1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE uses 100% CPU usage

Discussion in 'Virus & Other Malware Removal' started by TampaLady, Feb 4, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. TampaLady

    TampaLady Thread Starter

    Joined:
    Jan 15, 2005
    Messages:
    28
    This is a fairly recent problem. I have a Dell computer about 4 months old.

    Here's a description of the problem. I would appreciate any assistance I can get. I was going to call Dell but I've found I get better help here than Dell!

    At times, when I am using IE 6.0, my CPU usage will go to 100%. When it does, I can no longer use IE. It's like it freezes up on me. I have to open "windows task manager" and use "end task" for IE to get it to stop. I wait a few minutes, and open IE again. It will work fine for a bit. And then repeat. When I open the "windows task manager" I can see that IE is using 99% CPU usage.

    I'm afraid it might be some spybot program or something that is taking over. I can't figure out what is wrong. But I know this is a good place to come for
    help!

    I updated and scanned with AdAware SE and Spybot S&D. Here's my HJT log, in case it's needed.

    Logfile of HijackThis v1.99.0
    Scan saved at 8:25:25 AM, on 2/3/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\hphmon03.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\SYSTEM32\RAMASST.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\HPHipm09.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tbo.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Event Reminder.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\SYSTEM32\RAMASST.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX.cab?9,0,712,0
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


    Any ideas what could be causing this problem?
    Christi
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Strange...nothing shows that I see that would be causing this> advise you scan at these two sites:

    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    http://housecall.antivirus.com/housecall/start_corp.asp

    If you have never used them, both of those scans will take a while to get the Active X controls loaded and then scan all files....I would estimate a good 2 hours and have seen it take quite a lot longer. Not much you can do...

    Set the settings to scan all files, Scan the whole computer, all hard drives...whatever each has. AUTOCLEAN should be checked, too. You don't get to scan unless you let the ActiveX control load, that is what gets tiring, but it should finish> it does seem to stop but you should wait and scan!
    Panda will let you save a Report as Activescan.txt when it finishes, which you should post here in your next reply. Housecall only shows you what it found, cleaned, could not fix, or deleted....so, do Panda first and Housecall next to keep the manual filename recording to a minimum, but we should have you post the filenames it found infected, the locations of files, and what the exact trojan name is for each.

    ScriptBlocking will probably prompt you for a block or allow at the scan sites, you have to allow them.

    If nothing is found at either scan, post a new HJT log. Hijackthis does not show everything and Norton AV does not detect or clean everything, best to double check with the online scans. We use both because quite often one will find something the other misses.
     
  3. TampaLady

    TampaLady Thread Starter

    Joined:
    Jan 15, 2005
    Messages:
    28
    Here's the results from the Panda scan. It said 17 viruses found:


    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-3f26d88f.class
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-58581c27-4871f197.zip[Gummy.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-588fab9e-515c8d53.zip[Gummy.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-7dbaf4a8-326456f8.zip[Gummy.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-39455292.zip[Dummy.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4a55e8d4-4170c343.zip[BlackBox.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4a55e8d4-4170c343.zip[VB.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4a55e8d4-4170c343.zip[Dummy.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4a55e8d4-4170c343.zip[Beyond.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv101.jar-77bf84d4-680d5f81.zip[Dummy.class]
    Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv101.jar-77bf84d4-680d5f81.zip[Matrix.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv2.jar-19b35d14-269f855a.zip[Dummy.class]
    Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv2.jar-19b35d14-269f855a.zip[Matrix.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv254.jar-30c0e0b0-3b9c1f3f.zip[Dummy.class]
    Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv254.jar-30c0e0b0-3b9c1f3f.zip[Matrix.class]
    Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-4d7e06c5-3f8750f6.zip[Dummy.class]
    Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Joel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv519.jar-4d7e06c5-3f8750f6.zip[Matrix.class]


    HouseCall found only one:

    TROJ_UPLOADER.F Noncleanable C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588....

    It said it was noncleanable but then asked me if I wanted to delete it. I said yes.

    OK....now what??? :confused:
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Those Java detections can be simply deleted, they are in the Sun Java cache> In the Control Panel, double click your Java Plug-in icon, give it a minute to open, look for the tab that has Cache, open that, and click on the "Clear" button, that empties the temporary files similar to Temporary Internet Files.

    The other file was or is, in your System Restore area, no program can clean it there....you have to turn off System Restore to empty those files (this is only done temporarily, see the link below):

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam


    To turn Restore back on and create a new Restore Point> do this:

    Restart your computer, turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326880

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice