Sign in with
Sign up | Sign in
Your question

EXPLORER.EXE at 100% CPU ?

Last response: in Windows XP
Share
August 30, 2005 11:05:20 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

This is a P4 1.7ghz Windows XP SP2.

Possibly unrelated but worth mentioning. Two days ago I began seeing browser
hijacks to two websites.
First was always "trafficexplorer.com" then would jump to
"antispyware.winantivirus.com".
As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S and
Norton A/V all in safe mode.
Some repairs were made and I have not seen the browser hijack return yet.

Intermittantly the machine just goes into 100% CPU showing EXPLORER.EXE as
the culprit.
As best I can tell this is the desktop.

I did add a new LCD display (Envision 9410) and the 64MB video card has the
monitor running in its native mode of 1280x1024 @ 60hz.

Can the display (or adapter) settings have anything to do with my
EXPLORER.EXE being at 100% CPU?

Paul D

More about : explorer exe 100 cpu

Anonymous
a b à CPUs
August 30, 2005 11:05:21 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Not normally no. There is an excutable that is waylaying your Explorer. As
far as know this is in an indication of what is called a root kit or to
bring it down to the jist of the matter a kernel corruption. You need to be
careful because you may be sending out e-mails and not know it. My
suggestion is to reinstall and never browse the Net with any level of
permissions beyond a highly disabled user except at sites you are familiar
with. The fact that the Anti-Spyware applications may show nothing wrong
means nothing here.

--
George Hester
_________________________________
"paul" <paul@nowhere.com> wrote in message
news:Q52Re.22124$yv2.6374@trnddc04...
>
> This is a P4 1.7ghz Windows XP SP2.
>
> Possibly unrelated but worth mentioning. Two days ago I began seeing
browser
> hijacks to two websites.
> First was always "trafficexplorer.com" then would jump to
> "antispyware.winantivirus.com".
> As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S and
> Norton A/V all in safe mode.
> Some repairs were made and I have not seen the browser hijack return yet.
>
> Intermittantly the machine just goes into 100% CPU showing EXPLORER.EXE as
> the culprit.
> As best I can tell this is the desktop.
>
> I did add a new LCD display (Envision 9410) and the 64MB video card has
the
> monitor running in its native mode of 1280x1024 @ 60hz.
>
> Can the display (or adapter) settings have anything to do with my
> EXPLORER.EXE being at 100% CPU?
>
> Paul D
>
>
August 31, 2005 12:12:57 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hi George,

There is no activity on my internet connection.
I plan to upgrade my mobo soon so will reinstall clean as you suggest.
Thanks!

"George Hester" <hesterloli@hotmail.com> wrote in message
news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
> Not normally no. There is an excutable that is waylaying your Explorer.
> As
> far as know this is in an indication of what is called a root kit or to
> bring it down to the jist of the matter a kernel corruption. You need to
> be
> careful because you may be sending out e-mails and not know it. My
> suggestion is to reinstall and never browse the Net with any level of
> permissions beyond a highly disabled user except at sites you are familiar
> with. The fact that the Anti-Spyware applications may show nothing wrong
> means nothing here.
>
> --
> George Hester
> _________________________________
> "paul" <paul@nowhere.com> wrote in message
> news:Q52Re.22124$yv2.6374@trnddc04...
>>
>> This is a P4 1.7ghz Windows XP SP2.
>>
>> Possibly unrelated but worth mentioning. Two days ago I began seeing
> browser
>> hijacks to two websites.
>> First was always "trafficexplorer.com" then would jump to
>> "antispyware.winantivirus.com".
>> As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S and
>> Norton A/V all in safe mode.
>> Some repairs were made and I have not seen the browser hijack return yet.
>>
>> Intermittantly the machine just goes into 100% CPU showing EXPLORER.EXE
>> as
>> the culprit.
>> As best I can tell this is the desktop.
>>
>> I did add a new LCD display (Envision 9410) and the 64MB video card has
> the
>> monitor running in its native mode of 1280x1024 @ 60hz.
>>
>> Can the display (or adapter) settings have anything to do with my
>> EXPLORER.EXE being at 100% CPU?
>>
>> Paul D
>>
>>
>
Related resources
August 31, 2005 12:21:20 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I just found out that the CDROM drive was not reading disks.
After disconnecting it, the CPU is back to normal.


"paul" <paul@nowhere.com> wrote in message
news:D 53Re.27013$Bc2.11885@trnddc06...
>
> Hi George,
>
> There is no activity on my internet connection.
> I plan to upgrade my mobo soon so will reinstall clean as you suggest.
> Thanks!
>
> "George Hester" <hesterloli@hotmail.com> wrote in message
> news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
>> Not normally no. There is an excutable that is waylaying your Explorer.
>> As
>> far as know this is in an indication of what is called a root kit or to
>> bring it down to the jist of the matter a kernel corruption. You need to
>> be
>> careful because you may be sending out e-mails and not know it. My
>> suggestion is to reinstall and never browse the Net with any level of
>> permissions beyond a highly disabled user except at sites you are
>> familiar
>> with. The fact that the Anti-Spyware applications may show nothing wrong
>> means nothing here.
>>
>> --
>> George Hester
>> _________________________________
>> "paul" <paul@nowhere.com> wrote in message
>> news:Q52Re.22124$yv2.6374@trnddc04...
>>>
>>> This is a P4 1.7ghz Windows XP SP2.
>>>
>>> Possibly unrelated but worth mentioning. Two days ago I began seeing
>> browser
>>> hijacks to two websites.
>>> First was always "trafficexplorer.com" then would jump to
>>> "antispyware.winantivirus.com".
>>> As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S and
>>> Norton A/V all in safe mode.
>>> Some repairs were made and I have not seen the browser hijack return
>>> yet.
>>>
>>> Intermittantly the machine just goes into 100% CPU showing EXPLORER.EXE
>>> as
>>> the culprit.
>>> As best I can tell this is the desktop.
>>>
>>> I did add a new LCD display (Envision 9410) and the 64MB video card has
>> the
>>> monitor running in its native mode of 1280x1024 @ 60hz.
>>>
>>> Can the display (or adapter) settings have anything to do with my
>>> EXPLORER.EXE being at 100% CPU?
>>>
>>> Paul D
>>>
>>>
>>
>
>
Anonymous
a b à CPUs
August 31, 2005 12:21:21 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Yes I wasn't sure. Normally in the case I mentioned the CPU ususage would
have been always high. It would not have flutuated. But I thought it would
be better to err on the side I took because of what you mentioned. Yes if
the CD-ROM was not connected correctly this would happen. But I would have
expected you to see a loss of that drive. In any case glad you solved it.

--
George Hester
_________________________________
"paul" <paul@nowhere.com> wrote in message
news:4d3Re.27014$Bc2.5765@trnddc06...
>
> I just found out that the CDROM drive was not reading disks.
> After disconnecting it, the CPU is back to normal.
>
>
> "paul" <paul@nowhere.com> wrote in message
> news:D 53Re.27013$Bc2.11885@trnddc06...
> >
> > Hi George,
> >
> > There is no activity on my internet connection.
> > I plan to upgrade my mobo soon so will reinstall clean as you suggest.
> > Thanks!
> >
> > "George Hester" <hesterloli@hotmail.com> wrote in message
> > news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
> >> Not normally no. There is an excutable that is waylaying your
Explorer.
> >> As
> >> far as know this is in an indication of what is called a root kit or to
> >> bring it down to the jist of the matter a kernel corruption. You need
to
> >> be
> >> careful because you may be sending out e-mails and not know it. My
> >> suggestion is to reinstall and never browse the Net with any level of
> >> permissions beyond a highly disabled user except at sites you are
> >> familiar
> >> with. The fact that the Anti-Spyware applications may show nothing
wrong
> >> means nothing here.
> >>
> >> --
> >> George Hester
> >> _________________________________
> >> "paul" <paul@nowhere.com> wrote in message
> >> news:Q52Re.22124$yv2.6374@trnddc04...
> >>>
> >>> This is a P4 1.7ghz Windows XP SP2.
> >>>
> >>> Possibly unrelated but worth mentioning. Two days ago I began seeing
> >> browser
> >>> hijacks to two websites.
> >>> First was always "trafficexplorer.com" then would jump to
> >>> "antispyware.winantivirus.com".
> >>> As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S
and
> >>> Norton A/V all in safe mode.
> >>> Some repairs were made and I have not seen the browser hijack return
> >>> yet.
> >>>
> >>> Intermittantly the machine just goes into 100% CPU showing
EXPLORER.EXE
> >>> as
> >>> the culprit.
> >>> As best I can tell this is the desktop.
> >>>
> >>> I did add a new LCD display (Envision 9410) and the 64MB video card
has
> >> the
> >>> monitor running in its native mode of 1280x1024 @ 60hz.
> >>>
> >>> Can the display (or adapter) settings have anything to do with my
> >>> EXPLORER.EXE being at 100% CPU?
> >>>
> >>> Paul D
> >>>
> >>>
> >>
> >
> >
>
>
August 31, 2005 4:15:13 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

It's hours later now and the cpu is back to 100%
I guess it is a reinstall after all if there are no other suggestions :( 


"George Hester" <hesterloli@hotmail.com> wrote in message
news:%23Wi6SvbrFHA.3264@TK2MSFTNGP12.phx.gbl...
> Yes I wasn't sure. Normally in the case I mentioned the CPU ususage would
> have been always high. It would not have flutuated. But I thought it
> would
> be better to err on the side I took because of what you mentioned. Yes if
> the CD-ROM was not connected correctly this would happen. But I would
> have
> expected you to see a loss of that drive. In any case glad you solved it.
>
> --
> George Hester
> _________________________________
> "paul" <paul@nowhere.com> wrote in message
> news:4d3Re.27014$Bc2.5765@trnddc06...
>>
>> I just found out that the CDROM drive was not reading disks.
>> After disconnecting it, the CPU is back to normal.
>>
>>
>> "paul" <paul@nowhere.com> wrote in message
>> news:D 53Re.27013$Bc2.11885@trnddc06...
>> >
>> > Hi George,
>> >
>> > There is no activity on my internet connection.
>> > I plan to upgrade my mobo soon so will reinstall clean as you suggest.
>> > Thanks!
>> >
>> > "George Hester" <hesterloli@hotmail.com> wrote in message
>> > news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
>> >> Not normally no. There is an excutable that is waylaying your
> Explorer.
>> >> As
>> >> far as know this is in an indication of what is called a root kit or
>> >> to
>> >> bring it down to the jist of the matter a kernel corruption. You need
> to
>> >> be
>> >> careful because you may be sending out e-mails and not know it. My
>> >> suggestion is to reinstall and never browse the Net with any level of
>> >> permissions beyond a highly disabled user except at sites you are
>> >> familiar
>> >> with. The fact that the Anti-Spyware applications may show nothing
> wrong
>> >> means nothing here.
>> >>
>> >> --
>> >> George Hester
>> >> _________________________________
>> >> "paul" <paul@nowhere.com> wrote in message
>> >> news:Q52Re.22124$yv2.6374@trnddc04...
>> >>>
>> >>> This is a P4 1.7ghz Windows XP SP2.
>> >>>
>> >>> Possibly unrelated but worth mentioning. Two days ago I began seeing
>> >> browser
>> >>> hijacks to two websites.
>> >>> First was always "trafficexplorer.com" then would jump to
>> >>> "antispyware.winantivirus.com".
>> >>> As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S
> and
>> >>> Norton A/V all in safe mode.
>> >>> Some repairs were made and I have not seen the browser hijack return
>> >>> yet.
>> >>>
>> >>> Intermittantly the machine just goes into 100% CPU showing
> EXPLORER.EXE
>> >>> as
>> >>> the culprit.
>> >>> As best I can tell this is the desktop.
>> >>>
>> >>> I did add a new LCD display (Envision 9410) and the 64MB video card
> has
>> >> the
>> >>> monitor running in its native mode of 1280x1024 @ 60hz.
>> >>>
>> >>> Can the display (or adapter) settings have anything to do with my
>> >>> EXPLORER.EXE being at 100% CPU?
>> >>>
>> >>> Paul D
>> >>>
>> >>>
>> >>
>> >
>> >
>>
>>
>
August 31, 2005 4:15:14 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

paul wrote:

> It's hours later now and the cpu is back to 100%
> I guess it is a reinstall after all if there are no other suggestions :( 
>
>
> "George Hester" <hesterloli@hotmail.com> wrote in message
> news:%23Wi6SvbrFHA.3264@TK2MSFTNGP12.phx.gbl...
>
>>Yes I wasn't sure. Normally in the case I mentioned the CPU ususage would
>>have been always high. It would not have flutuated. But I thought it
>>would
>>be better to err on the side I took because of what you mentioned. Yes if
>>the CD-ROM was not connected correctly this would happen. But I would
>>have
>>expected you to see a loss of that drive. In any case glad you solved it.
>>
>>--
>>George Hester
>>_________________________________
>>"paul" <paul@nowhere.com> wrote in message
>>news:4d3Re.27014$Bc2.5765@trnddc06...
>>
>>>I just found out that the CDROM drive was not reading disks.
>>>After disconnecting it, the CPU is back to normal.
>>>
>>>
>>>"paul" <paul@nowhere.com> wrote in message
>>>news:D 53Re.27013$Bc2.11885@trnddc06...
>>>
>>>>Hi George,
>>>>
>>>>There is no activity on my internet connection.
>>>>I plan to upgrade my mobo soon so will reinstall clean as you suggest.
>>>>Thanks!
>>>>
>>>>"George Hester" <hesterloli@hotmail.com> wrote in message
>>>>news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
>>>>
>>>>>Not normally no. There is an excutable that is waylaying your
>>
>>Explorer.
>>
>>>>>As
>>>>>far as know this is in an indication of what is called a root kit or
>>>>>to
>>>>>bring it down to the jist of the matter a kernel corruption. You need
>>
>>to
>>
>>>>>be
>>>>>careful because you may be sending out e-mails and not know it. My
>>>>>suggestion is to reinstall and never browse the Net with any level of
>>>>>permissions beyond a highly disabled user except at sites you are
>>>>>familiar
>>>>>with. The fact that the Anti-Spyware applications may show nothing
>>
>>wrong
>>
>>>>>means nothing here.
>>>>>
>>>>>--
>>>>>George Hester
>>>>>_________________________________
>>>>>"paul" <paul@nowhere.com> wrote in message
>>>>>news:Q52Re.22124$yv2.6374@trnddc04...
>>>>>
>>>>>>This is a P4 1.7ghz Windows XP SP2.
>>>>>>
>>>>>>Possibly unrelated but worth mentioning. Two days ago I began seeing
>>>>>
>>>>>browser
>>>>>
>>>>>>hijacks to two websites.
>>>>>>First was always "trafficexplorer.com" then would jump to
>>>>>>"antispyware.winantivirus.com".
>>>>>>As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S
>>
>>and
>>
>>>>>>Norton A/V all in safe mode.
>>>>>>Some repairs were made and I have not seen the browser hijack return
>>>>>>yet.
>>>>>>
>>>>>>Intermittantly the machine just goes into 100% CPU showing
>>
>>EXPLORER.EXE
>>
>>>>>>as
>>>>>>the culprit.
>>>>>>As best I can tell this is the desktop.
>>>>>>
>>>>>>I did add a new LCD display (Envision 9410) and the 64MB video card
>>
>>has
>>
>>>>>the
>>>>>
>>>>>>monitor running in its native mode of 1280x1024 @ 60hz.
>>>>>>
>>>>>>Can the display (or adapter) settings have anything to do with my
>>>>>>EXPLORER.EXE being at 100% CPU?
>>>>>>
>>>>>>Paul D
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>
>

Download and run HijackThis and post the log to one of the specialty
forums, _not_ this one.

HijackThis
http://www.majorgeeks.com/download.php?det=3155

Forums to Interpret HijackThis Logs:

http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/


--
Rock
MS MVP Windows - Shell/User
Anonymous
a b à CPUs
August 31, 2005 5:42:01 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

I don't think HijackThis will find anything. Like I said I think it is a
Rootkit. You ca try either of these:

http://www.diamondcs.com.au/index.php?page=asviewer

But again Rootkits can even fool these. The guy from SysInternals has an
app that is supposed to identfy Rootkits but it didn't help me when I had
the issue:

http://www.sysinternals.com/utilities/rootkitrevealer.h...

The best way to see what may be going on is to hook up to your machine from
another computer in your network and attach remotely to its registry. Then
you look in the services under here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

And you may have to ask us but you should see a Service out of the ordinary.

Here is more information on the subject:

http://research.microsoft.com/rootkit/

--
George Hester
_________________________________
"Rock" <rock@mail.nospam.net> wrote in message
news:um#OkRdrFHA.2540@TK2MSFTNGP09.phx.gbl...
> paul wrote:
>
> > It's hours later now and the cpu is back to 100%
> > I guess it is a reinstall after all if there are no other suggestions :( 
> >
> >
> > "George Hester" <hesterloli@hotmail.com> wrote in message
> > news:%23Wi6SvbrFHA.3264@TK2MSFTNGP12.phx.gbl...
> >
> >>Yes I wasn't sure. Normally in the case I mentioned the CPU ususage
would
> >>have been always high. It would not have flutuated. But I thought it
> >>would
> >>be better to err on the side I took because of what you mentioned. Yes
if
> >>the CD-ROM was not connected correctly this would happen. But I would
> >>have
> >>expected you to see a loss of that drive. In any case glad you solved
it.
> >>
> >>--
> >>George Hester
> >>_________________________________
> >>"paul" <paul@nowhere.com> wrote in message
> >>news:4d3Re.27014$Bc2.5765@trnddc06...
> >>
> >>>I just found out that the CDROM drive was not reading disks.
> >>>After disconnecting it, the CPU is back to normal.
> >>>
> >>>
> >>>"paul" <paul@nowhere.com> wrote in message
> >>>news:D 53Re.27013$Bc2.11885@trnddc06...
> >>>
> >>>>Hi George,
> >>>>
> >>>>There is no activity on my internet connection.
> >>>>I plan to upgrade my mobo soon so will reinstall clean as you suggest.
> >>>>Thanks!
> >>>>
> >>>>"George Hester" <hesterloli@hotmail.com> wrote in message
> >>>>news:%2338wClZrFHA.1204@TK2MSFTNGP15.phx.gbl...
> >>>>
> >>>>>Not normally no. There is an excutable that is waylaying your
> >>
> >>Explorer.
> >>
> >>>>>As
> >>>>>far as know this is in an indication of what is called a root kit or
> >>>>>to
> >>>>>bring it down to the jist of the matter a kernel corruption. You
need
> >>
> >>to
> >>
> >>>>>be
> >>>>>careful because you may be sending out e-mails and not know it. My
> >>>>>suggestion is to reinstall and never browse the Net with any level of
> >>>>>permissions beyond a highly disabled user except at sites you are
> >>>>>familiar
> >>>>>with. The fact that the Anti-Spyware applications may show nothing
> >>
> >>wrong
> >>
> >>>>>means nothing here.
> >>>>>
> >>>>>--
> >>>>>George Hester
> >>>>>_________________________________
> >>>>>"paul" <paul@nowhere.com> wrote in message
> >>>>>news:Q52Re.22124$yv2.6374@trnddc04...
> >>>>>
> >>>>>>This is a P4 1.7ghz Windows XP SP2.
> >>>>>>
> >>>>>>Possibly unrelated but worth mentioning. Two days ago I began seeing
> >>>>>
> >>>>>browser
> >>>>>
> >>>>>>hijacks to two websites.
> >>>>>>First was always "trafficexplorer.com" then would jump to
> >>>>>>"antispyware.winantivirus.com".
> >>>>>>As suggested in a previous thread, I ran spybot s&d, adaware, MS A/S
> >>
> >>and
> >>
> >>>>>>Norton A/V all in safe mode.
> >>>>>>Some repairs were made and I have not seen the browser hijack return
> >>>>>>yet.
> >>>>>>
> >>>>>>Intermittantly the machine just goes into 100% CPU showing
> >>
> >>EXPLORER.EXE
> >>
> >>>>>>as
> >>>>>>the culprit.
> >>>>>>As best I can tell this is the desktop.
> >>>>>>
> >>>>>>I did add a new LCD display (Envision 9410) and the 64MB video card
> >>
> >>has
> >>
> >>>>>the
> >>>>>
> >>>>>>monitor running in its native mode of 1280x1024 @ 60hz.
> >>>>>>
> >>>>>>Can the display (or adapter) settings have anything to do with my
> >>>>>>EXPLORER.EXE being at 100% CPU?
> >>>>>>
> >>>>>>Paul D
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >
> >
>
> Download and run HijackThis and post the log to one of the specialty
> forums, _not_ this one.
>
> HijackThis
> http://www.majorgeeks.com/download.php?det=3155
>
> Forums to Interpret HijackThis Logs:
>
> http://www.spywareinfo.com/forums/
> http://forum.aumha.org/viewforum.php?f=30
> http://forums.tomcoyote.org/
> http://www.wilderssecurity.com/
>
>
> --
> Rock
> MS MVP Windows - Shell/User
>
!