• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
SpyWareBlows

PC CPU Usage High and Memory Constantly Increasing

2 posts in this topic

Ok, system is serious screwed it seems. Got my browser hijacked today. Looks like I deleted the main part, but I have many other problems now. After I followed a bunch of directions I got; windows media player wouldn't work, so I had to reinstall it. Still have the hijack thing where if I type in something like www.fijrijfijrijfijrgfr.com it will take me to a hijacked page, but my home page is mine, and under control. Noticed under task manager that my CPU is running at around 50% with nothing open, and my memory has been increasing...was at almost a gig when I last shut off the comp (needed virtual memory expanded). I've been running adaware and spybot, and they both find less than 30. Thus, I don't really see any excessive spyware, and don't see a significant browser hijack left, so why is my computer so slow and messed up? In addition, took 30 seconds to get from the power on password to the windows is loading screen (it seemed to hang with just a white cursor flashing for a moment). Also, when I am logging onto windows 2000, I type in my password, and it takes like 60 seconds for what I typed to show and for it to log in. Can't get norton live update to find its server. Trying to run the antivirus "trend" but ie is crashing when I try to install it. Don't know what other info to give. I guess I will give my hijack this log file:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:08:26 AM, on 6/24/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\ibmpmsvc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\drivers\trcboot.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\C4ebreg\isamsmt.exe

c:\sdwork\issimsvc.exe

C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Drivers\ldlcserv.exe

C:\WINNT\system32\MsgSys.EXE

C:\WINNT\Explorer.EXE

C:\Program Files\NavNT\vptray.exe

C:\WINNT\system32\RunDll32.exe

C:\WINNT\system32\tp4serv.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\WINNT\system32\RunDll32.exe

C:\progra~1\c4ebreg\c4ebreg.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\Zone Labs\Integrity Client\iclient.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O1 - Hosts: 9.45.123.215 eernt1 # Ethernet

O1 - Hosts: 9.45.48.203 eernt4 # legacy ERS e-mail application server

O1 - Hosts: 9.45.123.214 eersnt3 # Ethernet

O1 - Hosts: 9.45.123.201 eersnt4 # Ethernet

O1 - Hosts: 9.45.123.208 eersnt5 # Ethernet

O1 - Hosts: 9.45.48.176 eersweb1 # ERS web central

O1 - Hosts: 9.45.123.209 eersweb1 # Ethernet

O1 - Hosts: 9.45.123.212 gumnotes # Ethernet

O1 - Hosts: 9.45.123.221 snaserver # Ethernet 9/22/03

O1 - Hosts: 9.45.123.219 cwpa0gjm # Ethernet 9/23/03

O1 - Hosts: 9.45.123.207 erscustprod # Ethernet

O1 - Hosts: 9.45.123.206 erscusttest # Ethernet

O1 - Hosts: 9.45.123.210 eersaix0 # Ethernet

O1 - Hosts: 9.45.123.210 eersaix0.sby.ibm.com # Ethernet

O1 - Hosts: 9.45.123.205 eersaix1 # Ethernet

O1 - Hosts: 9.45.123.204 eersaix2 # Ethernet

O1 - Hosts: 9.45.123.203 eersaix3 # Ethernet

O1 - Hosts: 9.45.123.202 eersaix5 # Ethernet

O1 - Hosts: 9.45.123.220 erscrystal # Ethernet 9/23/03

O1 - Hosts: 9.45.123.216 ersorcl8i # Ethernet

O1 - Hosts: 9.45.50.149 ersdb28 # ORCL backup

O1 - Hosts: 9.45.48.218 erswebsrv # UC, new ERS webserver - Ethernet

O1 - Hosts: 9.45.123.217 ersimaging # Cadence background loader and image store DB

O1 - Hosts: 9.45.147.144 ersfaxdev # ERS fax project development workstation - Ethernet

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [iSAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"

O4 - HKLM\..\Run: [soundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q

O4 - HKLM\..\Run: [iSSI EZUpdate Service] "c:\sdwork\issimsvc.exe"

O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sametime Connect] C:\Program Files\Lotus\Sametime Client\Connect.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1

O4 - Startup: Ad-watch 3.lnk = C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe

O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: American Express atWork Admin - http://eersaix0.sby.ibm.com/axdev/atWorkADM.cab

O16 - DPF: American Express atWork CPC - https://qa.amex.iers.ihost.com/atWorkCPC.cab

O16 - DPF: IBM EA2000 - https://w3-1.ibm.com/tools/us/expenses/EA2000.cab

O16 - DPF: Sametime Meeting Room Client ST31 - https://www-1.ibm.com/sametime/stmeetingroo...gRoomClient.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab

O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroo...STJNILoader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{66D81C55-279D-4D13-A4F9-6E3E19D0F231}: Domain = ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA534E2E-F787-4FC6-9212-D9A1A26D14C3}: Domain = ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{C934E6F7-7E16-4836-AFB6-91BCB8950CEB}: Domain = ibm.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ibm.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ibm.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com

 

Anyhelp would be extremely appreciated.

 

Mike

Share this post


Link to post
Share on other sites

There is very little on your computer that would result in a slowdown as far as spyware is concerned. Two R entries can be removed.

 

Check the following items in HiJackThis:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search

 

Close all open windows except HiJackThis and press 'Fix Checked'.

 

There is also this entry:

O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch

 

Which is Wildtanget updater. If you do not need it, remove it also and then delete the entire folder.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0