Something is attacking my computer and I can't find it

For about a week now my laptop has been acting very strange. The CPU is maxing out, the CPU load is hovering between 88 and 100%. The fan is constantly kicking on. System is freezing.
Here's a list of the things I have already tried:
-defraged multiple times
-ran spybots S&D 2 times
-ran quick-scan for symantec antivirus
-checked the TM(explorer.exe is constantly hoging the CPU)

I tried to run full scan for the antivirus but it freezes and becomes unresponsive less than half way into the scan.

The only way to put a temporary fix on this is to reboot, but it soon returns to its usual habits.

I got a BSOD today, and I fear there will be more in the future if I can't fix the problem.

Can anyone PLEASE HELP me on this?
You help will be GREATLY APRECIATED!!!!!
Thanks in advance to all that take the time to help me.

 

Did you try to do a system restore to a point last week where it might of started?

Of course, reformating is never a bad idea neither.

 

Yeah, I did 3 sys restores. I would have reformated a long time ago but I am in no way safely capable of reformating at this current point in time. I have about 30GB of stuff that I need to keep. The problem is that I have no way of transfering them to another location.

 

post a list of the various processes that are running. did you install new programs or softwares

 

try running your spyware and anti-virus scans from safe mode. to get there, reboot and keep pressing F8 until the boot selection menu shows up, then pick safe mode.

 

I installed a couple of antivirus/spyware programs to try and find the problem but I took them off when they didn't work. Check the attacked pic for current processes on my system.

 

From the start/run command type "msconfig" click the startup tab. I always uncheck all. These are the programs that are running on your computer when you turn it on. reboot. After a while, and a few reboots, check in there to see if any programs come back. Most crapware will replicate itself again and return. GL

 

i would recommend:
1. totally rem ur symantec virus dingy - it is a resource hog and always has a mind of its own
2. get avast or avg - i personally have zero issues with theses tools for years
3. download cCleaner to go thru ur start ups - it offers a clearer explanation of the processes
4. stop/disable all ur ati related services/processes ( http://www.tweakguides.com/ATICAT_1.html)
5. one of many good reads on services http://www.theeldergeek.com/services_guide.htm#Services

just a start

cheers ...

 

I would remove symantec first. It qualifies in virus category itself, because it is slowing the system down, makes system changes, cannot be uninstalled properly wastes bandwith and doesn't do anything useful. Joke, but at least partly true.
Be sure you have all critical patches from Microsoft.
Windows defender could help too. It reports all critical system issues.
Check all processes you don't know on internet. Like ccApp.exe in Google and find some process information. Windows defender can identify most of them BTW.
Find the sucker and manually get rid of it. It is easy once you know what are you doing, but if not, use tools you already mentioned.

I know for sure that Spybot and Adaware + many antivirus programs don't usually work very well, but can help in case of some common infection. In my looong experience I learned that I have to learn as much as possible about the pest, find the specialized tools for removal (McAfee or Sophos exe tool) or just manually kill it usually following the procedure on let's say Sophos pages. All round tools rarely are 100% successfull.

I hope you will find the reason for the whole thing. Good luck,

Ivan

 

Have you considered that it could be a hardware fault such as overheating? Freezing half way into intensive tasks like a system scan could indicate a hard drive problem.

 

I'm going to echo Sykotic's recommendation. It sounds like a great way to see if anything's adding itself to your startup.

I would advise against uninstalling symantec AV. The program, though bloated it may be, is great at virus detection and prevention. I really doubt that this is causing your processor use problems. Unless, perhaps, you have a virus scan or spyware background scan that keeps trying to run until completion.

I tried Windows defender, and it worked very well. HOWEVER, be advised that it is still a beta. I ran the program with Windows start, and I had issues with the MsMpEng process. This is what defender runs in the background. Several times I had an issue with Defender running scans that completely monopolized my system resources. When I'm running McAfee (no choice sometimes I don't notice the virus scan running in the background. This was not the case with Defender, so I had to get rid of it. This is a very widely known issue...just google "MsMpEng" and see what it shows.

Otherwise, if you're running any themes, disable them. You may be running a theme with a bad bug? It's just a thought. One other test would be to end the "explorer.exe" task and re-run it.

Good luck, let us know what you figure out.

 

Update on things tried and failed:
-ran antivirus full scan in safe mode(found 10 problems but still causeing trouble)
-installed AVG ran it found no errors(symantec found 10)
-uninstalled AVG since it prooved useless
-ran msconfig(found a couple of useless programs)

so far nothing has worked but I'm going to keep trying

 

I do have window themeing on my system but the only thing that I have noticed is that it won't let me run EasyCleaner.

 

*REFORMAT* you can buy a quality hard drive thats pretty cheap online... but i wouldent trust handing out your creditcard or anything because you obvously have a big prob on ur hands and there are these bad things called keyloggers that can basicallly ruin your life. Yea, so that cp is done for unless you sys restore to like the first day you got it lol or reformat

here are some external hds

take a look

http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=2484230&Sku=I21-6102


^ thats 1tb for very cheap!


and dis is 40 gigs
http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=2460572&Sku=S130-5000 R

i can trust this site because i personaly ordered from there, but give it a shot


little word of advice, dont put the virus on the hd lol

 

Well, I'm currently strapped for cash....I was actually looking into getting and external HD, I just can't pay for one just yet.
I've used tigerdirect in the past but prefer to use newegg.
Thanks for your time though,m4rc.

 

If you did things in that order and Symantec dealt with the 10 issues, it is logical assume that subsequent virus scans will not find these 10 issues i.e. AVG. AVG is a decent virus scanner and there is every chance it would have found some of, it not all of the 10 issues.

 

No I ran AVG first and it found nothing, then I ran a full scan with Symantec and the 10 items appeared. I have used AVG in the past and it is still letting me down. maybe it's just my systems considering that a couple of my friends use it and it seems to be working for them.

It's somewhat behaving today but, I still am noticing a few hangups and CPU load spikes that don't just drop back down.

 

Can you hit ctrl+alt+del and watch the task manager to see what starts running at high CPU usage when it starts slowing down? (click on the column header to sort by CPU usage, the high CPU using programs will jump to the top) That would give you a good idea as to what you need to kill or look for.

 

I had the opposite when using Avira, Norton was finding nothing but then a run of Avira caught 2 that Norton never did. Since then, I dumped Norton as it was using more resources even though it never appeared it to the eye due to dual cpu and lots of memory.

 

The last thing that was running high was explorer.exe.
I just ditched google web accelerator. MY CPU load and clock speed are more or less back to normal but I'm noticing that programs...web browesers inparticular are taking longer than usual to load. web browsing is slow too.

 

Have you tried Hijackthis! ?
(you need to know what you're doing somewhat or you might screw something up deleting stuff), but if you wanna run a scan and post the log here, I might be able to help.

 

Heres that log you asked for

 

Well you have at least one piece of malware/spyware/whatever their, Smartshopper0.dll, definitely not a valid program.

Edit:

Both of these

O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchEnhancer\nsa21.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll

Are spyware of some sort

 

Yeah, looks like you were infected pretty bad;that "Relevantknowledge" spyware may have been keylogging =/ , I hope you havn't logged in to paypal or anything like that.
The following are very likely malware (99.99% sure); you should be able to use hijackthis! to remove them:

c:\windows\system32\rlvknlg.exe

O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\SearchEnhancer\nsa21.dll

O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll

O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot

O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll

_____


I don't see anything else suspicious..
Hope this helps.

Edit: I see Arla pointed out a couple of those already.

 

I took care of the ones you listed. Let me know if anything else looks suspicious.
It seems that other than web browsing, the system only laggs when watching movies....could it be because I'm watching them from the HD.

 

What fun.....now my taskbar is frozen...can't click on anything....clock is stuck...nothing works...I have to us the TM to get to open anthing that is not on my desktop...and switch between opened programs....I think I'll reboot and see if that fixes it.

 

can it be that you now have a dying HD? Try scan disk to see and fix some bad sectors...

if you have tried doing all of the instructions above without success then maybe it's time for you to reinstall your OS... Your Os may have been unstable and ruined beyond repair... If reinstalling does not work or if you are not able to reinstall, then i suspect it's a hardware problem... (hope not...)

good luck!

 

It's been awhile.....could somebody refresh my memory on how to run scandisk?

 

Right click the drive and select Properties\Tools\Error Checking - Check now.

 

checked it, but nothing was wrong.
If I reinstall windows....Is it like the old win98and 2000 where, I have to option to not blank the HD when I reinstall the OS? I'm about 90% shure but I want to be 100% before i carry out the reinstall.

 

if you have a separate partitions, then you can save all your important documents to the other partitions. But if you only have single partition then you have no choice and all data will be deleted since the OS will reformat your single partition before installation.

If you used repair, then nothing will be changed, that is, all your installed program will still be there. However, if your OS CD is xp sp1 and your current updated OS is sp2, i don't suggest you do repair because your xp will be more unstable. (don't repair also since you suspect a virus or some kind of malware and spyware ruining your computer)

Complete reinstall is to be prefered rather than repair.

 

Important documents file size excedes the partition size. I'm looking into getting an external HD but I problably won't be able to get it until late December-early January.

 

Why would EXPLORER.EXE be eating 49/50% of my CPU.

 

Your OS is probably corrupt. That would account for explorer.exe taking up a good chunk of processing power. It is also possible that you weren't able to get all of your infections cleaned.

 

Well, all I can do until I get my extHD is scan for viruses and other malware....so until then I hope it doesn't get any worse.

 

Just to reiterate, you tried Ccleaner, spybot, and adaware? Also, upgrade explorer to IE7. Maybe in the upgrade process it will fix whatever corruption/issues you're having.

~ Brett

P.S. - Use Firefox for internet browsing if you aren't already.

 

AVG Free Anti-spyware
and
A-Squared

Its def worth running a scan w/ them. They always pick up things that are missed by other scanners plus they're free. AVG will also act as a spyware shield for 30 days before turning into a scan only option.

 

I use opera because both firefox and IE are problem prone and I find IE7 worse...at least browsing wise...than IE6. I don't think a web browser is going to fix a windows problem(explorer.exe and IEexplorer.exe are two entirely different things)....but I'll try it just the same just to see if it makes a difference.

 

I'm pretty sure the IE7 upgrade updates some other major Windows components as well. No harm in trying anyway.

~ Brett

 

If this was already suggested I apologize however i didn't see it. There is a program called Taskinfo that will show every single process/thread on your pc along with all information regarding where the process is running, start times, etc. The trial version will work for 30 days (I think). If this program can't find it nothing else will. I always have it running. you can pinpoint the origin on any process. It shows everything in real time. Look for the process using the most resources.

 

OK so i have Taskinfo.....no what do I do with it?

 

After the install, on the main Taskinfo page (on the left) will show you all the threads and how much each process is using your system resources, With no applications running see if you can find a running process using a lot of CPU resources.

 

OK, It's behaving at lest according to NHC and Taskinfo, but nothing says it won't act up later. What would I do in the event I find a process that is using a lot of resources

 

If you do find the process, find the path to the .exe or whatever kind it is. Taskinfo will show the path but you'll have to move some columns out of the way to display the path. After finding out what and where the offending process is, use taskinfo to terminate the process, then delete the file. Also be sure to check your startup folders for a link to the process and remove them as well. You can even do a search for it to see if any additional copies exist and delete them.
You should Google the file name to make sure you don't need or want it before deleting.

 

thanks, will do

 

I hope you find the culprit. I have found spyware processes this way.

 

I hope so too, since the following programs have yet to find it:
AVG free addition
Symantec Antivirus Suite
Avast
Spybots S&D
scandisk
defrag
EasyClean

 

One more thing....check scheduled tasks just to see what's sheduled to run automatically.

 

where does one go to check scheduled task?

 

In the control panel, somewhere.
If you have it in classic view, it's just control panel > scheduled tasks.
In category view, its under performance and maintenance I believe.