Possible Spyware CPU running at 100%

Is ping.exe in the system32 folder? Is there also a ping.com?

 

Hi,
I was not aware of the difference or of it's location (system32 folder), but will scope it out...If I do find them I'll guess that's good and if I don't than maybe that explains the reply I got when I tried the ping method ??? I won't be able to post back till late this afternoon...

 

Hi,
The question I have is, do you thiink upgrading this computer from Windows Xp to Windows Pro will be a good idea instead of going thru all this mess ???

 

Upgrade ........ no. It will carry over problems with it. Format and clean install ........ never hurt anything

 

Hi,
Okay, here's what has and has not been accomplished...
(1) Corrected the Enviro Variable
(2) Ping yahoo again and got 4 replys (forgot to add ping before address the last time I posted a not recognized internal or external command reply was given...sorry about that).
(3) Add/Remove: Removed Yahoo companion (have not reinstalled it yet)
(4) Trendmicro virus scan: would not download due to a security exception error message that came up to do with java security).
(5) Panda Virus scan: would not download due to three possible causes which were (a) problem with internet connection, (b) not allowing active x, (c) lack of disk space...
(6) Defrag: would not allow defrag to be done due to "MMC cannot open the file C:\WINDOWS\system32\dfrag.msc

 

Uninstall all Java listings in Add/Remove, then get the latest from Sun Java.

Try running C:\WINDOWS\system32\dfrg.msc (you can paste that in the run line)
Where were you trying to access defrag when you got that message?

 

Hi Noahdfear,

I downloaded the sun java and it installed successfully but I did forget to uninstall the previous version first...

Yes I did get the defrag message when I try to run it both in normal mode and safe mode...I will try the run box suggestion now...It says it cannot open the file because it may not exist...

Also, when I tried to download Trendmicro and Panda there are problems with them both...So I attempted to run the AVG and it failed to load because the AVGctrl.dll was not found...

This just seems to get more complicated as we roll along...

 

Did you do the search for HOSTS?
Can you access yahoo.com yet?

Click Start>Run, type cmd then hit enter to open a command window.
Type defrag c:\ -a and hit enter. XP should think a bit then return an analysis of the disk. Let us know the results.

Re-install AVG and see if it again works, after a reboot.

 

Noahdfear,

(1) I uninstalled AVG.

(2) I followed your steps to defrag and the response was "defrag is not recognized as an internal or external command ".

(3) Ran sfc /scannow again with no problems reported.

(4) Went to kellys-korner and downloaded "restore defrag.exe with no luck.

 

Noahdfear,

I ran "chkdsk" from the run box and it went through all three stages (verifying files, verifying indexes and verifying security descriptors) with no problems. I will try your other recommendations in safe mode (defrag c:\ -a)...

 

Just out of curiosity, what did you do with the defrag fix from kellys-korner? You should have extracted the file and placed it in C:\Windows\system32, then tried the command again.

 

Noahdfear,

I don't recall at the moment but something tells me it did not go to the location you mentioned...

As for trying "C:\Windows\system32\dfrg.msc" in safe mode via the run box appears to have been the trick to do...Defrag is up and running...I think it's going to be awhile before the outcome is known...So I will post the results in the morning...Once again I thank you for your assistance...I have been at this computer for almost 9 straight hours today and I'm exhausted...

 

Good to hear it's running. Just make sure that defrag.exe is present in the system32 folder. Pretty sure that dfrg.msc still relies on the presence of defrag.exe there, but make sure anyway.

Get some rest

 

I would like you to do one other thing tomorrow too .... bothers me that the defrag c:\ -a command didn't work. Open a command prompt and type set then hit enter. List the entire contents of the entry named Path (might be several lines).

 

Noahdfear,

Good Morning...I will check on your last in a little bit and here's the update:

(1) Defrag ran for approx two hours last night but when I try to run it in Normal mode it still won't run...
(2) Also, when I click on Microsoft Updates, the only one that fails to install is "Realtek AC 97 Audio Intel graphics controller" "...
(3) AVG was reinstalled and found no threats but it causes the CPU to run at 100%...I have to end task each entry in-order to reduce the CPU usage...
(4) The Intenet takes a minute or two to pop up but once it does, it puuurs like a kitten...
(5) The computer boots up fine and shuts down with no problems...

 

Hi TonyT,
Okay on that but I'm kind of at the point where I am out of options...I have applied all my knowledge with a little help from you and Noahdfear and I'm not finding the problem which will make it harder for me to explain to the owner of this computer what's wrong when I don't even know...I have put approx 36 hrs into this computer and it's down to two problems that appears to have us on the run...The yahoo issue seems to be a very common one and one that yahoo has been of no help to anyone on fixing it, atleast that's what I am under the impression from searching thru google...The CPU issue is more than mind boggling because all the scans are coming up empty and it's still a big headache espicially when AVG is installed (which has been uninstalled and installed 3 times already)...I feel like a row boat out in the middle of the Pacific Ocean with no oars and relying on the tide to take me where ever (that is a reflection upon myself only because I'm out of options). So I will do my best to hang in there a little longer before throwing in the towel...

 

Certainly not out of options yet ......

1. Please, let me know the results of a search of the drive for HOSTS
2. Please post the info for the Path entry after typing set in a command window
3. Please enter the following IP address in the address field of IE and tell me what you get after clicking Go.
69.147.114.210
4. Download Combofix, saving it to your desktop.
Double click combofix.exe Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post the contents of that log in your next reply, along with a new HijackThis log (if needed break it up into two or more posts).

 

Noahdfear

Sorry for the delay in getting back to you:
(1) typed ip address: 69.147.114.210 and it took me to the Yahoo home page.
(2) typed "Set" in the command window and here are the results:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Owner>set
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-XB2X7J77GN
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-XB2X7J77GN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:/WINDOWS/system32/rundll32.exe CROGRA~1\Yahoo!\Common\yammapi.dll
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-XB2X7J77GN
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

C:\Documents and Settings\Owner>

 

Page 2 (of Set command)


C:\Documents and Settings\Owner>Microsoft Windows XP [Version 5.1.2600]
'Microsoft' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>(C) Copyright 1985-2001 Microsoft Corp.
Copyright was unexpected at this time.

C:\Documents and Settings\Owner>
C:\Documents and Settings\Owner>C:\Documents and Settings\Owner>set
'C:\Documents' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>ALLUSERSPROFILE=C:\Documents and Settings\All Us
ers
'ALLUSERSPROFILE' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>APPDATA=C:\Documents and Settings\Owner\Applicat
ion Data
'APPDATA' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>CLIENTNAME=Console
'CLIENTNAME' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>CommonProgramFiles=C:\Program Files\Common Files

'CommonProgramFiles' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>COMPUTERNAME=YOUR-XB2X7J77GN
'COMPUTERNAME' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>ComSpec=C:\WINDOWS\system32\cmd.exe
'ComSpec' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>HOMEDRIVE=C:
'HOMEDRIVE' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>HOMEPATH=\Documents and Settings\Owner
'HOMEPATH' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>LOGONSERVER=\\YOUR-XB2X7J77GN
'LOGONSERVER' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>NUMBER_OF_PROCESSORS=1
'NUMBER_OF_PROCESSORS' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>OS=Windows_NT
'OS' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>Path=C:/WINDOWS/system32/rundll32.exe CROGRA~1
\Yahoo!\Common\yammapi.dll

C:\Documents and Settings\Owner>PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.
WSF;.WSH
'PATHEXT' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>PROCESSOR_ARCHITECTURE=x86
'PROCESSOR_ARCHITECTURE' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepp
ing 9, GenuineIntel
'PROCESSOR_IDENTIFIER' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>PROCESSOR_LEVEL=15
'PROCESSOR_LEVEL' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>PROCESSOR_REVISION=0209
'PROCESSOR_REVISION' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>ProgramFiles=C:\Program Files
'ProgramFiles' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>PROMPT=$P$G

C:\Documents and Settings\Owner>SESSIONNAME=Console
'SESSIONNAME' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>SystemDrive=C:
'SystemDrive' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>SystemRoot=C:\WINDOWS
'SystemRoot' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
'TEMP' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
'TMP' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>USERDOMAIN=YOUR-XB2X7J77GN
'USERDOMAIN' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>USERNAME=Owner
'USERNAME' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>USERPROFILE=C:\Documents and Settings\Owner
'USERPROFILE' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>windir=C:\WINDOWS
'windir' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Owner>
C:\Documents and Settings\Owner>C:\Documents and Settings\Owner>