Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Explorer.exe taking a lot of CPU. Please help
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Explorer.exe taking a lot of CPU. Please help  
Forum Quick Jump
 
New Topic Post reply to : Explorer.exe taking a lot of CPU. Please help Printable version of : Explorer.exe taking a lot of CPU. Please help
[ << Previous Thread | Next Thread >> ]

Paul Delisle
New Member


Date Joined Dec 2005
Total Posts : 5
  		   Posted 12-28-2005 9:44 (GMT +1)    Quote: Explorer.exe taking a lot of CPU. Please helpAlert an admin about: Explorer.exe taking a lot of CPU. Please help
My computer has become very slow. Explorer.exe is using a LOT of cpu. Couldn't find anything wrong with AVG and MS AntiSpyware. Any help would be greatly appreciated. Here is the log from HijackThis.

Thanks in advance
Paul

Logfile of HijackThis v1.99.1
Scan saved at 2:32:55 PM, on 12/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
J:\WINDOWS\system32\mgabg.exe
J:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\Tablet.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
J:\Program Files\Analog Devices\SoundMAX\Smax4.exe
J:\Program Files\QuickTime\qttask.exe
J:\WINDOWS\system32\PDesk\PDesk.exe
J:\WINDOWS\system32\LVCOMSX.EXE
J:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
J:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
J:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
J:\Program Files\Messenger\MSMSGS.EXE
J:\WINDOWS\system32\ctfmon.exe
J:\WINDOWS\system32\WTablet\TabUserW.exe
J:\WINDOWS\system32\wuauclt.exe
J:\WINDOWS\system32\taskmgr.exe
E:\DOWNLOADS\HiJackThis\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - j:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] J:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "J:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] J:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] J:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [LVCOMSX] J:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [gcasServ] "J:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] J:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] J:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.exe.lnk = J:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://j:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://j:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://j:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://j:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://j:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://j:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128043685640
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "J:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - J:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - J:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - J:\WINDOWS\system32\mgabg.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - J:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - J:\WINDOWS\system32\Tablet.exe
Back to Top
 

­
Trusted Member




Date Joined Dec 2005
Total Posts : 113
  		   Posted 12-30-2005 1:10 (GMT +1)    Quote: Explorer.exe taking a lot of CPU. Please helpAlert an admin about: Explorer.exe taking a lot of CPU. Please help
HuMmm.. i don't know.
Bought material recently ? May be a conflict.
A lot of CPU, ok. Which is the name of the process which uses some more?

Message Edité (€) : 12/30/2005 12:24:06 AM GMT

Back to Top
 

Paul Delisle
New Member


Date Joined Dec 2005
Total Posts : 5
  		   Posted 12-30-2005 2:04 (GMT +1)    Quote: Explorer.exe taking a lot of CPU. Please helpAlert an admin about: Explorer.exe taking a lot of CPU. Please help
No new material. It seems to be realted to starting windows explorer. The process explorer.exe starts to take 60% plus CPU and wont stop once started even if I close the explorer window. This is usually a symptom of virus or spyware but I can't detect anything so far with AVG, Norton, AntiSpyware, Spybot, ect.
Any suggestions?


Back to Top
 

­
Trusted Member




Date Joined Dec 2005
Total Posts : 113
  		   Posted 12-30-2005 2:16 (GMT +1)    Quote: Explorer.exe taking a lot of CPU. Please helpAlert an admin about: Explorer.exe taking a lot of CPU. Please help
Yes, i have suggestions.
Download this analysis tool and extract it on C:\
Then we're going to make a script.
Click Start > Execute > notepad.exe

Paste this:

@ECHO OFF
@ECHO Paul Delisle Lib Analysis on Explorer Process
@ECHO Please wait ....
LISTDLLS -r explorer.exe > explorer_analysis.txt
CLS
@ECHO Now, past only lines about Base, Size, Version, and Path on bullguard forum.
pause
notepad explorer_analysis.txt
exit

In your notepad, select File > Save as "C:\analyse.cmd"
Execute C:\analyse.cmd

See you later.
Back to Top
 

Paul Delisle
New Member


Date Joined Dec 2005
Total Posts : 5
  		   Posted 12-30-2005 5:18 (GMT +1)    Quote: Explorer.exe taking a lot of CPU. Please helpAlert an admin about: Explorer.exe taking a lot of CPU. Please help
Thanks for your help. Here is the information you requested:

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 2024
Command line: J:\WINDOWS\Explorer.EXE
  Base        Size      Version         Path
  0x01000000  0xff000   6.00.2900.2180  J:\WINDOWS\Explorer.EXE
  0x7c900000  0xb0000   5.01.2600.2180  J:\WINDOWS\system32\ntdll.dll
  0x7c800000  0xf4000   5.01.2600.2180  J:\WINDOWS\system32\kernel32.dll
  0x77c10000  0x58000   7.00.2600.2180  J:\WINDOWS\system32\msvcrt.dll
  0x77dd0000  0x9b000   5.01.2600.2180  J:\WINDOWS\system32\ADVAPI32.dll
  0x77e70000  0x91000   5.01.2600.2180  J:\WINDOWS\system32\RPCRT4.dll
  0x77f10000  0x47000   5.01.2600.2770  J:\WINDOWS\system32\GDI32.dll
  0x77d40000  0x90000   5.01.2600.2622  J:\WINDOWS\system32\USER32.dll
  0x77f60000  0x76000   6.00.2900.2781  J:\WINDOWS\system32\SHLWAPI.dll
  0x7c9c0000  0x815000  6.00.2900.2763  J:\WINDOWS\system32\SHELL32.dll
  0x774e0000  0x13d000  5.01.2600.2726  J:\WINDOWS\system32\ole32.dll
  0x77120000  0x8c000   5.01.2600.2180  J:\WINDOWS\system32\OLEAUT32.dll
  0x75f80000  0xfd000   6.00.2900.2802  J:\WINDOWS\system32\BROWSEUI.dll
  0x77760000  0x16e000  6.00.2900.2805  J:\WINDOWS\system32\SHDOCVW.dll
  0x77a80000  0x94000   5.131.2600.2180  J:\WINDOWS\system32\CRYPT32.dll
  0x77b20000  0x12000   5.01.2600.2180  J:\WINDOWS\system32\MSASN1.dll
  0x754d0000  0x80000   5.131.2600.2180  J:\WINDOWS\system32\CRYPTUI.dll
  0x76c30000  0x2e000   5.131.2600.2180  J:\WINDOWS\system32\WINTRUST.dll
  0x76c90000  0x28000   5.01.2600.2180  J:\WINDOWS\system32\IMAGEHLP.dll
  0x5b860000  0x54000   5.01.2600.2180  J:\WINDOWS\system32\NETAPI32.dll
  0x771b0000  0xa6000   6.00.2900.2781  J:\WINDOWS\system32\WININET.dll
  0x76f60000  0x2c000   5.01.2600.2180  J:\WINDOWS\system32\WLDAP32.dll
  0x77c00000  0x8000    5.01.2600.2180  J:\WINDOWS\system32\VERSION.dll
  0x5ad70000  0x38000   6.00.2900.2180  J:\WINDOWS\system32\UxTheme.dll
  0x5cb70000  0x26000   5.01.2600.2180  J:\WINDOWS\system32\ShimEng.dll
  0x6f880000  0x1ca000  5.01.2600.2180  J:\WINDOWS\AppPatch\AcGenral.DLL
  0x76b40000  0x2d000   5.01.2600.2180  J:\WINDOWS\system32\WINMM.dll
  0x77be0000  0x15000   5.01.2600.2180  J:\WINDOWS\system32\MSACM32.dll
  0x769c0000  0xb3000   5.01.2600.2180  J:\WINDOWS\system32\USERENV.dll
  0x773d0000  0x102000  6.00.2900.2180  J:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
  0x5d090000  0x97000   5.82.2900.2180  J:\WINDOWS\system32\comctl32.dll
  0x77b40000  0x22000   5.01.2600.2180  J:\WINDOWS\system32\appHelp.dll
  0x76fd0000  0x7f000   2001.12.4414.0308  J:\WINDOWS\system32\CLBCATQ.DLL
  0x77050000  0xc5000   2001.12.4414.0258  J:\WINDOWS\system32\COMRes.dll
  0x77a20000  0x54000   5.01.2600.2180  J:\WINDOWS\System32\cscui.dll
  0x76600000  0x1d000   5.01.2600.2180  J:\WINDOWS\System32\CSCDLL.dll
  0x5ba60000  0x71000   6.00.2900.2180  J:\WINDOWS\System32\themeui.dll
  0x77fe0000  0x11000   5.01.2600.2180  J:\WINDOWS\System32\Secur32.dll
  0x76380000  0x5000    5.01.2600.2180  J:\WINDOWS\System32\MSIMG32.dll
  0x20000000  0x2c5000  5.01.2600.2180  J:\WINDOWS\system32\xpsp2res.dll
  0x71d40000  0x1c000   6.00.2900.2180  J:\WINDOWS\System32\actxprxy.dll
  0x5fc10000  0x33000   5.01.2600.2180  J:\WINDOWS\System32\msutb.dll
  0x74720000  0x4b000   5.01.2600.2180  J:\WINDOWS\System32\MSCTF.dll
  0x71bf0000  0x13000   5.01.2600.2180  J:\WINDOWS\system32\SAMLIB.dll
  0x76990000  0x25000   5.01.2600.2180  J:\WINDOWS\system32\ntshrui.dll
  0x76b20000  0x11000   3.05.2284.0000  J:\WINDOWS\system32\ATL.DLL
  ### Relocated from base of 0x745e0000:
  0x013b0000  0x2c6000  3.01.4000.2435  J:\WINDOWS\system32\msi.dll
  0x77920000  0xf3000   5.01.2600.2180  J:\WINDOWS\system32\SETUPAPI.dll
  0x76400000  0x1a6000  5.01.2600.2180  J:\WINDOWS\system32\NETSHELL.dll
  0x76e80000  0xe000    5.01.2600.2180  J:\WINDOWS\system32\rtutils.dll
  0x76c00000  0x2e000   5.01.2600.2180  J:\WINDOWS\system32\credui.dll
  0x71ab0000  0x17000   5.01.2600.2180  J:\WINDOWS\system32\WS2_32.dll
  0x71aa0000  0x8000    5.01.2600.2180  J:\WINDOWS\system32\WS2HELP.dll
  0x76d60000  0x19000   5.01.2600.2180  J:\WINDOWS\system32\iphlpapi.dll
  ### Relocated from base of 0x00400000:
  0x01790000  0x1b000   1.00.0701.0010  J:\Program Files\Microsoft AntiSpyware\shellextension.dll
  0x76980000  0x8000    5.01.2600.2751  J:\WINDOWS\system32\LINKINFO.dll
  0x76360000  0x10000   5.01.2600.2180  J:\WINDOWS\system32\WINSTA.dll
  0x77260000  0x9f000   6.00.2900.2790  J:\WINDOWS\system32\urlmon.dll
  0x74b30000  0x46000   6.00.2900.2180  J:\WINDOWS\System32\webcheck.dll
  0x71ad0000  0x9000    5.01.2600.2180  J:\WINDOWS\System32\WSOCK32.dll
  0x76280000  0x21000   5.01.2600.2180  J:\WINDOWS\System32\stobject.dll
  0x74af0000  0xa000    6.00.2900.2180  J:\WINDOWS\System32\BatMeter.dll
  0x74ad0000  0x8000    6.00.2900.2180  J:\WINDOWS\System32\POWRPROF.dll
  0x76f50000  0x8000    5.01.2600.2180  J:\WINDOWS\System32\WTSAPI32.dll
  0x72d20000  0x9000    5.01.2600.2180  J:\WINDOWS\system32\wdmaud.drv
  ### Relocated from base of 0x10000000:
  0x01840000  0x1f000   6.72.0000.0018  J:\WINDOWS\system32\PDesk\PDKERNEL.DLL
  ### Relocated from base of 0x10000000:
  0x019d0000  0x30000   6.72.0000.0018  J:\WINDOWS\system32\PDesk\PDTOOLS.DLL
  ### Relocated from base of 0x10000000:
  0x01a00000  0x26000   6.72.0000.0018  J:\WINDOWS\system32\PDesk\PDRESENG.DLL
  0x0ffd0000  0x28000   5.01.2600.2161  J:\WINDOWS\system32\rsaenh.dll
  0x72d10000  0x8000    5.01.2600.0000  J:\WINDOWS\system32\msacm32.drv
  0x77bd0000  0x7000    5.01.2600.2180  J:\WINDOWS\system32\midimap.dll
  0x7c340000  0x56000   7.10.3052.0004  J:\WINDOWS\system32\MSVCR71.dll
  ### Relocated from base of 0x20000000:
  0x01710000  0x12000   6.00.2900.2180  J:\WINDOWS\system32\browselc.dll
  0x6c1b0000  0x4d000   5.01.2600.2180  J:\WINDOWS\system32\DUSER.dll
  0x5b430000  0x10000   5.01.2600.0000  J:\WINDOWS\system32\tsappcmp.dll
  0x75cf0000  0x91000   6.00.2900.2180  J:\WINDOWS\system32\MLANG.dll
  0x71b20000  0x12000   5.01.2600.2180  J:\WINDOWS\system32\MPR.dll
  0x75f60000  0x7000    5.01.2600.2180  J:\WINDOWS\System32\drprov.dll
  0x71c10000  0xe000    5.01.2600.2180  J:\WINDOWS\System32\ntlanman.dll
  0x71cd0000  0x17000   5.01.2600.2180  J:\WINDOWS\System32\NETUI0.dll
  0x71c90000  0x40000   5.01.2600.2180  J:\WINDOWS\System32\NETUI1.dll
  0x71c80000  0x7000    5.01.2600.2180  J:\WINDOWS\System32\NETRAP.dll
  0x75f70000  0x9000    5.01.2600.2180  J:\WINDOWS\System32\davclnt.dll
  0x75e90000  0xb0000   5.01.2600.2180  J:\WINDOWS\system32\SXS.DLL
  ### Relocated from base of 0x20000000:
  0x00e50000  0x88000   6.00.2900.2180  J:\WINDOWS\system32\shdoclc.dll
  0x00c90000  0x2c000                   J:\Program Files\WinRAR\rarext.dll
  ### Relocated from base of 0x10000000:
  0x00cc0000  0x11000   1.00.0000.0001  J:\Program Files\ewido anti-malware\context.dll
  ### Relocated from base of 0x10000000:
  0x00ce0000  0xc000    1.00.0000.0001  J:\Program Files\ewido anti-malware\lang.dll
  0x7c3a0000  0x7b000   7.10.3077.0000  J:\WINDOWS\system32\MSVCP71.dll
  ### Relocated from base of 0x00400000:
  0x00cf0000  0x1b000   2.01.0000.0000  J:\Program Files\Beyond Compare 2\BCShellEx.dll
  0x621a0000  0xe000    7.01.0000.0354  J:\Program Files\Grisoft\AVG Free\avgse.dll
  0x73380000  0x57000   6.00.2900.2180  J:\WINDOWS\System32\zipfldr.dll
  ### Relocated from base of 0x10000000:
  0x00ee0000  0xb000    6.00.0000.0878  J:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  0x325c0000  0x12000   11.00.5510.0000  J:\Program Files\Microsoft Office\OFFICE11\msohev.dll
  0x75970000  0xf7000   5.01.2600.2180  J:\WINDOWS\system32\MSGINA.dll
  0x74320000  0x3d000   3.525.1117.0000  J:\WINDOWS\system32\ODBC32.dll
  0x763b0000  0x49000   6.00.2900.2180  J:\WINDOWS\system32\comdlg32.dll
  ### Relocated from base of 0x20000000:
  0x02ce0000  0x17000   3.525.1117.0000  J:\WINDOWS\system32\odbcint.dll
  0x73ba0000  0x13000   5.01.2600.2180  J:\WINDOWS\System32\sti.dll
  0x74ae0000  0x7000    5.01.2600.2180  J:\WINDOWS\System32\CFGMGR32.dll
  0x72410000  0x1a000   6.00.2900.2180  J:\WINDOWS\System32\mydocs.dll
  0x593f0000  0x92000   5.01.2600.2180  J:\WINDOWS\system32\wiashext.dll
  0x4ec50000  0x1a3000  5.01.3102.2180  J:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
  0x10000000  0xd000    1.00.0000.0001  J:\Program Files\ewido anti-malware\shellhook.dll
  0x73d70000  0x13000   6.00.2900.2180  J:\WINDOWS\System32\shgina.dll
  0x092d0000  0x79000   5.02.3790.3646  J:\WINDOWS\system32\Audiodev.dll
  0x086c0000  0x244000  10.00.0000.3646  J:\WINDOWS\system32\WMVCore.DLL
  0x070d0000  0x3b000   10.00.0000.3646  J:\WINDOWS\system32\WMASF.DLL
  ### Relocated from base of 0x10000000:
  0x02c60000  0x28000   8.04.0006.1016  J:\WINDOWS\Twain_32\QuickCam\lvWIAext.dll
  0x60980000  0x7000    3.01.4000.1823  J:\WINDOWS\system32\MSISIP.DLL
  0x74ea0000  0x10000   5.06.0000.8820  J:\WINDOWS\System32\wshext.dll
  0x73dd0000  0xfe000   6.02.4131.0000  J:\WINDOWS\system32\MFC42.DLL
  0x36d30000  0x1a000   11.00.6551.0000  J:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
Back to Top
 

­
Trusted Member




Date Joined Dec 2005
Total Posts : 113
  		   Posted 12-30-2005 5:59 (GMT +1)    Quote: Explorer.exe taking a lot of CPU. Please helpAlert an admin about: Explorer.exe taking a lot of CPU. Please help
I think this "could" be solve a part of your abnormal CPU usage.
Sometimes, the file msutb.dll make some problems.
There is also a worm which replace MSISIP.DLL by a copy of itself.
There is many example ... We're going to verify integrity of your files.
To do this simply go to the Run box on the Start Menu and type in:
sfc /scannow

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.
Back to Top
 

Paul Delisle
New Member


Date Joined Dec 2005
Total Posts : 5
  		   Posted 12-30-2005 6:43 (GMT +1)    Quote: Explorer.exe taking a lot of CPU. Please helpAlert an admin about: Explorer.exe taking a lot of CPU. Please help
I think I have found the problem. It appears that this is caused by an avi file I downloaded recently. Whenever I go in the directory where this file is located with windows explorer, then the cpu usage goes up and stays up even if I close the explorer window. How can this be?

I tried to delete the file but I get an error message telling me the file is in use!? I used a dos window to get rid of it. Now I can go look in this directory without any apparent problems.

Do you have any idea what is going on with this? Didn't know an avi file could do something like this.
Back to Top
 

­
Trusted Member




Date Joined Dec 2005
Total Posts : 113
  		   Posted 12-30-2005 6:54 (GMT +1)    Quote: Explorer.exe taking a lot of CPU. Please helpAlert an admin about: Explorer.exe taking a lot of CPU. Please help
Yes, i've got plenty of ideas.

I tried to delete the file but I get an error message telling me the file is in use!? (yes, XP is know for this bug)
You can fix this with a little tricks.

Click Start -> Execute -> REGEDIT -> GO TO:

Delete this registry key: HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{87D62D94-71B3-4b9a-9489-5FE6850DC73E}InProcServer32


This prevents explorer from loading shmedia.dll which is used to provide you with properties of AVI (DivX) files.
Then reboot your computer & you'll be able to delete your 'bad' AVI.

"Do you have any idea what is going on with this?" <-- Yes, sometimes AVI properties contains errors due to bad encoding software; so dll or codecs attach to explorer can use a lot of CPU or crash. Some hackers try to exploit some kind of thoses errors, famous buffer overflow or buffer overrun to "inject" malicious shellcode :]

Sorry for my bad english & welcome on bullguard Paul.

For you, i think this is just a bug ;)
Back to Top
 

Paul Delisle
New Member


Date Joined Dec 2005
Total Posts : 5
  		   Posted 12-30-2005 7:08 (GMT +1)    Quote: Explorer.exe taking a lot of CPU. Please helpAlert an admin about: Explorer.exe taking a lot of CPU. Please help
Thanks for your help,
You have been extremely useful. I greatly appreciate. You know your stuff.
All the best
Paul
Back to Top
 
New Topic Post reply to : Explorer.exe taking a lot of CPU. Please help Printable version of : Explorer.exe taking a lot of CPU. Please help
 
Forum Information
Currently it is Wednesday, December 03, 2008 7:21 AM (GMT +1)
There are a total of 64.512 posts in 15.910 threads.
In the last 3 days there were 19 new threads and 75 reply posts. View Active Threads
Who's Online
This forum has 27326 registered members. Please welcome our newest member, DooN.
42 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Help with a (win32 trojan gen other) (0)03-12-2008 02:25:45 (finz)
Ok...I'm infected, now what? (24)03-12-2008 02:11:28 (Zalen)
Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES (3)03-12-2008 02:08:19 (cgamm)
Trojan Horse Generic 12.KAO (5)03-12-2008 02:01:58 (Taryn)
No Safe Mode, explorer.exe crashes, no internet (0)03-12-2008 00:49:20 (roygbp)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard