Hi, The process explorer.exe seems to be using 100% of my cpu most of the time. I had found similar problems previously on the forum and taking hints from that I am posting the log of highjack this. If any body can tell me whats happening and how do I correct the error, it'll be a great help. Logfile of HijackThis v1.97.7 Scan saved at 9:25:44 PM, on 4/28/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\PDesk\PDesk.exe C:\PROGRA~1\Symantec\SAV8\vptray.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\Symantec\SAV8\DefWatch.exe C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe C:\WINDOWS\System32\mgabg.exe C:\PROGRA~1\Symantec\SAV8\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Documents and Settings\1625-4\My Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ncsu.edu/ R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec\SAV8\vptray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com/cabs/videox.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38037.352662037 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Have you run your AV and tried seeing if programs like Adaware and Spybot see anything on your harddrive . Need to try these simple steps first and see if that gets you anywhere .

Hi, I actually ran the Adaware and it did find many 'objects' which I deleted. After that the computer became alright for some time. But the problem has started occuring again, and now Adaware too doesnt find anything. One more thing, the log that I put above was taken when the computer was functioning normally. Should I take a log when the problem is actually happening ? Thanks ..

One more thing, the log that I put above was taken when the computer was functioning normally. Posting the problem log, will help. There is no tool to fix it yet, I will look at it. Should I take a log when the problem is actually happening ? Yes

Hi there, I'm experiencing the same Problem as nobkis. But I also have another Problem, and don't know if this is also caused by the same thing that causes the 100% explorer usage, or if it's something completely different. Gather around and listen of my story about a brave, yet not so clever computer hero and his fight against the evil explorer usage. I have 2 Harddrives (1 Main for the OS and the other for my Data), and after I encountered this nifty little Problem with the explorer I, as always, first tested if this is a hardware problem. It wasn't. But during my tests I realized that whenever I started Win XP without my secound HD (where the Data is) the explorer Problem didn't show up. After I ran ran all my anti Virus Programs over my Main Drive (which worked because as i described the problem only occured when my Data drive was also plugged on), just out of caution, and reattached the Data drive afterwards the problem was gone ... For about 10 Minutes. Then another Problem occured. Somehow My User account on Win XP was logged off. The OS was still running, but simply without all the hotfix stuff from windows which invited my old Virus pal (don't know it's name). the one that says that the system is shutting down in 60 secounds. So afterall I don't know if I defeated the 100% Explorer Usage problem, which would mean that the "logging off my Win XP User Account" Problem would be a completely other one and that I created a spam post here (and I would be really sorry if this is the case), or if the described account log off Problem is in fact another Virus or something that occured really some minutes after i defeated the 100% Problem.If latter would be the case it would also mean that I must have a very bad day today, and that I should think about spending my time more in mother nature. Well, I hope this description of my fight against the 100% Problem helped/will help. And I'm sorry for my kinda long text, but I tend to overdescribe some things when I write them down. Especially when I write it down in a language that isn't my own. Greetings from $$$Rayder$$$

Ok, here is the problem log ! Logfile of HijackThis v1.97.7 Scan saved at 8:06:14 PM, on 5/2/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\PDesk\PDesk.exe C:\PROGRA~1\Symantec\SAV8\vptray.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\Symantec\SAV8\DefWatch.exe C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe C:\WINDOWS\System32\mgabg.exe C:\PROGRA~1\Symantec\SAV8\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common files\updater\wupdater.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\1625-4\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.portalsearching.com/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.portalsearching.com/search.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ncsu.edu/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.portalsearching.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.portalsearching.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.portalsearching.com/search.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.portalsearching.com/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.portalsearching.com/search.php?phrase=%s R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\m3tsp8.dll O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_22.dll O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {D6862A22-1DD6-11D3-BB7C-444553540000} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec\SAV8\vptray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38037.352662037 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab nobkis

First go to Add/Remove programs, and uninstall New.Net http://www.newdotnet.com/#remove Put a check next to these, click "fix checked" and reboot. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.portalsearching.com/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.portalsearching.com/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.portalsearching.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.portalsearching.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.portalsearching.com/search.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.portalsearching.com/search.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.portalsearching.com/search.php?phrase=%s O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\m3tsp8.dll O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_22.dll O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll O2 - BHO: (no name) - {D6862A22-1DD6-11D3-BB7C-444553540000} - (no file) O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe Update IE to version 6sp1 and get all critical updates. http://v4.windowsupdate.microsoft.com Good luck