[stevebo]

Hi,
I hope this is the correct place to post this. I have posted HijackThis logs here twice and both times my system was pronounced "clean".

However, my system is unbelievably slow. Ctrl-Tab will often close the active window and show the underlying blue window with the application name for a second before switching to the next window for display.

I strongly suspect it's explorer.exe (no caps) that's slowing performance since it's so high in Task Manager. So many cycles are used that the fan goes almost continually. Almost any application, including spy software runs very slowly.

It was suggested that my PC was fine and this is normal, but I have another machine that's 2 years older with much fewer resources that runs much faster.

What information would you need from me in order to diagnose and fix this? The HJT logs are normal, I'm told.

Thanks,
Steve

[Advertisements]

Hello Steve and welcome back to Geeks To Go

Let's try a tune up first of all.

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2006 Trial It is a 30-day free trial.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable your anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running after the reboot.

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor

Now please download this file: combofix.exe to your Desktop

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[Crustyoldbloke]

Hello Steve and welcome back to Geeks To Go

Let's try a tune up first of all.

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2006 Trial It is a 30-day free trial.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable your anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running after the reboot.

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor

Now please download this file: combofix.exe to your Desktop

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[stevebo]

Start Time= Mon 07/10/2006 23:04:32.89
Running from: C:\Documents and Settings\SSilberberg\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-10 22:10:02 ( .D... ) "C:\Program Files\TuneUp Utilities 2006"
2006-07-10 22:10:02 ( .D... ) "C:\Documents and Settings\SSilberberg\Application Data\TuneUp Software"
2006-07-10 22:08:36 ( .D... ) "C:\Program Files\Common Files\Wise Installation Wizard"
2006-07-10 09:46:22 90352 ( A.... ) "C:\Documents and Settings\SSilberberg\Application Data\GDIPFONTCACHEV1.DAT"
2006-06-28 18:04:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-06-28 15:38:48 ( .D... ) "C:\Program Files\Trojancheck 6"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\SYSTEM32\WgaLogon.dll"
2006-05-29 18:51:08 ( .D... ) "C:\Program Files\Rapid CSS 2006"
2006-05-29 18:51:08 ( .D... ) "C:\Documents and Settings\SSilberberg\Application Data\Blumentals"
2006-05-26 10:13:14 ( .D... ) "C:\Program Files\Windows Live Safety Center"
2006-05-23 13:35:40 ( .D... ) "C:\Program Files\BackupNow"
2006-05-17 11:47:18 ( .D... ) "C:\Program Files\Iarsn"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-06-29 05:19 1,073,213,440 C:\hiberfil.sys
2006-06-13 09:39 185,344 C:\WINDOWS\system32\Thawbrkr.dll
2006-06-13 09:39 10,752 C:\WINDOWS\system32\c_iscii.dll
2006-06-13 09:38 6,144 C:\WINDOWS\system32\ftlx041e.dll
2006-06-13 09:38 5,632 C:\WINDOWS\system32\kbdusa.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"PCTVOICE"="pctspk.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"DadApp"="C:\\Program Files\\Dell\\AccessDirect\\dadapp.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"vptray"="C:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\vptray.exe"
"nwiz"="nwiz.exe /installquiet"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"bcmwltry"="bcmwltry.exe"
"RemoveCpl"="RemoveCpl.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: Mon 07/10/2006 23:04:55.87
ComboFix ver 06.07.08 - This logfile is located at C:\ComboFix.txt

[Crustyoldbloke]

Hello again Steve

Well the ComboFix log shows no malware, so please post a fresh HJT log from normal mode and I'll take another look.

[stevebo]

Logfile of HijackThis v1.99.1
Scan saved at 10:15:24 AM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\mssearch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.l...lscbase5059.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = acadian-asset.com
O17 - HKLM\Software\..\Telephony: DomainName = acadian-asset.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = acadian-asset.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.0.0.210 192.0.0.180
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = acadian-asset.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.0.0.210 192.0.0.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.0.0.210 192.0.0.180
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Crustyoldbloke]

That is a clean HJT log. What exactly is the problem you are experiencing?

[stevebo]

After I did all the system cleaning you recommended, my system was GREAT once again. I could type and characters would appear as I typed them. I could click a scroll bar and the window would scroll. Unbelievable!

But now the system is back to its old problems. explorer.exe is still showing up high in the process list. And now iexplore.exe is doing the same. The CPU is pegged a lot of the time and the fan runs continuously. I'm thinking of buying a new computer because this is so frustrating, only I'm not certain it wouldn't happen again.

It might be Google Desktop or Roboform, but who knows?

What would you do in this case (besides kill myself?)

Steve

[Crustyoldbloke]

Hello again

Don't kill yourself, if you do you will never know if how it all ended.

Let's have a look at what you said.

But now the system is back to its old problems. explorer.exe is still showing up high in the process list. Why should that be a problem. If you double click the title IMAGE NAME they will get sorted into alphabetical order. Does that make you feel better?

And now iexplore.exe is doing the same. Try previous suggestion. It should be a third of the way down the list now.

The CPU is pegged a lot of the time and the fan runs continuously. I don't know what "pegged" means but it should run always unless it is configured only to run at certain temperatures. I am in the northern hemisphere, so it is now summer and the CPU fan had better run or the CPU will be in danger, but generally, the operating system will just shut down if it gets too hot.

I'm thinking of buying a new computer because this is so frustrating, only I'm not certain it wouldn't happen again. If you do, could I offer to pay for shipping of your old one to the UK and I'll have it? It will save you the problem of taking it for recycling.

[stevebo]

I don't know. Does this seem normal to you?
.

If so, you may soon have a free computer!

I wasn't doing anything special while this was going on. Maybe Skype uses too many resources. Thanks for all your help so far.

Steve

[Crustyoldbloke]

You have hit the nail on the head, Skype uses virtually all resources especially in talk mode. I have a 4 Mb connection and I was chatting to a friend in France. I tried to send him a photo of a car and I was amazed to see the transfer speed. After a few minutes and the transfer being 12% complete, we decided to hang-up and allow the file transfer to complete. Two seconds later I called him back.

I really do think you are worrying unnecessarily, but if you really do want to get rid of the PC, my offer stands.

[stevebo]

I disabled Skype, but when I browse, the CPU is still running at 100%. Even when I walk away and do nothing, many cycles are being used. I know the Task Manager itself uses memory, but it seems like a lot.

I hope you're not sorry you responded to me, as I hope I'm not being a pain.

Steve

[Crustyoldbloke]

Very often this 100% CPU usage is due to a corrupt index.dat file, which is not easy to delete manually. The easiest way is to let an auto cleaning programme do it for you.

Download : Ccleaner

Ensure there is a check mark or tick in the box marked index.dat under Internet Explorer and the same for temporary files under system. All other boxes should be clear for this fix.

Now click Run Cleaner

Reboot normally.

Did that fix the problem?

No? Continue

OK, here's what to do. Start your browsing/surfing as usual. Right click on a spare part of the taskbar and open Task Manager so that the running processes are showing, then quickly click PrintScrn and post the screen shot.

I will need to know the RAM size of your PC.

You could also look into your Start-Ups, you'll find a list of them in Ewido, under Analysis > AutoStart.

You could also watch the running processes for a while and note what is peaking.

Depending upon what type of firewall you are using, you could examine the log and see what is causing it.

If you are using Windows built-in fire wall, please disable it and install a good two-way one, perhaps http://www.personalf...all.comodo.com/ this one.

Edited by Crustyoldbloke, 12 July 2006 - 08:46 AM.

[stevebo]

Ccleaner.exe seemed to work -- for about an hour or two. Then the problem returned, so I ran Ccleaner again and it did not work.

The tasks that rise to the top of Task Manager are taskmgr.exe, outlook.exe, explorer.exe, iexplore.exe, skype.exe, even robotaskbaricon.exe.

Closing Skype doesn't help much. I still think explorer.exe is the problem, or at least one of them. I don't even know what it is, but I've heard it gets hacked into somehow and uses all sorts of memory.

By the way, I believe I have 1GB of ram.

Any ideas? I've been traveling, and am going out of town again for a week, so I'm sorry for the sporadic correspondence.

Thanks,
Steve

[Crustyoldbloke]

Hello again Steve

Please visit Kaspersky using Microsoft Internet Explorer, for an online scan. Please select extended in the scan settings option; you will find it to be the second option from the top. Please post the Kaspersky log in your reply

[stevebo]

Hi again Mr. Crustyoldbloke,

I started a Kaspersky scan. It has been running almost 9 hours and is only 33% finished.

It has found 5 viruses and 23 infected objects.

It may be running slowly because my system is so slow to begin with.

If I stop the scan, will I be given the option to clean these viruses or does Kaspersky have to run to completion?

Thanks,
steve