Explorer.exe using CPU time on idle

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

After a slow down on performance (notabily games) I noticed that the
Explorer.EXE process on Task Manager is using CPU cycle times when the
computer is on idle (no open programs, disabled anti-virus, etc...). It shows
up to 72% CPU peak use, on regular intervals (aprox. 8secs). I´ve scanned my
computer with anti-virus software(NOD32, Trend...) and anti-spyware
(ad-aware, SpyBot, Microsoft AntiSpyware) and the computer is clean.
Microsoft adresses this problem on it's knowledge base, but the SP2 should
solve the problem. My Xp is running the SP2 for a long time know( before the
problem) and I don't think this is the case. does anyone know why is this
happening? Does anyove have a fix? Please, help me before I format the hole
thing...

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

The Advanced Tools menu in MSantispyware has a "Browser Hijack Settings Restore" that might help.

--

Mark L. Ferguson
FAQ for MS Antispyware version 1.0.509
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
..
"Rogerito" <Rogerito@discussions.microsoft.com> wrote in message news:6F660AE6-3DE8-443F-8A78-6E39A7B758E4@microsoft.com...
> After a slow down on performance (notabily games) I noticed that the
> Explorer.EXE process on Task Manager is using CPU cycle times when the
> computer is on idle (no open programs, disabled anti-virus, etc...). It shows
> up to 72% CPU peak use, on regular intervals (aprox. 8secs). I´ve scanned my
> computer with anti-virus software(NOD32, Trend...) and anti-spyware
> (ad-aware, SpyBot, Microsoft AntiSpyware) and the computer is clean.
> Microsoft adresses this problem on it's knowledge base, but the SP2 should
> solve the problem. My Xp is running the SP2 for a long time know( before the
> problem) and I don't think this is the case. does anyone know why is this
> happening? Does anyove have a fix? Please, help me before I format the hole
> thing...

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Thank you for the help, but as I said the CPU use peaks problem is not with
the iexplorer.exe (Internet Explorer) but with Explorer.EXE (GUI, task bar,
desktop...) anyway, I've already tried what you just said with no results.
Thanks anyway. anyone else?

"Mark L. Ferguson" wrote:

> The Advanced Tools menu in MSantispyware has a "Browser Hijack Settings Restore" that might help.
>
> --
>
> Mark L. Ferguson
> FAQ for MS Antispyware version 1.0.509
> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
> marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
> ..
> "Rogerito" <Rogerito@discussions.microsoft.com> wrote in message news:6F660AE6-3DE8-443F-8A78-6E39A7B758E4@microsoft.com...
> > After a slow down on performance (notabily games) I noticed that the
> > Explorer.EXE process on Task Manager is using CPU cycle times when the
> > computer is on idle (no open programs, disabled anti-virus, etc...). It shows
> > up to 72% CPU peak use, on regular intervals (aprox. 8secs). I´ve scanned my
> > computer with anti-virus software(NOD32, Trend...) and anti-spyware
> > (ad-aware, SpyBot, Microsoft AntiSpyware) and the computer is clean.
> > Microsoft adresses this problem on it's knowledge base, but the SP2 should
> > solve the problem. My Xp is running the SP2 for a long time know( before the
> > problem) and I don't think this is the case. does anyone know why is this
> > happening? Does anyove have a fix? Please, help me before I format the hole
> > thing...
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

You might be seeing the bug in MSantispyware that creates a very large error.log file, and burns CPU cycles with it's 'real time
protection'

--

Mark L. Ferguson
FAQ for MS Antispyware version 1.0.509
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
..
"Rogerito" <Rogerito@discussions.microsoft.com> wrote in message news:CAEDA886-DAD6-4DE8-836D-519BC96A89D1@microsoft.com...
> Thank you for the help, but as I said the CPU use peaks problem is not with
> the iexplorer.exe (Internet Explorer) but with Explorer.EXE (GUI, task bar,
> desktop...) anyway, I've already tried what you just said with no results.
> Thanks anyway. anyone else?
>
> "Mark L. Ferguson" wrote:
>
>> The Advanced Tools menu in MSantispyware has a "Browser Hijack Settings Restore" that might help.
>>
>> --
>>
>> Mark L. Ferguson
>> FAQ for MS Antispyware version 1.0.509
>> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>> marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
>> ..
>> "Rogerito" <Rogerito@discussions.microsoft.com> wrote in message news:6F660AE6-3DE8-443F-8A78-6E39A7B758E4@microsoft.com...
>> > After a slow down on performance (notabily games) I noticed that the
>> > Explorer.EXE process on Task Manager is using CPU cycle times when the
>> > computer is on idle (no open programs, disabled anti-virus, etc...). It shows
>> > up to 72% CPU peak use, on regular intervals (aprox. 8secs). I´ve scanned my
>> > computer with anti-virus software(NOD32, Trend...) and anti-spyware
>> > (ad-aware, SpyBot, Microsoft AntiSpyware) and the computer is clean.
>> > Microsoft adresses this problem on it's knowledge base, but the SP2 should
>> > solve the problem. My Xp is running the SP2 for a long time know( before the
>> > problem) and I don't think this is the case. does anyone know why is this
>> > happening? Does anyove have a fix? Please, help me before I format the hole
>> > thing...
>>
>>
>>

 

[frodo]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

get HiJackThis and generate a report. Look it over carefully. Anything
wierd or that you don't understand then do a google on it for further
info.

http://www.spywareinfo.com/~merijn/downloads.html

It's normal for explorer.exe to use a TAD of cpu when idle, but no more
than 1-2 percent. Do you have only a single instance, or two? Two is OK,
if you have "launch in a seperate process" checked in Folder Options |
View. [There are two different seperate process reg settings actually,
google for "XP Seperate Process" to learn more].

Get a rootkit revealer and verify you're clean, then search for all copies
of explorer.exe. Verify version numbers and validity. A process explorer
tool might also help id exactly what your wayward explorer.exe is doing.
Both here:

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Sysinternals also has other valuable tools for tracking registry and file
usage, etc.

Good Luck.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Thank you for your help. I downloaded the Process Explorer from Sysinternals
and (I'm new to this tool, so...) Under the explorer.exe (the only instance)
I found one thred that is the one causing the peaks on the cpu. It shows up
green briefely before disapering in red: it's pctrba.tmp in
c:\windows\AppPatch. This file does not exist in this directory or anywhere
in my machine, for the fact. There were two pctrba, one .bak and another .ini
in this directory that I deleted. Now, when I change the Process Explorer to
show dlls under explorer.exe, there´s another one (that exists on
c:\windows\AppPatch) named abrtcp.dll who also is accessed when CPU peaks
(about 20% ~30% CPU use). This one I can't delete, the message says it's in
use by another aplication. Does this makes sense? What is this dll for?
Should I remove and how??? Thank you very much for replies
p.s.: for the record, I'm on a XPsp2 . The sp2 I uninstalled then
reinstalled again. Security center, Anti-virus are disabled for now. Only
firewall working.

"frodo@theshire.org" wrote:

> get HiJackThis and generate a report. Look it over carefully. Anything
> wierd or that you don't understand then do a google on it for further
> info.
>
> http://www.spywareinfo.com/~merijn/downloads.html
>
> It's normal for explorer.exe to use a TAD of cpu when idle, but no more
> than 1-2 percent. Do you have only a single instance, or two? Two is OK,
> if you have "launch in a seperate process" checked in Folder Options |
> View. [There are two different seperate process reg settings actually,
> google for "XP Seperate Process" to learn more].
>
> Get a rootkit revealer and verify you're clean, then search for all copies
> of explorer.exe. Verify version numbers and validity. A process explorer
> tool might also help id exactly what your wayward explorer.exe is doing.
> Both here:
>
> http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
>
> http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
>
> Sysinternals also has other valuable tools for tracking registry and file
> usage, etc.
>
> Good Luck.
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

hello again
This is my Hijackthis log file:


Logfile of HijackThis v1.99.1
Scan saved at 21:25:06, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\KYE\Genius NetScroll Optical Mouse\mouseElf.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rogerio\Meus documentos\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ww1.sao.terra.com.br/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ww1.sao.terra.com.br/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -
C:\WINDOWS\AppPatch\abrtcp.dll
O4 - HKLM\..\Run: [mouseElf] C:\Arquivos de programas\KYE\Genius NetScroll
Optical Mouse\mouseElf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel -
res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Criar 'Favorito móvel' -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
O9 - Extra 'Tools' menuitem: Criar 'Favorito móvel'... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de
programas\Messenger\msmsgs.exe
O14 - IERESET.INF:
SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.08.43&unknown&unknown&http://www.toyota.com/vehicles/2005/prius/key_features/pc/index.html
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101236142125
O20 - Winlogon Notify: abrtcp - C:\WINDOWS\AppPatch\abrtcp.dll
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated -
C:\WINDOWS\System32\ATMsrvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. -
C:\Arquivos de programas\Executive Software\DiskeeperLite\DKService.exe


As you can see on entries 02 and 020 there's that dll I mentioned before,
abrtcp.dll, that nobody knows what is it. I'm sure that's the bug responsible
for the problem (as it shows up in the explorer.exe task) but I just can't
get rid of it. No anti-spyware or anti-virus seems recognize this as a bug,
there're no mentions on google and I just can't delete from my system
(hijackthis couldn't and if I start windows in safe mode, I can't either). So
the prize question is: how can I remove this dll? Are thre any programs good
for that? Should I look for any other software in my machine linked to this
dll? Thank You all very much?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Just to update

I´ve manage to remove the abrtcp.dll from the system, after using the
Windows installation disk (the dll was loaded so early that even in safe
mode with prompt I couldn't remove it). And, when I was about to do that, I
noticed that the IE was redirecting me to the web page www.winantivirus.com
and search42.com web site every time I typed on google, via the adress bar,
words like virus, spyware, etc... So be aware of this web page and this soft
and the .dll. And also, NOD32, Trend House Call Beta, MicrosoftAntiSpyware,
Ad-aware and Spybot, NONE could remove or identify the infection.



"Rogerito" wrote:

> hello again
> This is my Hijackthis log file:
>
>
> Logfile of HijackThis v1.99.1
> Scan saved at 21:25:06, on 2/5/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\svchost.exe
> C:\Arquivos de programas\KYE\Genius NetScroll Optical Mouse\mouseElf.exe
> C:\Arquivos de programas\Internet Explorer\iexplore.exe
> C:\WINDOWS\system32\wuauclt.exe
> C:\Documents and Settings\Rogerio\Meus documentos\Download\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://ww1.sao.terra.com.br/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://ww1.sao.terra.com.br/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
>
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -
> C:\WINDOWS\AppPatch\abrtcp.dll
> O4 - HKLM\..\Run: [mouseElf] C:\Arquivos de programas\KYE\Genius NetScroll
> Optical Mouse\mouseElf.exe
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
> O8 - Extra context menu item: E&xportar para o Microsoft Excel -
> res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\WINDOWS\System32\msjava.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
> O9 - Extra button: Criar 'Favorito móvel' -
> {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
> O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
> C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
> O9 - Extra 'Tools' menuitem: Criar 'Favorito móvel'... -
> {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Arquivos de programas\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de
> programas\Messenger\msmsgs.exe
> O14 - IERESET.INF:
> SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
> O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
> https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.08.43&unknown&unknown&http://www.toyota.com/vehicles/2005/prius/key_features/pc/index.html
> O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
> http://housecall-beta.trendmicro.com/housecall/xscan60.cab
> O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
> http://www.cult3d.com/download/cult.cab
> O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
> http://simcity.ea.com/update/EARTPX.cab
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
> http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101236142125
> O20 - Winlogon Notify: abrtcp - C:\WINDOWS\AppPatch\abrtcp.dll
> O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated -
> C:\WINDOWS\System32\ATMsrvc.exe
> O23 - Service: Diskeeper - Executive Software International, Inc. -
> C:\Arquivos de programas\Executive Software\DiskeeperLite\DKService.exe
>
>
> As you can see on entries 02 and 020 there's that dll I mentioned before,
> abrtcp.dll, that nobody knows what is it. I'm sure that's the bug responsible
> for the problem (as it shows up in the explorer.exe task) but I just can't
> get rid of it. No anti-spyware or anti-virus seems recognize this as a bug,
> there're no mentions on google and I just can't delete from my system
> (hijackthis couldn't and if I start windows in safe mode, I can't either). So
> the prize question is: how can I remove this dll? Are thre any programs good
> for that? Should I look for any other software in my machine linked to this
> dll? Thank You all very much?
>
>
>
>