Explorer.exe, CCApp.exe (NIS) at 100% CPU, taskbar toolbars disapp
ivand67
after my computer reaches 100% CPU usage and stays there, most of the times
forcing me to sit in front of it, ending processes on Task Manager until
finally I'm able to restart, taking 10 minutes of my time, especially because
when I return to Windows after rebooting, my 4 toolbars in the taskbar,
including 40+ shortcuts in the Quick Launch bar, disappear, forcing me to
manually reorganize them (which I do with help from the latest screenshot
I've taken).
The culprits are explorer.exe (surprise, surprise :rolleyes: ), other times
CCApp.exe (Norton Internet Security 2005's user session manager), and last
time rundll32.exe, which I closed and then, believe it or not, firefox.exe
was taking 100% CPU (I'm sure it has nothing to do with Firefox though, maybe
a problem with an extension since I have more than 35, but I doubt it). I do
not use Internet Explorer, and I don't have any viruses (just checked last
night).
Also, spyware is out of the question here (checked about 3 days ago and I'm
doing fine, in fact I haven't had any type of spyware in 3 or 4 months (since
switching to Firefox it's almost like spyware doesn't exist, what a
coincidence), other than tracking cookies, and I've checked with both Spybot
and Ad-Aware SE 1.05 with all the most thorough settings).
I'm running Windows XP Home Edition with SP2 on a Dell Inspiron 5150 (3 GHz
P4, 512 MB RAM, 40 GB HDD), nVidia GeForce FX Go5200 graphics card (latest
nVidia drivers), latest BIOS from Dell, etc.
Here is my HijackThis! log:
[quote]Logfile of HijackThis v1.98.2
Scan saved at 5:42:28 PM, on 12/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\KlipFolio\KlipFolio.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AeroGlade Software\DisplaySwitch Platinum\DSPlatinum.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Winamp\winamp.exe
c:\program files\mozilla firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\HijackThis!\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://www.mozilla.org/start/"); (C:\Documents and
Settings\ivand67\Application
Data\Mozilla\Profiles\default\uw3e2mj8.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src");
(C:\Documents and Settings\ivand67\Application
Data\Mozilla\Profiles\default\uw3e2mj8.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program
Files\Panicware Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Desktop Search Capture -
{7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google
Desktop Search\GoogleDesktopIE.dll
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} -
C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: VPN-OEM Extension - {89044184-F260-4FDD-8FAB-2662814846E5} -
C:\WINDOWS\system32\kbdrufl.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
- C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer -
{C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} -
C:\Program Files\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro -
{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware Pop-Up
Stopper Pro\popuppro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: QuickSearch Search Bar -
{82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program
Files\QuickSearch\QuickSearchBar1_27.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [KlipFolio] "C:\Program Files\KlipFolio\KlipFolio.exe" /BOOT
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE
C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DisplaySwitch] "C:\Program Files\AeroGlade
Software\DisplaySwitch Platinum\DSPlatinum.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Startup: Dual-monitor.lnk = ?
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: OneNote Quick Launch.lnk = C:\Program Files\Microsoft
Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Program
Files\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program
Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program
Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program
Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program
Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PUFLITE -
[url]http://www.daviddagliohomes.com/Photo/Control/PUFLITE.CAB[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
[url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
[url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
[url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment
1.4.1_02) -
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2AC89971-CC93-4FD2-BA34-FE2C8269AEAD}:
NameServer = 192.168.1.1
O21 - SSODL: WebExtLocation - {FE2DB5FF-5ECF-11D2-B28F-0080C8383C7B} -
C:\WINDOWS\system32\winfghert.dll[/quote]
Now after checking for viruses and spyware, there's gotta be more I can do.
The thing is, I rarely have any problems so I don't have a lot of tools for
troubleshooting. I do have Norton SystemWorks 2005 (did not purchase this!),
but I doubt any of the so-called "problem" checks on that piece of crap will
help... WinDoctor checks for stuff in the registry and missing entries, and
I ran that last week already.
I don't have enough space on my hard drive to use System Resftore, so don't
even suggest that. I wish I could try that but with my minimalistic HD, I
can't. I gotta get an external hard drive to store all my music/video on
there... And forget about the Symantec forums - they don't even exist anymore
(what a terrible company that has turned to ever since Symantec bough all the
rights to the Norton software).
So, I've been thinking of using another firewall and I don't know which one
I should use - I've used ZoneAlarm before (I didn't keep it because it didn't
have banner-ad blocking software, which is great about NIS because that way,
I don't see banners or ads anywhere, not even on P2P programs, and that's
real cool).
Is the latest version of ZoneAlarm good on SP2? Has anyone had problems with
it? What about Sygate Personal Firewall Pro? I've heard of that one but never
used it before... McAfee probably sucks, right?
And as for my taskbar losing all my toolbar settings when explorer.exe
crashes, why the hell does this happen? Where in the registry are the
settings for the taskbar stored and what can I do, other than adding a number
to all the shortcuts on the Quick Launch bar (01 Show Desktop, 02 Winamp, 03
Firefox, etc.), to never lose my settings in the taskbar again?
I'd try re-installing SP2, but that would require to first uninstall SP2,
re-install Windows from my SP1 disc, re-download SP2 and re-install it, and
then I'd probably have to re-install NIS 2005 (think so)- and that's 6 hours
of hell that I don't want to go through.
Any comments or suggestions would be greatly appreciated, I know that was
long, but I wanna see if I can solve all my computer problems at once.
Thanks in advance!
Ivan
Quaoar
Extremely fragmented HD, not enough free HD to either run well or to
defrag, and enough startup apps to choke the fastest computer on the
planet. On the last item, you really need to review what you *need* to
run versus what you *can* run, and do something with all the IE
extensions like disable them. Start here:
http://www3.telus.net/dandemar/slowcom.htm
Then use this site to help you decide how to manage your startup app
requirements:
http://www.pacs-portal.co.uk/startup_content.php
Then go here to look for a new, larger HD:
http://www.newegg.com/app/manufact.asp?catalog=14&DEPA=1
or here:
http://www.zipzoomfly.com/jsp/ThirdCategoryList.jsp?SecondCategoryCode=0110
Q
Rock
> OK here's the deal. Every day about once or twice, I get extremely annoyed
> after my computer reaches 100% CPU usage and stays there, most of the times
> forcing me to sit in front of it, ending processes on Task Manager until
> finally I'm able to restart, taking 10 minutes of my time, especially because
> when I return to Windows after rebooting, my 4 toolbars in the taskbar,
> including 40+ shortcuts in the Quick Launch bar, disappear, forcing me to
> manually reorganize them (which I do with help from the latest screenshot
> I've taken).
>
Don't post HijackThis logs here. There are specialty forums for that
purpose:
Forums to Interpret HijackThis Logs:
http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/
Rock
> OK here's the deal. Every day about once or twice, I get extremely annoyed
> after my computer reaches 100% CPU usage and stays there, most of the times
> forcing me to sit in front of it, ending processes on Task Manager until
> finally I'm able to restart, taking 10 minutes of my time, especially because
> when I return to Windows after rebooting, my 4 toolbars in the taskbar,
> including 40+ shortcuts in the Quick Launch bar, disappear, forcing me to
> manually reorganize them (which I do with help from the latest screenshot
> I've taken).
Also try some clean boot troubleshooting to see if you can identify the
culprit(s):
How to Troubleshoot By Using the Msconfig Utility in Windows XP
http://support.microsoft.com/?id=310560
How to perform advanced clean-boot troubleshooting in Windows XP
http://support.microsoft.com/?id=316434
ivand67
HijackThis log, or at least the majority of it, and I don't think there's
anything there that would indicate that my hard drive is too fragmented. I
will defrag tonight, but I doubt this has anything to do with Explorer.exe
and CCApp.exe hanging and taking 100% CPU usage, forcing me to restart.
2. I run about 40-45 processes on Windows when starting. About 28 of those
are system and Norton Internet Security. Then I run small, tiny little
applications, stuff like the Winamp Agent which keeps my media files
associated to Winamp at all times, and a tiny app called DisplaySwitch that
runs an icon in the tray and lets me switch screen resolution on the fly.
These programs take barely any system resources and I always look out for
suspicious stuff that gets registered in the registry to run at startup with
a program called Ace Utilities.
In other words, I know how to take care of the apps that are running and
trust me, I know a lot of people that run many more applications than I do. I
know I'm not running that many.
ivand67
(I know there's probably 3 or 4 I could get rid of), are irrelevant.
And I seriously doubt this has anything to do with Firefox. It's very
reliable and a rock solid program (way better than IE by the way).
Bob Burns
I think you are absolutly right- I have the same problem. Only after it
runs a while does it go to 1100% cpu, indicating it's getting crap from
somewhere. I've been using disk cleanup, which seems to help. Go to
start/all programs/accesories/ system tools/disk cleanup.
--
Bob Burns
Mill Hall PA
trebo...@earthlink.net