PC Pals Forum
Technical Help & Discussion => Windows PCs & Software: Help, News & Discussion => Topic started by: Robotochan on February 22, 2004, 13:34
-
I started up my computer this morning a lo and behold I can't open any folders. When I try the folder doesn't open and Explorer uses up 100% of the CPU power. Now I've run up to date antivirus, ad aware and spybot but they haven't found anything ???
-
I presume you are using XP Robo? If so, have a look in the Event Viewer to see if there is anything interesting going on.
Also, open up task manager, click the processes tab and click the CPU column which is displayed. This will sort the processes into order of cpu load, normally with the System Idle Process at the top. The next procezs down will probably be the one causing your high cpu load.
-
Yeah I am using XP. No idea where Event Viewer is ;D and it's Explorer using up ALL my CPU % :-\
-
Event viewer can be found by clicking Start, click Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Event Viewer. Anything untoward will be highlighted with a red exclamation mark.
-
One problem with that is that I can't open Control Panel :-\
-
Can you open folders in safe mode Robo ?
You may be able to find the fault and rectify it in there in that case, and the event viewer is available in safe mode, I think too :)
-
The easiest way to find Event Viewer is to right click the My Computer icon on your desktop (assuming you put one there), and select Manage. ;)
-
I looked at event viewer and there doesn't seem to be anything wrong there. However 2 pop ups keep apearing out of nowhere ::)
Heres a pic of my tasks:
-
Robo, try running that program that Dack likes, that Hijack thing, there are a few links to it on Pals.
It definitely shows something running at 99% cpu in explorer so that may point you in the right direction ???
-
Also, is there anything in the Applications tab in the Task Manager you don't recognise, or anything iffy in Start > Run > Msconfig > Startup you could try disabling? It sounds like you've been had by something nasty, Robo. >:(
-
have you tried shutting down and restarting explorer?
-
Well nothing out of the ordinary loads up at startup and it doesn't show. Have tried many times to shut down and start explorer but same thing happens. Strange thing is that Safe Mode I can do anything :-\
-
That shows that its definately loading some program/s when it loads windows fully Robo :(
Get that Hijack This and run it and then check the forum that it tells you to do, after you have run it, as I think Dack is stateside for a week, so he wont be able to interpret it for you as he usually does :)
-
http://hjt.wizardsofwebsites.com/ is that the program?
-
Yes thats the one Robo, give it a try and I think it has some info in the program of where to post the results so that the experts can identify which bits need removing for you :)
-
Heres The Screenshot, not sure about the highlighted program
-
The File Highlighted Seems Strange, all it's info is strange like
Company: asdf
Original File Name: load.exe
-
If you run Hijack This, you can copy the whole log to notepad, then paste it onto here, Robo. I think that's what would be most useful. :)
-
Logfile of HijackThis v1.97.7
Scan saved at 15:07:38, on 24/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Stuff\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C60A98B-F6CE-4E93-A3AF-20006FD8775E} - C:\WINDOWS\nA4T8K.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38038.2110069444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCDE9BAD-B35B-4CFE-A899-3EE5C0915EEA}: NameServer = 195.92.195.94 195.92.195.95
-
Hi Robo, we really need Dack to interpret the results but hes away at the moment :(
Doesnt that program have something in it that gives a website to post your log on for the experts on there to tell you which/if any is causing a problem as it looks fairly normal to me ???
-
Robo, check this (http://www.computing.net/security/wwwboard/forum/9648.html) out. It's a similar problem. Towards the bottom of the thread, the guy suggests deleting a 'random dll'. I notice in your Hijack This list, you have a similar item:
O2 - BHO: (no name) - {6C60A98B-F6CE-4E93-A3AF-20006FD8775E} - C:\WINDOWS\nA4T8K.dll
I've had a search, and can't find it anywhere on the net. The guy goes on to say:
I would delete the line in HijackThis (making sure you have it set to take a backup of the line first, just in case things go pear-shaped) and re boot.
If this fixes it, delete [random dll] and you're done.
Don't know if that will help, but it might be a while before Dack is back with us.
-
;D ;D ;D ;D That Done the trick ;D Cheers Ya'all ;D
-
:hatoff:
-
Nice one simon!! ;)