TechSpot

Hello just joined and need some help please

By Billybeaker
Jun 20, 2005
  1. Hi i am from England and have just purchased a new PC. Pent 4 /3.6 mhz/400 g Hard drive.ati graphics x800. Within the last few weeks i have experenced temp freezes of the star menu and the task bar. checked the task manager and noticed big increase of processing power to explorer.exe. I have run all the normal adware and anti virus software. So i guess its explorer but i dont know how to repair it on xp (if thats what it is ) Have looked through many threads but just cant seem to find to fit. Your help would be much appreciated. Thank you
     
  2. AMD2800+

    AMD2800+ TS Rookie Posts: 51

    Tried emailing microsoft? Generally, they'll give you at least 25 solutions. I've always had problems with explorer.exe plus freezes of start menu & taskbar but never worried me, never done anything about it.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions carefully.

    When you have done that. Go HERE for instructions on how to post your Hijackthis log.

    You need to do this in order to rule out an infected(adware/spyware etc) system.

    Once we know that your system is clean, then we can offer other solutions to your problem.

    Regards Howard :wave: :wave:
     
  4. kol_indian

    kol_indian TS Rookie Posts: 316

    Hello and welcome to techspot :wave: :wave:

    try doing what howard says and i think that will solve the problem.
    between what antivirus software are u using, it might be hogging ur sytem as well.
     
  5. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +7

    Hi, pleased to meet you.
     
  6. Billybeaker

    Billybeaker TS Rookie Topic Starter

    Thank you for reply have followd your suggestions fully and can report a clean system from all of the programmes that i run per the thread in safemode no adware etc found. Hyjack this is as follows
    Logfile of HijackThis v1.97.7
    Scan saved at 16:20:56, on 21/06/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\system clean\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.evesham.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Br_ian
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: SpywareGuard.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk.disabled
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/

    i am running Norton anti virus 2005
     
  7. Billybeaker

    Billybeaker TS Rookie Topic Starter

    Thanks kol indian have run everything howard suggest and have found no problems.i have Norton anti virus 2005
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello Billybeaker.

    Sorry to disappoint you mate, but your version of Hijackthis is out of date. There fore your log isn`t complete.

    Go get the latest version from http://www.tomcoyote.org/hjt/

    Then post a fresh log as a text attatchment.

    Regards Howard :) :)
     
  9. Billybeaker

    Billybeaker TS Rookie Topic Starter

    hello again howard.
    Sorry i used the old hijackthis. now have used the new one from your link
    as follows
    Logfile of HijackThis v1.99.1
    Scan saved at 21:17:12, on 21/06/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\download\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.evesham.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Br_ian
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: SpywareGuard.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk.disabled
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Turnoff system restore. And boot into safe mode

    Let HJT fix the following.

    O4 - Startup: SpywareGuard.lnk.disabled
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk.disabled
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/ Only fix this if it`s not your pc manufacturer or part of your isp

    Once you have done the above, boot into normal mode and post another fresh HJT scan.

    Please post your HJT logs as a text attatchment, as per this link HERE.

    Regards Howard :) :)
     
  11. Billybeaker

    Billybeaker TS Rookie Topic Starter

    reply to howard_hopkinso

    Thanks again for taking the time to reply.
    have re run hjt in safe mode and complted instructions. hjt txt attached.
    www.evesham is my PC manufacturer.
    All of PDF entries i did clear but they have come back guess i need them ?
    Regards
    :giddy:
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Let HJT fix these entries in normal mode.

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119388497312
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} -

    Once done your system is clean. Turn system restore back on.

    Regards Howard :) :)
     
  13. Billybeaker

    Billybeaker TS Rookie Topic Starter

    Thank you Howard.
    Have completed your instruction and now have a clean system.
    Sorry to be a pain but will this sort out or help with my orginal problem ie the start button and all the programme entries freezeing to a large blank grey box. then the cpu rate increases fan races and then it all settles down until the next time ( many times a day). The task man shows increase activity in explorer.exe.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t know is the short answer.

    Have you tried doing a repair install of windows as per this thread HERE

    Regards Howard :)
     
  15. Billybeaker

    Billybeaker TS Rookie Topic Starter

    Thanks i might try that. However since removing the hjt entry for DPF cannot use windows update. It comes back with error code Error number: 0x80245003 tried looking on the net and here but nothing works. can u help please
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes. Right click my computer. and select manage.

    Click on the little + next to services and applications and click on services.

    Maximise the window and look for the automatic update service. Right click on it and select properties. Under startup type choose automatic. Click apply, and ok.

    Now close the window. You should now be able to use the Windows updates tool.

    Regards Howard :) :)
     
  17. Billybeaker

    Billybeaker TS Rookie Topic Starter

    Thanks howard but it the auto update via services was already in place. still no joy with windows update. will try to search through ms but they just keep saying no ref to such error code (ITS THERE ERROR CODE). Thanks for helping
     
  18. Billybeaker

    Billybeaker TS Rookie Topic Starter

    just to let u know that have solved the problem here is the link http://support.microsoft.com/newsgr...b-74c8-49c7-8c83-92c6098f9589&exp=&sloc=en-US.
    i followed the follwing instruction and it now all works again
    On the Start/Run line enter: net stop wuauserv

    Open Explorer and Delete these folders:
    ..\WINDOWS\SoftwareDistribution\SelfUpdate
    ..\WINDOWS\SoftwareDistribution\WebSetup
    ..\WINDOWS\SoftwareDistribution\WuRedir
    ..\WINDOWS\SoftwareDistribution\AuthCabs
    ..\WINDOWS\SoftwareDistribution\DataStore
    ..\WINDOWS\SoftwareDistribution\Download

    On the Start/Run line enter: net start wuauserv

    Restart the computer, being sure you log in with an account that has
    full Administrator privileges. Then open one instance of IE and give
    the Windows Update site another try.
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Good news mate. I`m glad you got it sorted.

    Thanks for letting us know.

    regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...