Situation: Vista Home Basic, blocked because CPU ist runnung with 100% and explorer.exe with >90% with path to C:\programs. HiJackThis shows no infection. (Thanks to Niemiro).
Process Explorer shows in explorer.exe --> Properties --> Threads 2 to 3 ntdll.dll with >90.000.000 Cycles Delta and SHLWAPI.dll with >1.000.000 Cycles Delta. When I suspend the ntdll.dll, the Windows Explorer behaves normal until to the next system start.
The Process Monitor shows a continous CreateFile/CloseFile in the explorer.exe with the path C:\programs.
My request to the experts in this group:
How can I find the program or the procedure starting this CreateFile/CloseFile ?
(Deactivating all services, all startup programs and the AVAST does not help, but in Safety Mode all is o.k.)
Thanks for your help
Albert
Process Explorer shows in explorer.exe --> Properties --> Threads 2 to 3 ntdll.dll with >90.000.000 Cycles Delta and SHLWAPI.dll with >1.000.000 Cycles Delta. When I suspend the ntdll.dll, the Windows Explorer behaves normal until to the next system start.
The Process Monitor shows a continous CreateFile/CloseFile in the explorer.exe with the path C:\programs.
My request to the experts in this group:
How can I find the program or the procedure starting this CreateFile/CloseFile ?
(Deactivating all services, all startup programs and the AVAST does not help, but in Safety Mode all is o.k.)
Thanks for your help
Albert