EXPLORER.EXE at 100% CPU ?

Archived from groups: microsoft.public.windowsxp.general (More info?)

This is a P4 1.7ghz Windows XP SP2.

Possibly unrelated but worth mentioning. Two days ago I began seeing browser
hijacks to two websites.
First was always "trafficexplorer.com" then would jump to
"antispyware.winantivirus.com".
As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S and
Norton A/V all in safe mode.
Some repairs were made and I have not seen the browser hijack return yet.

Intermittantly the machine just goes into 100% CPU showing EXPLORER.EXE as
the culprit.
As best I can tell this is the desktop.

I did add a new LCD display (Envision 9410) and the 64MB video card has the
monitor running in its native mode of 1280x1024 @ 60hz.

Can the display (or adapter) settings have anything to do with my
EXPLORER.EXE being at 100% CPU?

Paul D
7 answers Last reply
More about explorer
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Not normally no. There is an excutable that is waylaying your Explorer. As
    far as know this is in an indication of what is called a root kit or to
    bring it down to the jist of the matter a kernel corruption. You need to be
    careful because you may be sending out e-mails and not know it. My
    suggestion is to reinstall and never browse the Net with any level of
    permissions beyond a highly disabled user except at sites you are familiar
    with. The fact that the Anti-Spyware applications may show nothing wrong
    means nothing here.

    --
    George Hester
    _________________________________
    "paul" <paul@nowhere.com> wrote in message
    news:Q52Re.22124$yv2.6374@trnddc04...
    >
    > This is a P4 1.7ghz Windows XP SP2.
    >
    > Possibly unrelated but worth mentioning. Two days ago I began seeing
    browser
    > hijacks to two websites.
    > First was always "trafficexplorer.com" then would jump to
    > "antispyware.winantivirus.com".
    > As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S and
    > Norton A/V all in safe mode.
    > Some repairs were made and I have not seen the browser hijack return yet.
    >
    > Intermittantly the machine just goes into 100% CPU showing EXPLORER.EXE as
    > the culprit.
    > As best I can tell this is the desktop.
    >
    > I did add a new LCD display (Envision 9410) and the 64MB video card has
    the
    > monitor running in its native mode of 1280x1024 @ 60hz.
    >
    > Can the display (or adapter) settings have anything to do with my
    > EXPLORER.EXE being at 100% CPU?
    >
    > Paul D
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Hi George,

    There is no activity on my internet connection.
    I plan to upgrade my mobo soon so will reinstall clean as you suggest.
    Thanks!

    "George Hester" <hesterloli@hotmail.com> wrote in message
    news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
    > Not normally no. There is an excutable that is waylaying your Explorer.
    > As
    > far as know this is in an indication of what is called a root kit or to
    > bring it down to the jist of the matter a kernel corruption. You need to
    > be
    > careful because you may be sending out e-mails and not know it. My
    > suggestion is to reinstall and never browse the Net with any level of
    > permissions beyond a highly disabled user except at sites you are familiar
    > with. The fact that the Anti-Spyware applications may show nothing wrong
    > means nothing here.
    >
    > --
    > George Hester
    > _________________________________
    > "paul" <paul@nowhere.com> wrote in message
    > news:Q52Re.22124$yv2.6374@trnddc04...
    >>
    >> This is a P4 1.7ghz Windows XP SP2.
    >>
    >> Possibly unrelated but worth mentioning. Two days ago I began seeing
    > browser
    >> hijacks to two websites.
    >> First was always "trafficexplorer.com" then would jump to
    >> "antispyware.winantivirus.com".
    >> As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S and
    >> Norton A/V all in safe mode.
    >> Some repairs were made and I have not seen the browser hijack return yet.
    >>
    >> Intermittantly the machine just goes into 100% CPU showing EXPLORER.EXE
    >> as
    >> the culprit.
    >> As best I can tell this is the desktop.
    >>
    >> I did add a new LCD display (Envision 9410) and the 64MB video card has
    > the
    >> monitor running in its native mode of 1280x1024 @ 60hz.
    >>
    >> Can the display (or adapter) settings have anything to do with my
    >> EXPLORER.EXE being at 100% CPU?
    >>
    >> Paul D
    >>
    >>
    >
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    I just found out that the CDROM drive was not reading disks.
    After disconnecting it, the CPU is back to normal.


    "paul" <paul@nowhere.com> wrote in message
    news:d53Re.27013$Bc2.11885@trnddc06...
    >
    > Hi George,
    >
    > There is no activity on my internet connection.
    > I plan to upgrade my mobo soon so will reinstall clean as you suggest.
    > Thanks!
    >
    > "George Hester" <hesterloli@hotmail.com> wrote in message
    > news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
    >> Not normally no. There is an excutable that is waylaying your Explorer.
    >> As
    >> far as know this is in an indication of what is called a root kit or to
    >> bring it down to the jist of the matter a kernel corruption. You need to
    >> be
    >> careful because you may be sending out e-mails and not know it. My
    >> suggestion is to reinstall and never browse the Net with any level of
    >> permissions beyond a highly disabled user except at sites you are
    >> familiar
    >> with. The fact that the Anti-Spyware applications may show nothing wrong
    >> means nothing here.
    >>
    >> --
    >> George Hester
    >> _________________________________
    >> "paul" <paul@nowhere.com> wrote in message
    >> news:Q52Re.22124$yv2.6374@trnddc04...
    >>>
    >>> This is a P4 1.7ghz Windows XP SP2.
    >>>
    >>> Possibly unrelated but worth mentioning. Two days ago I began seeing
    >> browser
    >>> hijacks to two websites.
    >>> First was always "trafficexplorer.com" then would jump to
    >>> "antispyware.winantivirus.com".
    >>> As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S and
    >>> Norton A/V all in safe mode.
    >>> Some repairs were made and I have not seen the browser hijack return
    >>> yet.
    >>>
    >>> Intermittantly the machine just goes into 100% CPU showing EXPLORER.EXE
    >>> as
    >>> the culprit.
    >>> As best I can tell this is the desktop.
    >>>
    >>> I did add a new LCD display (Envision 9410) and the 64MB video card has
    >> the
    >>> monitor running in its native mode of 1280x1024 @ 60hz.
    >>>
    >>> Can the display (or adapter) settings have anything to do with my
    >>> EXPLORER.EXE being at 100% CPU?
    >>>
    >>> Paul D
    >>>
    >>>
    >>
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Yes I wasn't sure. Normally in the case I mentioned the CPU ususage would
    have been always high. It would not have flutuated. But I thought it would
    be better to err on the side I took because of what you mentioned. Yes if
    the CD-ROM was not connected correctly this would happen. But I would have
    expected you to see a loss of that drive. In any case glad you solved it.

    --
    George Hester
    _________________________________
    "paul" <paul@nowhere.com> wrote in message
    news:4d3Re.27014$Bc2.5765@trnddc06...
    >
    > I just found out that the CDROM drive was not reading disks.
    > After disconnecting it, the CPU is back to normal.
    >
    >
    > "paul" <paul@nowhere.com> wrote in message
    > news:d53Re.27013$Bc2.11885@trnddc06...
    > >
    > > Hi George,
    > >
    > > There is no activity on my internet connection.
    > > I plan to upgrade my mobo soon so will reinstall clean as you suggest.
    > > Thanks!
    > >
    > > "George Hester" <hesterloli@hotmail.com> wrote in message
    > > news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
    > >> Not normally no. There is an excutable that is waylaying your
    Explorer.
    > >> As
    > >> far as know this is in an indication of what is called a root kit or to
    > >> bring it down to the jist of the matter a kernel corruption. You need
    to
    > >> be
    > >> careful because you may be sending out e-mails and not know it. My
    > >> suggestion is to reinstall and never browse the Net with any level of
    > >> permissions beyond a highly disabled user except at sites you are
    > >> familiar
    > >> with. The fact that the Anti-Spyware applications may show nothing
    wrong
    > >> means nothing here.
    > >>
    > >> --
    > >> George Hester
    > >> _________________________________
    > >> "paul" <paul@nowhere.com> wrote in message
    > >> news:Q52Re.22124$yv2.6374@trnddc04...
    > >>>
    > >>> This is a P4 1.7ghz Windows XP SP2.
    > >>>
    > >>> Possibly unrelated but worth mentioning. Two days ago I began seeing
    > >> browser
    > >>> hijacks to two websites.
    > >>> First was always "trafficexplorer.com" then would jump to
    > >>> "antispyware.winantivirus.com".
    > >>> As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S
    and
    > >>> Norton A/V all in safe mode.
    > >>> Some repairs were made and I have not seen the browser hijack return
    > >>> yet.
    > >>>
    > >>> Intermittantly the machine just goes into 100% CPU showing
    EXPLORER.EXE
    > >>> as
    > >>> the culprit.
    > >>> As best I can tell this is the desktop.
    > >>>
    > >>> I did add a new LCD display (Envision 9410) and the 64MB video card
    has
    > >> the
    > >>> monitor running in its native mode of 1280x1024 @ 60hz.
    > >>>
    > >>> Can the display (or adapter) settings have anything to do with my
    > >>> EXPLORER.EXE being at 100% CPU?
    > >>>
    > >>> Paul D
    > >>>
    > >>>
    > >>
    > >
    > >
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    It's hours later now and the cpu is back to 100%
    I guess it is a reinstall after all if there are no other suggestions :(


    "George Hester" <hesterloli@hotmail.com> wrote in message
    news:%23Wi6SvbrFHA.3264@TK2MSFTNGP12.phx.gbl...
    > Yes I wasn't sure. Normally in the case I mentioned the CPU ususage would
    > have been always high. It would not have flutuated. But I thought it
    > would
    > be better to err on the side I took because of what you mentioned. Yes if
    > the CD-ROM was not connected correctly this would happen. But I would
    > have
    > expected you to see a loss of that drive. In any case glad you solved it.
    >
    > --
    > George Hester
    > _________________________________
    > "paul" <paul@nowhere.com> wrote in message
    > news:4d3Re.27014$Bc2.5765@trnddc06...
    >>
    >> I just found out that the CDROM drive was not reading disks.
    >> After disconnecting it, the CPU is back to normal.
    >>
    >>
    >> "paul" <paul@nowhere.com> wrote in message
    >> news:d53Re.27013$Bc2.11885@trnddc06...
    >> >
    >> > Hi George,
    >> >
    >> > There is no activity on my internet connection.
    >> > I plan to upgrade my mobo soon so will reinstall clean as you suggest.
    >> > Thanks!
    >> >
    >> > "George Hester" <hesterloli@hotmail.com> wrote in message
    >> > news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
    >> >> Not normally no. There is an excutable that is waylaying your
    > Explorer.
    >> >> As
    >> >> far as know this is in an indication of what is called a root kit or
    >> >> to
    >> >> bring it down to the jist of the matter a kernel corruption. You need
    > to
    >> >> be
    >> >> careful because you may be sending out e-mails and not know it. My
    >> >> suggestion is to reinstall and never browse the Net with any level of
    >> >> permissions beyond a highly disabled user except at sites you are
    >> >> familiar
    >> >> with. The fact that the Anti-Spyware applications may show nothing
    > wrong
    >> >> means nothing here.
    >> >>
    >> >> --
    >> >> George Hester
    >> >> _________________________________
    >> >> "paul" <paul@nowhere.com> wrote in message
    >> >> news:Q52Re.22124$yv2.6374@trnddc04...
    >> >>>
    >> >>> This is a P4 1.7ghz Windows XP SP2.
    >> >>>
    >> >>> Possibly unrelated but worth mentioning. Two days ago I began seeing
    >> >> browser
    >> >>> hijacks to two websites.
    >> >>> First was always "trafficexplorer.com" then would jump to
    >> >>> "antispyware.winantivirus.com".
    >> >>> As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S
    > and
    >> >>> Norton A/V all in safe mode.
    >> >>> Some repairs were made and I have not seen the browser hijack return
    >> >>> yet.
    >> >>>
    >> >>> Intermittantly the machine just goes into 100% CPU showing
    > EXPLORER.EXE
    >> >>> as
    >> >>> the culprit.
    >> >>> As best I can tell this is the desktop.
    >> >>>
    >> >>> I did add a new LCD display (Envision 9410) and the 64MB video card
    > has
    >> >> the
    >> >>> monitor running in its native mode of 1280x1024 @ 60hz.
    >> >>>
    >> >>> Can the display (or adapter) settings have anything to do with my
    >> >>> EXPLORER.EXE being at 100% CPU?
    >> >>>
    >> >>> Paul D
    >> >>>
    >> >>>
    >> >>
    >> >
    >> >
    >>
    >>
    >
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    paul wrote:

    > It's hours later now and the cpu is back to 100%
    > I guess it is a reinstall after all if there are no other suggestions :(
    >
    >
    > "George Hester" <hesterloli@hotmail.com> wrote in message
    > news:%23Wi6SvbrFHA.3264@TK2MSFTNGP12.phx.gbl...
    >
    >>Yes I wasn't sure. Normally in the case I mentioned the CPU ususage would
    >>have been always high. It would not have flutuated. But I thought it
    >>would
    >>be better to err on the side I took because of what you mentioned. Yes if
    >>the CD-ROM was not connected correctly this would happen. But I would
    >>have
    >>expected you to see a loss of that drive. In any case glad you solved it.
    >>
    >>--
    >>George Hester
    >>_________________________________
    >>"paul" <paul@nowhere.com> wrote in message
    >>news:4d3Re.27014$Bc2.5765@trnddc06...
    >>
    >>>I just found out that the CDROM drive was not reading disks.
    >>>After disconnecting it, the CPU is back to normal.
    >>>
    >>>
    >>>"paul" <paul@nowhere.com> wrote in message
    >>>news:d53Re.27013$Bc2.11885@trnddc06...
    >>>
    >>>>Hi George,
    >>>>
    >>>>There is no activity on my internet connection.
    >>>>I plan to upgrade my mobo soon so will reinstall clean as you suggest.
    >>>>Thanks!
    >>>>
    >>>>"George Hester" <hesterloli@hotmail.com> wrote in message
    >>>>news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
    >>>>
    >>>>>Not normally no. There is an excutable that is waylaying your
    >>
    >>Explorer.
    >>
    >>>>>As
    >>>>>far as know this is in an indication of what is called a root kit or
    >>>>>to
    >>>>>bring it down to the jist of the matter a kernel corruption. You need
    >>
    >>to
    >>
    >>>>>be
    >>>>>careful because you may be sending out e-mails and not know it. My
    >>>>>suggestion is to reinstall and never browse the Net with any level of
    >>>>>permissions beyond a highly disabled user except at sites you are
    >>>>>familiar
    >>>>>with. The fact that the Anti-Spyware applications may show nothing
    >>
    >>wrong
    >>
    >>>>>means nothing here.
    >>>>>
    >>>>>--
    >>>>>George Hester
    >>>>>_________________________________
    >>>>>"paul" <paul@nowhere.com> wrote in message
    >>>>>news:Q52Re.22124$yv2.6374@trnddc04...
    >>>>>
    >>>>>>This is a P4 1.7ghz Windows XP SP2.
    >>>>>>
    >>>>>>Possibly unrelated but worth mentioning. Two days ago I began seeing
    >>>>>
    >>>>>browser
    >>>>>
    >>>>>>hijacks to two websites.
    >>>>>>First was always "trafficexplorer.com" then would jump to
    >>>>>>"antispyware.winantivirus.com".
    >>>>>>As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S
    >>
    >>and
    >>
    >>>>>>Norton A/V all in safe mode.
    >>>>>>Some repairs were made and I have not seen the browser hijack return
    >>>>>>yet.
    >>>>>>
    >>>>>>Intermittantly the machine just goes into 100% CPU showing
    >>
    >>EXPLORER.EXE
    >>
    >>>>>>as
    >>>>>>the culprit.
    >>>>>>As best I can tell this is the desktop.
    >>>>>>
    >>>>>>I did add a new LCD display (Envision 9410) and the 64MB video card
    >>
    >>has
    >>
    >>>>>the
    >>>>>
    >>>>>>monitor running in its native mode of 1280x1024 @ 60hz.
    >>>>>>
    >>>>>>Can the display (or adapter) settings have anything to do with my
    >>>>>>EXPLORER.EXE being at 100% CPU?
    >>>>>>
    >>>>>>Paul D
    >>>>>>
    >>>>>>
    >>>>>
    >>>>
    >>>
    >
    >

    Download and run HijackThis and post the log to one of the specialty
    forums, _not_ this one.

    HijackThis
    http://www.majorgeeks.com/download.php?det=3155

    Forums to Interpret HijackThis Logs:

    http://www.spywareinfo.com/forums/
    http://forum.aumha.org/viewforum.php?f=30
    http://forums.tomcoyote.org/
    http://www.wilderssecurity.com/


    --
    Rock
    MS MVP Windows - Shell/User
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    I don't think HijackThis will find anything. Like I said I think it is a
    Rootkit. You ca try either of these:

    http://www.diamondcs.com.au/index.php?page=asviewer

    But again Rootkits can even fool these. The guy from SysInternals has an
    app that is supposed to identfy Rootkits but it didn't help me when I had
    the issue:

    http://www.sysinternals.com/utilities/rootkitrevealer.html

    The best way to see what may be going on is to hook up to your machine from
    another computer in your network and attach remotely to its registry. Then
    you look in the services under here:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

    And you may have to ask us but you should see a Service out of the ordinary.

    Here is more information on the subject:

    http://research.microsoft.com/rootkit/

    --
    George Hester
    _________________________________
    "Rock" <rock@mail.nospam.net> wrote in message
    news:um#OkRdrFHA.2540@TK2MSFTNGP09.phx.gbl...
    > paul wrote:
    >
    > > It's hours later now and the cpu is back to 100%
    > > I guess it is a reinstall after all if there are no other suggestions :(
    > >
    > >
    > > "George Hester" <hesterloli@hotmail.com> wrote in message
    > > news:%23Wi6SvbrFHA.3264@TK2MSFTNGP12.phx.gbl...
    > >
    > >>Yes I wasn't sure. Normally in the case I mentioned the CPU ususage
    would
    > >>have been always high. It would not have flutuated. But I thought it
    > >>would
    > >>be better to err on the side I took because of what you mentioned. Yes
    if
    > >>the CD-ROM was not connected correctly this would happen. But I would
    > >>have
    > >>expected you to see a loss of that drive. In any case glad you solved
    it.
    > >>
    > >>--
    > >>George Hester
    > >>_________________________________
    > >>"paul" <paul@nowhere.com> wrote in message
    > >>news:4d3Re.27014$Bc2.5765@trnddc06...
    > >>
    > >>>I just found out that the CDROM drive was not reading disks.
    > >>>After disconnecting it, the CPU is back to normal.
    > >>>
    > >>>
    > >>>"paul" <paul@nowhere.com> wrote in message
    > >>>news:d53Re.27013$Bc2.11885@trnddc06...
    > >>>
    > >>>>Hi George,
    > >>>>
    > >>>>There is no activity on my internet connection.
    > >>>>I plan to upgrade my mobo soon so will reinstall clean as you suggest.
    > >>>>Thanks!
    > >>>>
    > >>>>"George Hester" <hesterloli@hotmail.com> wrote in message
    > >>>>news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
    > >>>>
    > >>>>>Not normally no. There is an excutable that is waylaying your
    > >>
    > >>Explorer.
    > >>
    > >>>>>As
    > >>>>>far as know this is in an indication of what is called a root kit or
    > >>>>>to
    > >>>>>bring it down to the jist of the matter a kernel corruption. You
    need
    > >>
    > >>to
    > >>
    > >>>>>be
    > >>>>>careful because you may be sending out e-mails and not know it. My
    > >>>>>suggestion is to reinstall and never browse the Net with any level of
    > >>>>>permissions beyond a highly disabled user except at sites you are
    > >>>>>familiar
    > >>>>>with. The fact that the Anti-Spyware applications may show nothing
    > >>
    > >>wrong
    > >>
    > >>>>>means nothing here.
    > >>>>>
    > >>>>>--
    > >>>>>George Hester
    > >>>>>_________________________________
    > >>>>>"paul" <paul@nowhere.com> wrote in message
    > >>>>>news:Q52Re.22124$yv2.6374@trnddc04...
    > >>>>>
    > >>>>>>This is a P4 1.7ghz Windows XP SP2.
    > >>>>>>
    > >>>>>>Possibly unrelated but worth mentioning. Two days ago I began seeing
    > >>>>>
    > >>>>>browser
    > >>>>>
    > >>>>>>hijacks to two websites.
    > >>>>>>First was always "trafficexplorer.com" then would jump to
    > >>>>>>"antispyware.winantivirus.com".
    > >>>>>>As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S
    > >>
    > >>and
    > >>
    > >>>>>>Norton A/V all in safe mode.
    > >>>>>>Some repairs were made and I have not seen the browser hijack return
    > >>>>>>yet.
    > >>>>>>
    > >>>>>>Intermittantly the machine just goes into 100% CPU showing
    > >>
    > >>EXPLORER.EXE
    > >>
    > >>>>>>as
    > >>>>>>the culprit.
    > >>>>>>As best I can tell this is the desktop.
    > >>>>>>
    > >>>>>>I did add a new LCD display (Envision 9410) and the 64MB video card
    > >>
    > >>has
    > >>
    > >>>>>the
    > >>>>>
    > >>>>>>monitor running in its native mode of 1280x1024 @ 60hz.
    > >>>>>>
    > >>>>>>Can the display (or adapter) settings have anything to do with my
    > >>>>>>EXPLORER.EXE being at 100% CPU?
    > >>>>>>
    > >>>>>>Paul D
    > >>>>>>
    > >>>>>>
    > >>>>>
    > >>>>
    > >>>
    > >
    > >
    >
    > Download and run HijackThis and post the log to one of the specialty
    > forums, _not_ this one.
    >
    > HijackThis
    > http://www.majorgeeks.com/download.php?det=3155
    >
    > Forums to Interpret HijackThis Logs:
    >
    > http://www.spywareinfo.com/forums/
    > http://forum.aumha.org/viewforum.php?f=30
    > http://forums.tomcoyote.org/
    > http://www.wilderssecurity.com/
    >
    >
    > --
    > Rock
    > MS MVP Windows - Shell/User
    >
Ask a new question

Read More

Explorer CPUs Windows XP