Hi! I have used Spybot S&D and Adaware 6.0 as well as Manually going through my computer after results given through Pest Patrol...

Anyway my problem is that "explorer.exe" or perhaps a virus or some kind of thing that has meshed onto that program is constantly using 99-100% of my computer memory making my computer take minutes to open one thing to the next.

My START button isn't functional and I have to alt tab to get things on my toolbar, cause I FORTUNATELY know that much about computers. I am not doing anything out of the ordinary and recently my brother or his friends downloaded grokster amongst other things... a program known as "qehhynpe.exe" which although I have multiple times gone through msconfig trying to stop that from happening at restart every few restarts shows its ugly face.

I think I might have a virus of some kind that possibly by not getting every file related to whatever it is that replicates goes and spawns to other places to my computer so that when I think I have fixed the problem or at least when I am partially convinced that I am closer to fixing the problem and can start doing some things that I was at one point not able to it gets worse. Right now it is the worst is has ever been...

It CONSTANTLY wanted to not respond to me when I opened my c:\windows\system32 folder after a minute or two of attempting to open... I found this to be odd because when I went to open other programs from my desktop (start button/toolbar isn't fuctioning) other areas didn't open as smoothly as they should have but certainly they didn't "not respond," "need to exit" type thing.

Oh and this string keeps appearing in my registry under a few places the location is different but it always ends with:

" {ddffa75a-e81d-4454-89fc-b9fd0631e726} "

Anyway here is my log of HighJackThis at the point I am at right now... hopefully I can fully clean this bug/set of bugs before I try to restart again. Thx.

Logfile of HijackThis v1.97.7
Scan saved at 1:25:00 AM, on 1/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\PestPatrol\PestPatrol.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\Saves\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\Administrator\dp-b23011805.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37650.9201157407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thx again for helping me!

-Natalie

After looking up that whole

"ddffa" etc etc thing... on the net a bit I discovered other people had my same problem!!! So far what has worked is if you go the website from where the thing is from cause the "ddffa" is ACTUALLY a program called Look2Me if you go and type in your email addy at the bottom they send you a copy of the uninstaller to your email addy with a cdkey or something to type in.

I did this and everything SEEMS to be 100000x better. We shall see if it in actuality is in a little bit this was all of like 2 minutes ago. So I don't know if they just changed the program from effecting explorer.exe to svchost.exe by the way my task manager looks but so far good results. I hope this helps someone else with my problem... cause it is a really awful.

Get the uninstaller here...

http://www.look2me.com/app/UnInstall.php

As for the rest of my HJT if anyone sees anything else awful lemme know I will check back...

-Meep

Natalie,

Could you follow this up in sequence:

*If you have run and fixed anything with Spybot Search and Destroy or AdAware since you last booted, please reboot before scanning.

Then,
* If you have anything disabled by MSConfig or any other startup manager, please re-enable it (before scanning to post).

Then,
Please rescan with HijackThis and post that new log.

Thanks

iceblue

FYI--- I was foolish to believe the company that gave me this horrendous problem would fix it for me.

Do NOT bother with that link I just thought fixed it. It only moves the problem to svchost.exe and then if you try to exit that program it gives you like 45 seconds before your computer shuts down and when you restart if you try to do the uninstaller again it says that there isn't any version of the program installed.

It is very clever... I am hoping one of you guys is more so than this program. I am quite frustrated. Please help me.

-Meep

Oh and thx iceblue for trying to help me out I appreciate it more than you know!!! I will get to posting the new hijackthis log right away.

I found a solution in:
http://www.windows-tweaks.info/html/cpu-auslastung.html
It's a german site but it seemed to work for me.

What you need to do is find all the files that loaded just before this happened. It happened to me when I downloaded some program cracks from a website. In order to dload the crack you have to accept the "toolbar" or whatever. When you click yes thes programs are loaded to your drive unknowingly. Spybot, adaware and pest patrol will not find them. They are .exe and dll's. Sometimes they will show up in task manager. When you see them there write down the name and search for all of the variants to that. I use a file manager that will allow me to list all files. Then I find the files that have the same time stamp as the crack I downloaded. I just delete the files that look strange and that solves the problem.
Hope this helps you.
email me if not and I'll get you through it. It frustrated the $%$% out of me for 2 days until I figured it out.
Mark