High CPU usage when using IE8

Greetings all:

My issue, high CPU usage when using IE8. High CPU usage started to appear a few weeks ago, I finally found time to try to fix the problem this past weekend, to no avail.

Computer:
Sony PCV-RS620G
Pent 4 HT (3.GHz)
2 GB Ram (max)
OS: XP Home, SP3 (all updates)
Anti Virus: Norton Security Suite Ver. 5.1.0.29 (up to date definitions)

Attached are the logs.

Any assistance would be greatly appreciated.

Thanking you in advance;

Crapgame

 

Last Log....

 

Hello http://www.bleepingcomputer.com/forums/public/style_emoticons/default/icon_hello.gif

I do not think this is a malware related problem as I am finding very little malware to remove. Let's try this first.

http://img853.imageshack.us/img853/6741/addremovexp.gif From Add/Remove Programs (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 29 <-- Only because you have the v7update1 version installed too.
• Windows Registry Repair Pro <-- Unless you paid for it and/or really like it, I would recommend uninstalling it. Programs like these often do more harm than good.

http://img716.imageshack.us/img716/4756/msmsg.gif Please download Disable/Remove Windows Messenger by Doug Knox to your desktop.

• See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif
• Double-click MessengerDisable.exe
• Place a check-mark in Uninstall Windows Messenger
• Click Apply
• Click Exit

MGtools.exe was not supposed to be run from here!
It is supposed to be in the root of your C:\ drive as explained here: Using MGtools

http://img38.imageshack.us/img38/7284/yse.gif Run C:\MGtools\analyse.exe by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Shut down your protection software now to avoid possible conflicts.
Note: This is actually Trend Micro HiJackThis - v2.0.4
Choose Do a system scan only and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

http://img839.imageshack.us/img839/3005/combofixicon.gif Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  • If it is not on your desktop, the below will not work.
• Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
• Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]DDS::[/COLOR]
Trusted Zone: mcafee.com
[COLOR="DarkRed"]Driver::[/COLOR]
Lbd
Lavasoft Kernexplorer
[COLOR="DarkRed"]File::[/COLOR]
C:\Documents and Settings\Home Office\Local Settings\Application Data\2hP38sy7qD86M
c:\windows\system32\DRIVERS\Lbd.sys
c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys
c:\windows\Tasks\Ad-Aware Update (Weekly).job
[COLOR="DarkRed"]FileLook::[/COLOR]
c:\windows\system32\drivers\eubakup.sys
c:\windows\system32\drivers\eufs.sys
[COLOR="DarkRed"]Folder::[/COLOR]
C:\Documents and Settings\Home Office\Local Settings\Application Data\Conduit
C:\Documents and Settings\Home Office\Local Settings\Application Data\ConduitEngine
C:\Documents and Settings\Home Office\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142010}
C:\Documents and Settings\Home Office\McAfee
c:\program files\Lavasoft

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

http://img685.imageshack.us/img685/3557/tdsskiller.gif Now we need to run TDSSKiller by Kaspersky
Follow the instructions here and attach your log when you are finished. (How to attach items to your post)


Please download MBRCheck by GeeksToGo to your desktop.
See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (Vista and Win7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (How to attach items to your post)

Please download Tweaking.com - Windows Repair by Tweaking.com to your desktop.

• See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif
• Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
• Now open this folder and double-click Repair_Windows.exe.
• Click the Start Repairs tab on the far right.
• Click Custom Mode so there is a bullet in it.
• Click the Start button (bottom right)
  Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
• Click Unselect All
• Put a checkmark in the following items:
  • Repair Internet Explorer
  • Repair Windows Updates
  Note: Leave everything else unchecked
• Put a checkmark in Restart System When Finished
• Now click the Start button (bottom right)

http://img822.imageshack.us/img822/6835/baticon.gif Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

Greetings thisisu:

Thanks so much for your assistance. Sorry for the delay in getting back to you, busy day yesterday. I started early yesterday morning on your instructions.

• Removed Java 6
• I kept Registry Repair Pro (yes I purchased it quite a few years ago)
• Removed Windows Messenger

Next I ran C:\MGTools\analyse.exe and fixed the three items in your post.

Next I copied, as instructed, the code and saved it on the desktop as: CFScript.txt. I dragged it on top of the ComboFix icon and ComboFix started to run, it updated and continued.

At that point in time I needed to head out for an appointment (all day thing). Upon my return, many hours later, I still had the blue box on the desktop (it was hung, no activity on the computer).

I rebooted and that is where I am now. Should I rerun ComboFix?

Thanks in advance for your help

CrapGame

 

Try re-running the CFScript given. Make sure you are disabling your Norton AV prior to running it. If it still continues to "hang" and you've waited an hour for it.. Continue to the next steps and try to finish those.

Make notes of what does not work, but attempt each and every step.

 

Greetings again thisisu:

Thanks again for your assistance. Sorry for the delay in getting back to you, cable went out yesterday....

I attempted again to run ComboFix to no avail, I let it run for 3hrs and it just hung again. I disabled Norton, both the firewall and anti-virus. I also disabled MalwareBytes.

I continued with your instructions, ran TDSSKiller, it found nothing, log attached.

I ran MBRCheck, all was well.

I downloaded the zip file for Tweaking.com and un-zipped it. When I attempted to run it started, it's window appeared and then disappeared. I attempted to run it again only to find that the repair_windows.exe file was gone. I deleted the file folder and zip file and downloaded it again from the second location. Un-zipped and attempted to re-run it, same result.

Next I ran C:\mgtools\getLogs.bat, it ran, log attached.

Thanks again for your assistance

Crapgame

 

http://img6.imageshack.us/img6/2163/avengerh.gif Please download The Avenger by Swandog46 to your desktop.

• See the download links under this icon: http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif
• Open avenger.zip and extract avenger.exe to your desktop
• Run avenger.exe by double-clicking on it.
• Click OK at the warning to continue to use The Avenger.
  Note: Do not change any of the check box options!
• Shut down your protection software now to avoid possible conflicts.
• Copy everything in the code box below, and paste it into the Input script here: text-field.
  
  Code:

  [COLOR="DarkRed"]Files to delete:[/COLOR]
  C:\Documents and Settings\Home Office\Local Settings\Application Data\2hP38sy7qD86M
  c:\windows\system32\DRIVERS\Lbd.sys
  c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys
  c:\windows\Tasks\Ad-Aware Update (Weekly).job
  [COLOR="DarkRed"]Folders to delete:[/COLOR]
  C:\Documents and Settings\Home Office\Local Settings\Application Data\Conduit
  C:\Documents and Settings\Home Office\Local Settings\Application Data\ConduitEngine
  C:\Documents and Settings\Home Office\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142010}
  C:\Documents and Settings\Home Office\McAfee
  c:\program files\Lavasoft
  

• Now click the http://img651.imageshack.us/img651/7710/avengerexec.png button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when The Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from The Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.
• Attach avenger.txt to your next message. (How to attach items to your post)

http://img822.imageshack.us/img822/6835/baticon.gif Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

 

Greetings thisisu:

Thanks again for your assistance.

Completed The Avenger and GetLogs.bat, logs attached.


Thanks once more....

Crapgame

 

http://img6.imageshack.us/img6/2163/avengerh.gif Fix some things with Avenger by Swandog46...

• Run avenger.exe by double-clicking on it.
• Click OK at the warning to continue to use The Avenger.
  Note: Do not change any of the check box options!
• Shut down your protection software now to avoid possible conflicts.
• Copy everything in the code box below, and paste it into the Input script here: text-field.
  
  Code:

  [COLOR="DarkRed"]Drivers to delete:[/COLOR]
  Lbd
  Lavasoft Kernexplorer
  

• Now click the http://img651.imageshack.us/img651/7710/avengerexec.png button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when The Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from The Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.
• Attach avenger.txt to your next message. (How to attach items to your post)

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

Greetings once more thisisu:

Thanks again for your assistance.

Completed The Avenger, log attached.

As far as IE8, usage peeks and reduces, seems better but I really won't know until a little more use. Can we keep this open a few days?

Thanks

Crapgame

 

The thread will remain open.

 

The thread will remain open.
Post whenever you have any new information / concerns.