Same problem for me. On XP safety mode, i seached for files modified/added on date i experimented this trouble. On this way, i found Optimizer.exe ( don't know what kind of pg it is ). With the deletion of it, i finally solve this problem. I'm not sure 100% this pg is the pb, anyway, i think you should try this way of resolution. Ps : it seems that no antivirus or Spyware killers are efficient on this pb. Good luck.

0

i got hit on monday with excatly the same problem as linu a. i have tried everything under the moon. my post number is 9663. God help me..anyone desiturntable

0

i managed to fix the problem (it seems the dll files get corrupted somehow. go here http://www.analogx.com/ and download ANALOGX DLLARCHIVE. basically it replaces damaged ot bugy dll files with its own dll files. Dont worry when windows comes up with message warning to not overide original files..and put in windows cd. just ignore it and u will be amazed. IT WILL WORK I PROMISE.. thanks desiturntable

0

desiturntable, I couldn't get AnalogX DLLArchive to work on my system, I'm running XP and am wondering if you encountered any problems with it freezing, and if you're running a different version of windows. I've got the same problem where explorer.exe keeps taxing my CPU's and refusing to open folders or directories correctly. Any help would be greatly appreciated. I've already run the usual plethora of AV, ad-aware, spy-bot, etc... Trux

0

Trux Do me a favour and check this folder c:\windows\System32\Wins\=Dllhost.exe and svchost.exe. Note: a legitimate system file exists with the filename DLLHOST.EXE, which must not be deleted. you could be infected by the W32/Nachi.worm see this link for more info: http://vil.nai.com/vil/content/v_100559.htm. I am running windows xp home editon sp1 and yes my system was freezing. Explorer.exe is linked by ur desktop files and start menu ie control panel thats why any path using desktop has the problem. Whatever u do dont press anything on ur desktop (use internet explorer to open any files). I dont know why the: http://www.analogx.com/files/dllarchi.exe was not working on your system. Also not turn ur windows system restore off before running any virus programs. Let me know how u get on..good luck desiturntable

0

I have WIN 2k Server with exactly the same problem and I tried the ANALOGX stuff but: «...and download ANALOGX DLLARCHIVE.» it's done. «...basically it replaces damaged ot bugy dll files with its own dll files.» when is that done??? ('cause I can't see that option in the program!) «... Dont worry when windows comes up with message warning to not overide original files..and put in windows cd. just ignore it...» When did u get that message warning???? I think the only thing the pgm can do is archive unused dll at the time of the execution of the ANALOGX DLLARCHIVE pgm. Is there a way to find the name of all dll used by explorer.exe ???? Halb Halb

0

thanks desi turntable, but c:\windows\System32\Wins\ doesn't contain any files at all let alone Dllhost.exe and svchost.exe, also, the first link you posted says the application Stinger has been updated to detect/remove the W32/Nachi.worm, and it finds nothing on my system. It sounds like a virus to me, but nothing can find it, so unless anybody has any other suggestions, I'm guessing I'm going to have to wait for Norton or another AV app to recognize it... although any other suggestions would be welcome. Thanks again though. Trux

0

yes, I did the same and I found no files in c:\windows\System32\Wins\ i did download the ANALOGX DLLARCHIVE and run it but it did not fix anything. Actually I am not quite sure what that program did. I just archived all the DLLs but nothing else. If I forgot to do something let me know. The problem still exists and I appreciate the suggestions. I'll keep working on it and let's see what happens.

0

ok i have same problem after viewing a site - it downloaded all this CRAP into my pc and i think while it was all installing behind my back / or wen it was done i closed it - then i log on safemode n everything works i restart and do "sfc /scannow" on normal mode doesnt fix it then i try to reinstall win xp usin cdrom boot and so forth - now i cant boot up my hd cuz i get blue screen of death while booting one of those fatal error type things n it jus restarts auto - now i jus bootin from cd n formattin my slave hd hopefully i can load windows install my dvd burner - backup all my video from my 160hd (main hd) ill let ya kno how it works out - but im officially messed up cuz i cant even boot to windows from the main hd for tryin to fix it

0

The same problem happened to me. The only thing that I can open once an a while is task manager. I can't get on the internet, us windows explorer or anything.. ANd it works with a lot of delay.. My processor is 100% all the time, altough I'm not doing anything. Is there another way to be able to make a back-up of my files??? Because I can't get in safe mode or anything. Does anybody knows how to open save mode with Packard Bell?? Does anybody knows how i can solve this problem???

0

I used AnalogX Archive DLL, first shutting down explorer.exe proces from the task manager and running Archive.Dll from the task manager, just as described, I recieved the messages from windows and ingnored them, restarted my PC and now it's working fine. This worked for me, I hope it works for others as well. Thanks for the tip! Virgilio

0

Ok. solved the problem (or so it seems) and it is very simple, so there is hope. I deleted from C:\Windows optmize.exe roing_ then I run HIJACK This and I deleted some entries that did not seem reliable. I cannot rememeber the names of the files, but I do not know if it matters. Because as I read tons of messages about this problem it seems that we all have different files names, same problem but different names. Basically, go through the data that HThis offers you and get rid of some dlls files in your C:\windows that might be doing the problem and an entry of a toolbar (actually that is how my problem started). ANALOG DLL ARCHIVE was not useful for me, actually it made some other things work worse. So it depends on the characteristics of your problem. Hope this help and thanks a lot for everybody's suggestions. Hugo

0

Thanks Hugo It works. I followed the advice, though I couldn't find either optimize or roing_ there, though I do remember optimize being there at one point. HijackThis works, just be sure to backup before you delete. I ended the processes iexplore.exe and explore.exe first though... don't know if this helped, but it ended up working so... anyway, I'd recommend doing a few deletions at a time, testing it, then doing more... easier to keep track of what you're doing. Mine seemed to be either ctfmon.exe, something called Toolbar:&Radio, or an IE plugin for .spop, though I'm not entirely sure what any of these are exactly. Just sharing what worked for me. Good luck. Trux

0

Hi OK..it seems eveyone is getting somewhere with the problem. You must read the manual to use ANALOGX DLLARCHIVE properly and effevtibly b'se it actually replaces buggy/damaged dll files. WHAT IT DID REPLACE (WHICH IS SHOWN BY THE dll program log) was that there was something in the path c:\WINDOWS\system32\ that was effecting us all. Hijack does the same thing as dll archive. I think the problem is solved. desiturntable

0

It finally works!!!! After doing again the steps written by Virgilio and manually delete a dll called tZRy80H8.dll, saw when debugging explorer.EXE(with an access violation message), my Win 2k Server system began to work normally. thanks to all! Halb

0

Wow, I have to admit I am impressed. I have been having this problem for two days now, after an attack by several spyware... a toolbar got installed, as well as a "porn detection" software, and a clock synchronizer. AdAware, Spybot and Norton Antivirus were able to remove most things... but I still wasn't able to open either My Computer or Control Panel, because explorer.exe would shoot the CPU usage to 100%. Well, I checked in my Windows directory, and found 3 suspicious files, 2 DLLs and one .exe. They all had the same date and time (exactly when I started having the problem). I renamed them all, and that was it... no problem now! FYI, the files were called zSM328.exe, l44r.dll and rGPiPZ112.dll. Thanks you guys... I didn't know this website, but a search for my problem brought me here and I was able to fix it!

0

Hi Im having a complete nightmare trying to get rid of this things, ive tried most of the things already suggested.however with no luck. The roings and visual loading engines are still showing up. i have however appeared to have remover the bargin buddie files and the search spirit toolbar that other have mensioned. As already established the problem is different on everyone computer,ive posted my log below if someone can help i'll be very grateful. thanks Logfile of HijackThis v1.97.7 Scan saved at 09:05:08, on 23/02/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe C:\WINDOWS\System32\drivers\CDAC11BA.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\carpserv.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Documents and Settings\Andrew\My Documents\My Music\Winamp3\winampa.exe C:\Program Files\NuCam Corp\CamCheck\CamCheck.exe C:\Program Files\ClearSearch\Loader.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\MSN Messenger\MsnMsgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\Program Files\Grisoft\AVG6\avgcc32.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Andrew\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0 R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file) O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ddm3dia.dll (file missing) O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll (file missing) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Core Library - {6E1C5E3D-A8E6-4a92-820F-BFCFE45BA158} - C:\WINDOWS\System32\veev665c.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {E0ADE8D1-9147-4D40-8D2C-3FA61F243BF5} - C:\WINDOWS\z2DuSx9.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Documents and Settings\Andrew\My Documents\My Music\Winamp3\winampa.exe" O4 - HKLM\..\Run: [CamCheck] C:\Program Files\NuCam Corp.\CamCheck\CamCheck.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [53831118.exe] C:\WINDOWS\System32\53831118.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [win32gb] c:\windows\system32\win32gb.exe /noconnect O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [SpyHunter] C:\Documents and Settings\Andrew\My Documents\spyhunter\SpyHunter.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [SpyKiller] C:\Documents and Settings\Andrew\My Documents\SpyKiller\spykiller.exe /startup O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Documents and Settings\Andrew\My Documents\Palm\HOTSYNC.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{79C125DC-4235-4E46-B00B-81951ECA0C88}: NameServer = 193.38.113.3 194.117.157.4 Andy

0

THANKS for the excellent thread. The tip to find files of the same date&time as the discovered adware resolved the same problem for me. The same user messed up two systems this way. several adware directories were installed along with .dlls that were not recognized as adware. moving all the bad stuff to a quarantine directory resolved the problem before even a reboot. Thanks Thomas Macauley

0

This is probably a new virus. I haven't run any suspicious softwares, nor have I openned some attachment of emails, probably the virus affected my machine as I surfing some website. What a horrible vir. No existing anti vir software can remove it. explorer.exe keeps occupy 100% cpu. The only way I can do temporarily is to kill explore.exe under windows and run my commond from the task manager. I tried all the ways above, but no way can works. I can't find any new added .dlls or .exes under windows or system32 directories . Almost crazy on this, I will watch this post to see if there are any other effective soluctions

0

I have found the optimize.exe program in one of my systems after visiting a web page. Here is a link giving a little detail on what it is and for. http://www.doxdesk.com/parasite/InternetOptimizer.html I have also found it in the registry with in 30 min. after I found something tryin to access the net, but was refused by my firewall. Here is the registry location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Once you click on "run" then look look for "Internet Optimizer" I do believe by removing this in the registry things will help. I am not sure if it will fix everything, but should get it started at the least. Please view the website I listed about for more information. I hope this helps someone out. CJ

0

Ok all. I was able to clean out all the things that was related to optimizer.exe and several other things that installed with it that was unknown until I read the website that I posted above. All I did was run Spybot Search & Destroy. Which is completely free. Good luck to all of you! CJ

0

wow! and i thought i was the only one having this ****** virus!! .by the way is it a virus ?? . i still cant figure out.well all i know is i downloaded some crap and it came thru them .. hey u know whats funny i got bargains.exe(unknown) teekids.exe(blaster(a.k.a)w32.welcha.worm) mslaugh.exe(blaster(a.k.a)w32.welcha.worm) msbb.exe(unknown) winnet.exe(unknown) Ebatesmoemoneymaker.exe(unknown) dw.exe(unknown) newdot~2(unknown).....etc in memory i still cant figure out how i messed up bigtime!! i tried manually deleting these files and running norton(updated) only to see them back in a day or two!!!! all i can say is H.E.L.P e-mail me please!!!

0