-
System and IEPLORE.EXE hogging CPU processes
Problem occurs when browsing using Interent Explorer, system and IEXPLORE.EXE will split CPU usage 50/50 or 60/40. Browsing is agonizingly slow and i know for a fact it isnt my cable connection.
Logfile of HijackThis v1.97.7
Scan saved at 12:36:46 PM, on 5/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\PFWShared\cfgintpr.exe
C:\WINNT\System32\svchost.exe
C:\iFtpSvc\iftpsvc.exe
C:\Program Files2\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files2\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\Microsoft\Crypto\ISA\FireDaemon. EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~2\Serv-U\SERVUD~1.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\PROGRA~2\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files2\TPF4\umxagent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files2\DU Meter\DUMETER.EXE
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
C:\Program Files2\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\WINNT\system32\Microsoft\Crypto\ISA\svhost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.earthlink.net/~phantomht
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.earthlink.net/~phantomht"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\k8idrc6c.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\k8idrc6c.slt\prefs.j s)
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files2\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files2\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF55256A-3B3B-11D2-B05B-000001145917} - C:\Program Files\Common Files\PFWShared\weaddon.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files2\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar1.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [DU Meter] C:\Program Files2\DU Meter\DUMETER.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [WheresJames Startup Manager] C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files2\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: symsupportutil - https://www-secure.symantec.com/tech...upportutil.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} (AnarkClient Class) - http://install.anark.com/client/vers...n/AMClient.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://216.65.38.226/Download_Plugin.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/i...ncherSetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...718.4393287037
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11A61AC-4756-4019-97C2-15B8B25BD11C}: NameServer = 192.168.0.1
Any idea's or need any screenshots?
-
additional info
i've already [over last 2 months] run ad-aware numerous times, have updated my Nortons virus definitions weekly and tried Trend Micro's and Tiny's online virus scans, .... all to no avail.
-
Are you using Norton Internet Security? If so, try disabling it and see if that helps. If it doesn't, reenable it and try scanning SVCHOST.EXE in your windows/system32/ directory. Those are really the only ideas I have right now. . .oh, also, maybe try disabling system recovery. . .? I dunno. . .could help. . .
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|