Crazy Bug or???, Right click on Taskbar gives me cpu hog on Explorer.exe
-
Crazy Bug or???, Right click on Taskbar gives me cpu hog on Explorer.exe
Motherboard is Asus p4p8000, recently I replaced my old 2 GHz Northwood with this new P4 2.4c, but Huston we have a problem, some-thing is wrong with Major Tom.
Strange things happen, because when I right click on taskbar section or on quick Launch section, Cpu time goes up to 10-30% for explorer.exe and if I do something like watching movie, I will get (if I do right click normally) pause for a second , or some kind of memory or CPU hog.
If I constantly repeat this right click, on taskbar, I can watch cpu times goes like this, 1-2 clicks 20-30%, 3-4-5 clicks 60-70%, 6-7-8 clicks gives me 90-99% and if I just continue to click on right mouse its constantly on 99% and its all on explorer.exe.
Something utilize explorer.exe on right click but what ,where can I find section in registry which is responsible for right mouse clicks and right mouse button menu ore something for desktop ,Active X or God ask what. I don't know what to blame.
Windows 2000 pro Sp4 ,Asus Motherboard p4p800, P4 2.4c, HT disabled, 1gb, Gainward fx56000 with starstorm detonators 56.67 ex, Audigy 2 NX with latest drivers , Intel chip set with latest driver.
I did sfc check and I replaced all files suspicious by Windows protection , I reinstalled Service Pack 4 , I did reinstall NVIDIA detonators, I reinstalled Intel chipset driver , I reinstalled Direct X 9, I tried with IE6 repair process ,I tried with Office 2003 reinstall or repair , I tried with registry cleaners...........
on Microsoft
I uninstalled all suspicious freeware utilities, I checked my system with latest Nod32 definitions, and I checked everything with Spybot 1.3 , I tried with PestPatrol and nothing.
All is clear but problems remains.
Please, look on my images.
-
Logfile of HijackThis v1.97.7
Scan saved at 5:20:59 AM, on 6/6/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\KenCast\Fazzt\bin\FDDSTray.exe
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINNT\system32\internat.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\WINNT\system32\taskmgr.exe
C:\wincmd_551\TOTALCMD.EXE
C:\PROGRA~1\KenCast\Fazzt\bin\FazztSrv.exe
C:\Program Files\EON File Fetch Manager\eonffm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\London11\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 218.145.25.80:8080
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [FDDSTray] C:\PROGRA~1\KenCast\Fazzt\bin\FDDSTray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with EON - C:\Program Files\EON File Fetch Manager\eoncatchall.html
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with EON - C:\Program Files\EON File Fetch Manager\eoncatch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Selected URL - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\opense lectedurl.htm
O8 - Extra context menu item: Search &Google - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\google .htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O12 - Plugin for .exe: C:\Program Files\Opera75\PLUGINS\NPFgc1.dll
O12 - Plugin for .nfo: C:\Program Files\Opera75\PLUGINS\NPFgc1.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .zip: C:\Program Files\Opera75\PLUGINS\NPFgc1.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E696AD82-60C8-42CD-8DC7-58C13CB3426A}: NameServer = 212.124.160.1 212.124.160.2
-
CWShredder v1.59.0 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Windows 2000 (5.00.2195 SP4)
Windows dir: C:\WINNT
Windows system dir: C:\WINNT\system32
AppData folder: C:\Documents and Settings\London11\Application Data
Username: London11
Infected Registry value:
HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch
Infected data: http://www.sharempeg.com/find/
Found Hosts file: C:\WINNT\system32\drivers\etc\hosts (19 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINNT\system32\userinit.exe,
Found Win.ini file: C:\WINNT\win.ini (391 bytes, A)
Found System.ini file: C:\WINNT\system.ini (281 bytes, A)
- END OF REPORT -
-
For XP,XP64,2003 look at this link http://support.microsoft.com/default...b;en-us;819946
For now I found 76 users around (for just 2h) the world with same problem or those who are willing to try to reproduce this bug on Win2000, its a BUG and for now there is no solution and we, as a users of windows 2000 are not documented as a BUG on Microsoft Knowledge Base.
Its a shame.
If you try to reproduce this bug on windows 2000, try to click on taskbar when you play a movie in media player, you will see some pause or try really fast to click with right mouse on taskbar you will notice 99% on Explorer.exe.
