"

There is no way to troubleshoot further until an attempt is made to boot Windows normally. I guess you could work in Safe Mode indefinately (what a drag on such a nice OS). :unsure:

I'll be around, nickster. Handle your work and school. When you get caught up, we can see what is what. In the meantime, there are some ipads here at a really great price. :lol:

Link to comment
Share on other sites

  • 2 weeks later...

I'm still of the opinion that my suggestions in my post #6 is the way to go.

It is the only way to guarantee that you are free of rubbish programs.

It looks like that is what I will do. I tried normal mode and clicked icons for anti spyware/malware as quickly as I could, but had splash screens for 3 of them up when my system hanged. Manually removing the bad items is very time-consuming. First, I'd have to determine what is bad using resource like this forum, which doesn;'t guarantee I wouldn't remove a critically-needed item. Thank you for the suggestions, folks.

Steve Jobs ... RIP

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy