Solved

MS Internet Explorer  (iexplorer.exe) causing 100/% CPU Usage, Unable to kill the process in task manager

Posted on 2004-11-01
2,099 Views
Last Modified: 2013-12-03
System

Intel P4, GIG Ram, MS XP SP2 Full updated

Full Antivirus checked and spyware; currently running Giant Antispyware with lastest defn files etc.

Symtom: Browsing in IE and after random period the CPU usage will peak at 100% and then really impact the PC, can not kill the iexplorer process have to shut down the PC! Currently having to use Firebird non IE browser.

Any help appreciated.
0
Question by:xyratex
    5 Comments
     
    LVL 49

    Expert Comment

    by:sunray_2003
    Hi xyratex,

    Try these

    a) boot to normal mode
    go to start --> run--> msconfig

    go to startup tab and disable all applications except anti-virus and firewall
    go to services tab and check "hide microsoft services" and then uncheck all services there

    restart and check how it goes in normal mode

    b) Run this tool http://windowsxp.mvps.org/IEFIX.htm

    c) Remove temporary internet files, folders and cookies
    How to Delete the Contents of the Temporary Internet Files Folder
    http://support.microsoft.com/default.aspx?scid=kb;en-us;260897

    Post back doing these


    SR..
    0
     
    LVL 49

    Accepted Solution

    by:
    Have you run hijackthis aswell

    if not , do that

    download and run Hijackthis.
    Download Hijacthis from here http://www.softpedia.com/public/cat/10/17/10-17-69.shtml.
    Get the log from Hijackthis and save the log and paste it here
    http://hijackthis.de/index.php?langselect=english to analyze it.
     The analyser site is used so that you donot gum up the thread with the entire log.

    Check this tutorial aswell : http://aumha.org/a/hjttutor.php

    Remove the bad ones that the site reports. If it says unknown process, then use a search engine to check if those are bad ones. If bad remove them , if you still cannot find then post those files alone here.

    0
     
    LVL 3

    Expert Comment

    by:KickR
    Just be sure what services you disable!! If you uncheck all services there you might disable your virus protection and firewall!!! If you don´t know what you are doing it is recommended to leave these be. e.g. you have BlackICE firewall, Trend OfficeScan virusprotection and Cisco Systems VPN Client you would disable services these programs depend on!
    Sunray 2003, be careful to recommend these kind of things!
    It´s better to have Xyratex post his services here and tell him what to disable or tell him that after this is done he needs to enable them one by one after having tested his system with the services off!
    Otherwise very good advice! Good luck Xyratex!

    0
     
    LVL 49

    Expert Comment

    by:sunray_2003
    KickR,

    Ah i missed the services part.. I have all these services that you mentioned and i should have specifically told what to disable in services.. thanks for reminding.
    0
     

    Author Comment

    by:xyratex
    Ok here is my log file, thanks for the quick response :)

    In the process of  removing services etc.


    Logfile of HijackThis v1.98.2
    Scan saved at 20:48:08, on 01/11/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\bin\rteng7.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\Utils\HijackThis 1.98.2\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHF~1.101\IEFlash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Cache Cleaner] C:\Program Files\Neoteris\Cache Cleaner\dsCacheCleaner.exe -action delete
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [gcasServ] C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
    O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://210.80.76.119/object/Dldrv.ocx
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://portal.xyratex.com/dana-cached/setup/NeoterisSetup.cab
    O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/download/btbconnectwebcontrol013.cab

    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
    The purpose of this article is to demonstrate how we can use conditional statements using Python.
    This video teaches viewers about errors in exception handling.
    This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now