cpu usage 100%

March 14th, 2006, 8:11 am

sorry for rushing..to unarchive a file you do attrib -a 'filename", i just found that out , and did it to the pokapoka79.exe file but it still says "access is denied".

March 14th, 2006, 11:36 am

You may need to delete it from Safe Mode in DOS or juse a utility like Killbox.

March 14th, 2006, 2:11 pm

what do you guys do when hjt, killbox and going into safe mode and deleting the files yourself in explorer doesn't work? well, that's what i've been doing, here is my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 4:02:51 PM, on 03/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Your Name Here\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\System32\wdc1n.dll
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\System32\dgfgql.exe"
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteuzw32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinrrag.exe
O4 - Startup: Z_Start.lnk = C:\RECYCLER\S-1-5-21-1708537768-507921405-842925246-1004\Dc5.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F74D336E-CCB1-4644-B2DD-0C7A7B46165A}: NameServer = 192.168.1.1
O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - C:\WINDOWS\System32\wdc1n.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe


keys like: wdc1n, dgfgql.exe, eliteuzw32.exe (this is new one, maybe it is an old one that changed its name), owinrrag.exe refuse to get deleted, is there any place in the registry where you can delete them for good?

March 14th, 2006, 2:29 pm

There is something else causing these programs to reappear. I know that you have some QuickLinks adware. Have you scanned with an updated Spybot and Adaware while in safe mode? Also what virus software do you use? I would install Avast's free virus scan and use their boot-scanner after installing.

March 14th, 2006, 2:35 pm

One way to fix this would be to repair your windows installation. You will need your serial on hand and reinstall your drivers, but it saves your data and programs. You can do this with the XP CD, and if you want to do this let us know and I can give you instruction (it's not the normal Repair option on the disc.)

March 14th, 2006, 5:29 pm

i did use that antivirus also but nothing, i'd appreciate if you walked me through that installation from the xp cd.
do i have to use the same cd or i can use mine? this pc belongs to a friend who most likely doesn't have the cd.
i guess my next step will be "formatting" (which i am not planning on doing due to all the hassle).
thanks for your help.

March 14th, 2006, 8:29 pm

You should be able to use any disc.

1.) Boot from the restore disc (make sure your disc drive is listed before your hard drive in the BIOS for boot order)
2.) After the blue screen pops up it will load all the drivers; do not click 'R' for repair at this time, but proceed with installing Windows
3.) It should give you some terms to agree to, and eventually notice that you have a current installation of Windows; instruct it to repair this installation
4.) The disc will copy over the setup files and restart your computer
5.) This time, do not boot from the disk, but do not take it out of the computer (just don't press any key to boot from the disk when prompted)
6.) It will load what looks like the normal Windows XP installation program; you will need your original XP serial, and whatever drivers disks you have (if you don't have a particular driver requested, don't worry, just skip it and you can do it once Windows is repaired)
7.) After this it's pretty self-explanatory; your machine will revert to whichever version of XP was on the disc (Service Pack 1, 2 or none) after which you can update the drivers and any patches/service packs needed.

Good luck!

March 14th, 2006, 8:53 pm

Thanks, i'll try that right now, but will it keep the drivers for the printers, webcam, programs and documents, this is not my pc and i wouldn' t like messing it up big time...thanks..
david

March 14th, 2006, 8:56 pm

I think you mistake what drivers are. They are the peices of code that show the computer how to talk to different parts of hardware. For the common ones like the CPU and Hard Drive they come standard. But special parts such as graphics cards and printers require them to be installed. These are easily obtainable and you won't have to worry about losing any data. (For the graphics card, even if you dont have the drivers just yet, Windows can use the card. It won't have any acceleration though and visual affects are crappy even down to choppy window animation.)

March 15th, 2006, 2:22 am

If that doesn't work or you haven't tried it try this:
Download Process Explorer from SysInternals http://www.sysinternals.com

When you load that up you see two panes in the window. The top one shows all the programs running in your system. The bottom one shows what that program is doing event wise also what files it has open. use that to find what program is using pokapoka79, Depending on what it is and how it has it open you might well be able to close the instance of the program that is using the file. Otherwise if it is something like explorer.exe you can do Start -> Run -> cmd then close the process of explorer.exe. Switch to the cmd and type the dell command then, after finished deleting do File -> Run -> explorer.exe.

March 15th, 2006, 7:16 am

guys, you are gonna laugh when you hear this,
i did what rick told me, boot up from xp pro cd and everything was going fine, until when a got a message "abc file couldn't be loaded, click to restart" , i don't know if it's because may have some scratches or God knows what...so i restarted, and this time lo and behold all those nasty processes were gone, but unfortunately i damaged my winsock files, there was no internet access and when i pinged my local host it would say:
Win2kPro: "Unable to initialize Windows Sockets interface, error code 0."

so i decided to reboot, f8, "use last good configuration"

this time the last good config came with all the garbage back and still the winsock was damaged.
so i decided to get into the registry, delete winsock and winsock2, reboot pc, go to network connections, install, have disk, choose "inf" folder from windows and reinstall TCP/IP.
this worked, now i have access to the internet since i reinstalled the winsocks.
but i still have all those nasty files running in the background.
alkatroz i haven't tried what you said but i will next.
thanks guys, you are great.
david.

March 15th, 2006, 7:29 am

Are you running Windows 2000?

EDIT: nm read the HiJack logs. Must just be an error they didn't update the text for. Are you still getting 100% cpu usage from explorer.exe?

March 15th, 2006, 9:17 am

sorry..am running xp pro, that line that says w2k...bla, bla was copied from a web site.
this is my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:14:44 AM, on 03/15/2006
Platform: Windows XP SP2, v.2135 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2135)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\dgfgql.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\yupdater.exe
C:\Documents and Settings\Your Name Here\Desktop\New Folder\HijackThis.exe

O2 - BHO: Yvakt Class - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - C:\WINDOWS\system32\wdc1n.dll
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NJv7jy] "C:\WINDOWS\system32\dgfgql.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteuzw32.exe
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Z_Start.lnk = C:\RECYCLER\S-1-5-21-1708537768-507921405-842925246-1004\Dc5.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{F74D336E-CCB1-4644-B2DD-0C7A7B46165A}: NameServer = 192.168.1.1
O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - C:\WINDOWS\system32\wdc1n.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

thanks...

March 15th, 2006, 10:15 am

Are you still getting 100% CPU usage by explorer.exe?

March 15th, 2006, 10:34 am

no..in task manager explorer takes about 25% and task manager 50%, pokapoka takes like 10%, but if i wait about 5-10 minutes, performance will go down from 75-100% to 10-25%, but still pokapoka will be there.... whoever created this nasty file is a genious...i've done pretty much everything. even going into safe mode/ command prompt and rmdir /s for the etd folder (that's where it resides),but in would still come back in normal mode.