IE uses 100% CPU usage

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

TampaLady

Thread Starter
Joined
Jan 15, 2005
Messages
28
This is a fairly recent problem. I have a Dell computer about 4 months old.

Here's a description of the problem. I would appreciate any assistance I can get. I was going to call Dell but I've found I get better help here than Dell!

At times, when I am using IE 6.0, my CPU usage will go to 100%. When it does, I can no longer use IE. It's like it freezes up on me. I have to open "windows task manager" and use "end task" for IE to get it to stop. I wait a few minutes, and open IE again. It will work fine for a bit. And then repeat. When I open the "windows task manager" I can see that IE is using 99% CPU usage.

I'm afraid it might be some spybot program or something that is taking over. I can't figure out what is wrong. But I know this is a good place to come for
help!

I updated and scanned with AdAware SE and Spybot S&D. Here's my HJT log, in case it's needed.

Logfile of HijackThis v1.99.0
Scan saved at 8:25:25 AM, on 2/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\SYSTEM32\RAMASST.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tbo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\SYSTEM32\RAMASST.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Any ideas what could be causing this problem?
Christi
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Strange...nothing shows that I see that would be causing this> advise you scan at these two sites:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

http://housecall.antivirus.com/housecall/start_corp.asp

If you have never used them, both of those scans will take a while to get the Active X controls loaded and then scan all files....I would estimate a good 2 hours and have seen it take quite a lot longer. Not much you can do...

Set the settings to scan all files, Scan the whole computer, all hard drives...whatever each has. AUTOCLEAN should be checked, too. You don't get to scan unless you let the ActiveX control load, that is what gets tiring, but it should finish> it does seem to stop but you should wait and scan!
Panda will let you save a Report as Activescan.txt when it finishes, which you should post here in your next reply. Housecall only shows you what it found, cleaned, could not fix, or deleted....so, do Panda first and Housecall next to keep the manual filename recording to a minimum, but we should have you post the filenames it found infected, the locations of files, and what the exact trojan name is for each.

ScriptBlocking will probably prompt you for a block or allow at the scan sites, you have to allow them.

If nothing is found at either scan, post a new HJT log. Hijackthis does not show everything and Norton AV does not detect or clean everything, best to double check with the online scans. We use both because quite often one will find something the other misses.
 

TampaLady

Thread Starter
Joined
Jan 15, 2005
Messages
28
Here's the results from the Panda scan. It said 17 viruses found:


Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-3f26d88f.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-58581c27-4871f197.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-588fab9e-515c8d53.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-7dbaf4a8-326456f8.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-39455292.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4a55e8d4-4170c343.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4a55e8d4-4170c343.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4a55e8d4-4170c343.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4a55e8d4-4170c343.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv101.jar-77bf84d4-680d5f81.zip[Dummy.class]
Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv101.jar-77bf84d4-680d5f81.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv2.jar-19b35d14-269f855a.zip[Dummy.class]
Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv2.jar-19b35d14-269f855a.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv254.jar-30c0e0b0-3b9c1f3f.zip[Dummy.class]
Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv254.jar-30c0e0b0-3b9c1f3f.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-4d7e06c5-3f8750f6.zip[Dummy.class]
Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-4d7e06c5-3f8750f6.zip[Matrix.class]


HouseCall found only one:

TROJ_UPLOADER.F Noncleanable C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588....

It said it was noncleanable but then asked me if I wanted to delete it. I said yes.

OK....now what??? :confused:
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Those Java detections can be simply deleted, they are in the Sun Java cache> In the Control Panel, double click your Java Plug-in icon, give it a minute to open, look for the tab that has Cache, open that, and click on the "Clear" button, that empties the temporary files similar to Temporary Internet Files.

The other file was or is, in your System Restore area, no program can clean it there....you have to turn off System Restore to empty those files (this is only done temporarily, see the link below):

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam


To turn Restore back on and create a new Restore Point> do this:

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top