why is EXPLORER crippling my pc when i do a local search?

Guest · May 9, 2006

CPU 100% when SEARCHING pc.i have to kill Explorer process
-------------------------------------------------------------------------------------

Hello. As the title of this post suggests, I have have a problem with my cpu
running at 100%, which over time i am corncerned will kill my

processor.

I have narrowed it down to EXPLORER.EXE demanding all of my pc's resources
when I search my local machine.
I have taken the time to read through most of the posts which seem to relate
to 100% and taken the most obvious steps including but not

limited to:

Comprehensive Virus scans by AVG, Trend PC Housecall & Norton Anti-virus.
All Definitions were updated before any scan.(except pc

housecall as this is webbased) and NONE found any viri at all. Thankfully.

Anti-Spyware and Malware by Windows Defender, Lavasoft Adaware, Spybot
Search and Destroy. Other than a few tracking cookies my

machine is clean. (updated definition files before scan)

Windows Update.

SFC /SCANNOW (this also uses 100% cpu, but as it doesn't get used very much
i am not as concerned about this).

Updated Drivers for all my hardware: Graphics card, motherboard, 1394
firewire card, webcam, scanner and printer.

Any other suggestions are welcome as search crashes explorer and i dont
fancy a burnt out cpu after only a few months use.
Here are the specs :
------------------------------------------------------------------------------------------------
WIN XP HOME
Athlon 64 3500+
1024 GB Single Channel Ram
Asus A8N5X (nvidia NForce 4 Chipset)
Gigabyte licensed Nvidia GeForce 6600GT 128mb DDR3 SLi Ready PCI Express
Samsung hard drives 165GB & 120GB in Master Slave Config (ide)
Lite-On Dual Layer DVD recorder SHW1635s
Ricoh MP5240 DVD recorder

R. McCarty · May 9, 2006

Most times under the circumstances you describe, I would start my
investigation by checking the System/Application Event Logs. It
sounds like you have issue(s) with Services.

Click Start, Run (Type) EventVwr.Msc [Enter]
Expand the category in the Left Pane and check for Red Icons in
the Right Pane that denote errors. Double-Clicking each entry will
show details such as a brief description and the Event ID #.

Just a suggestion, but I would clear all 3 logs and then reboot the PC.
Then recheck the logs - this will give you a clearer picture of events
that occur during startup and help isolate the main problem.

Guest · May 9, 2006

a great idea.Thanks. i will view and clear the logs, i know i can reproduce
this problem whenever i like. ohh. what does MVP mean in regards to microsoft
staff ?

i will post the results of my efforts. thanks again for taking the time

R. McCarty said:
Most times under the circumstances you describe, I would start my
investigation by checking the System/Application Event Logs. It
sounds like you have issue(s) with Services.

Click Start, Run (Type) EventVwr.Msc [Enter]
Expand the category in the Left Pane and check for Red Icons in
the Right Pane that denote errors. Double-Clicking each entry will
show details such as a brief description and the Event ID #.

Just a suggestion, but I would clear all 3 logs and then reboot the PC.
Then recheck the logs - this will give you a clearer picture of events
that occur during startup and help isolate the main problem.

robbie said:

CPU 100% when SEARCHING pc.i have to kill Explorer process
-------------------------------------------------------------------------------------

Hello. As the title of this post suggests, I have have a problem with my
cpu
running at 100%, which over time i am corncerned will kill my

processor.

I have narrowed it down to EXPLORER.EXE demanding all of my pc's resources
when I search my local machine.
I have taken the time to read through most of the posts which seem to
relate
to 100% and taken the most obvious steps including but not

limited to:

Comprehensive Virus scans by AVG, Trend PC Housecall & Norton Anti-virus.
All Definitions were updated before any scan.(except pc

housecall as this is webbased) and NONE found any viri at all. Thankfully.

Anti-Spyware and Malware by Windows Defender, Lavasoft Adaware, Spybot
Search and Destroy. Other than a few tracking cookies my

machine is clean. (updated definition files before scan)

Windows Update.

SFC /SCANNOW (this also uses 100% cpu, but as it doesn't get used very
much
i am not as concerned about this).

Updated Drivers for all my hardware: Graphics card, motherboard, 1394
firewire card, webcam, scanner and printer.

Any other suggestions are welcome as search crashes explorer and i dont
fancy a burnt out cpu after only a few months use.
Here are the specs :
------------------------------------------------------------------------------------------------
WIN XP HOME
Athlon 64 3500+
1024 GB Single Channel Ram
Asus A8N5X (nvidia NForce 4 Chipset)
Gigabyte licensed Nvidia GeForce 6600GT 128mb DDR3 SLi Ready PCI Express
Samsung hard drives 165GB & 120GB in Master Slave Config (ide)
Lite-On Dual Layer DVD recorder SHW1635s
Ricoh MP5240 DVD recorder

Click to expand...

R. McCarty · May 9, 2006

MVP = Most Valued Professional, not a Microsoft employee but a
recognition program for folks who donate time in helping others.
Kind of like getting cookies & juice from the Red Cross for donating
blood.

robbie said:
a great idea.Thanks. i will view and clear the logs, i know i can reproduce
this problem whenever i like. ohh. what does MVP mean in regards to
microsoft
staff ?

i will post the results of my efforts. thanks again for taking the time

R. McCarty said:

Most times under the circumstances you describe, I would start my
investigation by checking the System/Application Event Logs. It
sounds like you have issue(s) with Services.

Click Start, Run (Type) EventVwr.Msc [Enter]
Expand the category in the Left Pane and check for Red Icons in
the Right Pane that denote errors. Double-Clicking each entry will
show details such as a brief description and the Event ID #.

Just a suggestion, but I would clear all 3 logs and then reboot the PC.
Then recheck the logs - this will give you a clearer picture of events
that occur during startup and help isolate the main problem.

robbie said:

CPU 100% when SEARCHING pc.i have to kill Explorer process
-------------------------------------------------------------------------------------

Hello. As the title of this post suggests, I have have a problem with
my
cpu
running at 100%, which over time i am corncerned will kill my

processor.

I have narrowed it down to EXPLORER.EXE demanding all of my pc's
resources
when I search my local machine.
I have taken the time to read through most of the posts which seem to
relate
to 100% and taken the most obvious steps including but not

limited to:

Comprehensive Virus scans by AVG, Trend PC Housecall & Norton
Anti-virus.
All Definitions were updated before any scan.(except pc

housecall as this is webbased) and NONE found any viri at all.
Thankfully.

Anti-Spyware and Malware by Windows Defender, Lavasoft Adaware, Spybot
Search and Destroy. Other than a few tracking cookies my

machine is clean. (updated definition files before scan)

Windows Update.

SFC /SCANNOW (this also uses 100% cpu, but as it doesn't get used very
much
i am not as concerned about this).

Updated Drivers for all my hardware: Graphics card, motherboard, 1394
firewire card, webcam, scanner and printer.

Any other suggestions are welcome as search crashes explorer and i dont
fancy a burnt out cpu after only a few months use.
Here are the specs :
------------------------------------------------------------------------------------------------
WIN XP HOME
Athlon 64 3500+
1024 GB Single Channel Ram
Asus A8N5X (nvidia NForce 4 Chipset)
Gigabyte licensed Nvidia GeForce 6600GT 128mb DDR3 SLi Ready PCI
Express
Samsung hard drives 165GB & 120GB in Master Slave Config (ide)
Lite-On Dual Layer DVD recorder SHW1635s
Ricoh MP5240 DVD recorder

Click to expand...

Click to expand...

Don Taylor · May 9, 2006

R. McCarty said:
Most times under the circumstances you describe, I would start my
investigation by checking the System/Application Event Logs. It
sounds like you have issue(s) with Services.

It seems that historically, and I believe intentionally by design,
that Windows Explorer rarely ever leaves a trail of breadcrumbs
in the Event Viewer to explain what happened. It can crash and
reboot hourly and never leave a hint that it did this or why.

But a miracle might happen and he might get lucky.

If the original poster does find that the Event Viewer did
diagnose the cause, let folks know. And if not, please do
the same, just so others can learn from this.

Thank you

Click Start, Run (Type) EventVwr.Msc [Enter]
Expand the category in the Left Pane and check for Red Icons in
the Right Pane that denote errors. Double-Clicking each entry will
show details such as a brief description and the Event ID #.

Guest · May 10, 2006

Explorer.exe is supposed to be in...
C:\WINDOWS
and
C:\WINDOWS\System32
nowhere else.
-----
???

Rob

robbie said:
Hi and thanks to everyone for taking the time to assist me with this problem.
Unfortunately, they have all failed thus far to make a difference to this
problem

Having tried every suggestion, i decided to to install HiJackThis.
On the initial was relatively boring and predictable, but on the MISC TOOLS
menu i decided to "Generate STARTUPLIST Log" with the "LIST MINOR SECTIONS"
checkbox checked.. it came up with sopmething interesting regarding
EXPLORER.EXE . The interesting part is about halfway down, regarding the
shell and registry entries... have a look... any suggestions for correcting
this would be greatly appreciated.

Thanks again.

StartupList report, 10/05/2006, 08:39:04
StartupList version: 1.52.2
Started from : F:\DOCUME~1\Bean\LOCALS~1\Temp\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\DOCUME~1\Bean\LOCALS~1\Temp\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[F:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = F:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
TkBellExe = "F:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
SunJavaUpdateSched = F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
QuickTime Task = "F:\Program Files\QuickTime\qttask.exe" -atboottime
Logitech Hardware Abstraction Layer = KHALMNPR.EXE
InCD = F:\Program Files\Ahead\InCD\InCD.exe
SoundMan = SOUNDMAN.EXE
NvMediaCenter = RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nTrayFw = F:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nTrayFw.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
LDM = F:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe
Windows Registry Repair Pro = F:\Program Files\3B Software\Windows Registry
Repair Pro\RegistryRepairPro.exe 4

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = F:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE
/CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB
/CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = F:\WINDOWS\system32\Rundll32.exe
F:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from F:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

F:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
F:\WINDOWS\Explorer\Explorer.exe: not present
F:\WINDOWS\System\Explorer.exe: not present
F:\WINDOWS\System32\Explorer.exe: not present
F:\WINDOWS\Command\Explorer.exe: not present
F:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -
{02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll -
{53707962-6F74-2D53-2644-206D7942484F}
(no name) - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - F:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = F:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = F:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[MUWebControl Class]
InProcServer32 = F:\WINDOWS\system32\muweb.dll
CODEBASE =
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147014114343

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: F:\WINDOWS\system32\pnrpnsp.dll
NameSpace #2: F:\WINDOWS\system32\pnrpnsp.dll
Protocol #1: F:\WINDOWS\system32\nvappfilter.dll
Protocol #2: F:\WINDOWS\system32\nvappfilter.dll
Protocol #3: F:\WINDOWS\system32\nvappfilter.dll
Protocol #4: F:\WINDOWS\system32\nvappfilter.dll
Protocol #5: F:\WINDOWS\system32\nvappfilter.dll
Protocol #6: F:\WINDOWS\system32\nvappfilter.dll
Protocol #7: F:\WINDOWS\system32\nvappfilter.dll
Protocol #8: F:\WINDOWS\system32\nvappfilter.dll
Protocol #9: F:\WINDOWS\system32\nvappfilter.dll
Protocol #10: F:\WINDOWS\system32\nvappfilter.dll
Protocol #11: F:\WINDOWS\system32\nvappfilter.dll
Protocol #12: F:\WINDOWS\system32\nvappfilter.dll
Protocol #13: F:\WINDOWS\system32\nvappfilter.dll
Protocol #14: F:\WINDOWS\system32\nvappfilter.dll
Protocol #15: F:\WINDOWS\system32\nvappfilter.dll
Protocol #16: F:\WINDOWS\system32\nvappfilter.dll
Protocol #17: F:\WINDOWS\system32\nvappfilter.dll
Protocol #35: F:\WINDOWS\system32\nvappfilter.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

ASInsHelp: \??\F:\WINDOWS\system32\drivers\AsInsHelp32.sys (autostart)
Aspi32: System32\drivers\aspi32.sys (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
AVG7 Alert Manager Server: F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
(autostart)
AVG7 Update Service: F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG E-mail Scanner: F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch
(autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
ForceWare Intelligent Application Manager (IAM): F:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
InCD Helper: F:\Program Files\Ahead\InCD\InCDsrv.exe (autostart)
RIP Listener: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService
(autostart)
ForceWare IP service: F:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcIp.exe (autostart)
ForceWare user log service: F:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcLog.exe (autostart)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss
(autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
Windows Firewall/Internet Connection Sharing (ICS):

Guest · May 10, 2006

ok, so Explorer.exe should be in :\SYSTEM32 and :\ windows correct ?

well the system 32 explorer is definitely missing... why did SFC /scannow
not pick this up ?

so it looks like i'll have to expand / extract some cab files from my xp cd.
anybody know which ones contain what progs ?

robbie said:
Hi and thanks to everyone for taking the time to assist me with this problem.
Unfortunately, they have all failed thus far to make a difference to this
problem

Having tried every suggestion, i decided to to install HiJackThis.
On the initial was relatively boring and predictable, but on the MISC TOOLS
menu i decided to "Generate STARTUPLIST Log" with the "LIST MINOR SECTIONS"
checkbox checked.. it came up with sopmething interesting regarding
EXPLORER.EXE . The interesting part is about halfway down, regarding the
shell and registry entries... have a look... any suggestions for correcting
this would be greatly appreciated.

Thanks again.

StartupList report, 10/05/2006, 08:39:04
StartupList version: 1.52.2
Started from : F:\DOCUME~1\Bean\LOCALS~1\Temp\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\DOCUME~1\Bean\LOCALS~1\Temp\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[F:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = F:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
TkBellExe = "F:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
SunJavaUpdateSched = F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
QuickTime Task = "F:\Program Files\QuickTime\qttask.exe" -atboottime
Logitech Hardware Abstraction Layer = KHALMNPR.EXE
InCD = F:\Program Files\Ahead\InCD\InCD.exe
SoundMan = SOUNDMAN.EXE
NvMediaCenter = RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nTrayFw = F:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nTrayFw.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
LDM = F:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe
Windows Registry Repair Pro = F:\Program Files\3B Software\Windows Registry
Repair Pro\RegistryRepairPro.exe 4

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = F:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE
/CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB
/CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = F:\WINDOWS\system32\Rundll32.exe
F:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from F:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

F:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
F:\WINDOWS\Explorer\Explorer.exe: not present
F:\WINDOWS\System\Explorer.exe: not present
F:\WINDOWS\System32\Explorer.exe: not present
F:\WINDOWS\Command\Explorer.exe: not present
F:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -
{02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll -
{53707962-6F74-2D53-2644-206D7942484F}
(no name) - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - F:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = F:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = F:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[MUWebControl Class]
InProcServer32 = F:\WINDOWS\system32\muweb.dll
CODEBASE =
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147014114343

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: F:\WINDOWS\system32\pnrpnsp.dll
NameSpace #2: F:\WINDOWS\system32\pnrpnsp.dll
Protocol #1: F:\WINDOWS\system32\nvappfilter.dll
Protocol #2: F:\WINDOWS\system32\nvappfilter.dll
Protocol #3: F:\WINDOWS\system32\nvappfilter.dll
Protocol #4: F:\WINDOWS\system32\nvappfilter.dll
Protocol #5: F:\WINDOWS\system32\nvappfilter.dll
Protocol #6: F:\WINDOWS\system32\nvappfilter.dll
Protocol #7: F:\WINDOWS\system32\nvappfilter.dll
Protocol #8: F:\WINDOWS\system32\nvappfilter.dll
Protocol #9: F:\WINDOWS\system32\nvappfilter.dll
Protocol #10: F:\WINDOWS\system32\nvappfilter.dll
Protocol #11: F:\WINDOWS\system32\nvappfilter.dll
Protocol #12: F:\WINDOWS\system32\nvappfilter.dll
Protocol #13: F:\WINDOWS\system32\nvappfilter.dll
Protocol #14: F:\WINDOWS\system32\nvappfilter.dll
Protocol #15: F:\WINDOWS\system32\nvappfilter.dll
Protocol #16: F:\WINDOWS\system32\nvappfilter.dll
Protocol #17: F:\WINDOWS\system32\nvappfilter.dll
Protocol #35: F:\WINDOWS\system32\nvappfilter.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

ASInsHelp: \??\F:\WINDOWS\system32\drivers\AsInsHelp32.sys (autostart)
Aspi32: System32\drivers\aspi32.sys (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
AVG7 Alert Manager Server: F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
(autostart)
AVG7 Update Service: F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG E-mail Scanner: F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch
(autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs
(autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
ForceWare Intelligent Application Manager (IAM): F:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
InCD Helper: F:\Program Files\Ahead\InCD\InCDsrv.exe (autostart)
RIP Listener: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService
(autostart)
ForceWare IP service: F:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcIp.exe (autostart)
ForceWare user log service: F:\Program Files\NVIDIA
Corporation\NetworkAccessManager\bin\nSvcLog.exe (autostart)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss
(autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs
(autostart)
Windows Firewall/Internet Connection Sharing (ICS):

CPU 100% when SEARCHING pc.i have to kill Explorer process	4	May 8, 2006
Trojans, viruses, spyware, malware.. ALL ON ONE PC!?! Incredibal S	19	Dec 24, 2007
How do I make a log of when my pc F's up	2	Jun 25, 2007
Zorin - my take on it	5	Feb 13, 2015
Explorer crashes when I open a folder or view drives in my compute	6	May 4, 2006
a black screen with progressive bar when I turn on the PC	3	Oct 20, 2007
My words	11	Oct 15, 2005
How do I start Recovery CD?	14	Apr 24, 2005

why is EXPLORER crippling my pc when i do a local search?

Guest

R. McCarty

Guest

R. McCarty

Don Taylor

Guest

Guest

Ask a Question

Similar Threads