Explorer.exe using CPU time on idle

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

After a slow down on performance (notabily games) I noticed that the
Explorer.EXE process on Task Manager is using CPU cycle times when the
computer is on idle (no open programs, disabled anti-virus, etc...). It shows
up to 72% CPU peak use, on regular intervals (aprox. 8secs). I´ve scanned my
computer with anti-virus software(NOD32, Trend...) and anti-spyware
(ad-aware, SpyBot, Microsoft AntiSpyware) and the computer is clean.
Microsoft adresses this problem on it's knowledge base, but the SP2 should
solve the problem. My Xp is running the SP2 for a long time know( before the
problem) and I don't think this is the case. does anyone know why is this
happening? Does anyove have a fix? Please, help me before I format the hole
thing...
7 answers Last reply
More about explorer time idle
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    The Advanced Tools menu in MSantispyware has a "Browser Hijack Settings Restore" that might help.

    --

    Mark L. Ferguson
    FAQ for MS Antispyware version 1.0.509
    http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
    marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
    ..
    "Rogerito" <Rogerito@discussions.microsoft.com> wrote in message news:6F660AE6-3DE8-443F-8A78-6E39A7B758E4@microsoft.com...
    > After a slow down on performance (notabily games) I noticed that the
    > Explorer.EXE process on Task Manager is using CPU cycle times when the
    > computer is on idle (no open programs, disabled anti-virus, etc...). It shows
    > up to 72% CPU peak use, on regular intervals (aprox. 8secs). I´ve scanned my
    > computer with anti-virus software(NOD32, Trend...) and anti-spyware
    > (ad-aware, SpyBot, Microsoft AntiSpyware) and the computer is clean.
    > Microsoft adresses this problem on it's knowledge base, but the SP2 should
    > solve the problem. My Xp is running the SP2 for a long time know( before the
    > problem) and I don't think this is the case. does anyone know why is this
    > happening? Does anyove have a fix? Please, help me before I format the hole
    > thing...
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Thank you for the help, but as I said the CPU use peaks problem is not with
    the iexplorer.exe (Internet Explorer) but with Explorer.EXE (GUI, task bar,
    desktop...) anyway, I've already tried what you just said with no results.
    Thanks anyway. anyone else? :)

    "Mark L. Ferguson" wrote:

    > The Advanced Tools menu in MSantispyware has a "Browser Hijack Settings Restore" that might help.
    >
    > --
    >
    > Mark L. Ferguson
    > FAQ for MS Antispyware version 1.0.509
    > http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
    > marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
    > ..
    > "Rogerito" <Rogerito@discussions.microsoft.com> wrote in message news:6F660AE6-3DE8-443F-8A78-6E39A7B758E4@microsoft.com...
    > > After a slow down on performance (notabily games) I noticed that the
    > > Explorer.EXE process on Task Manager is using CPU cycle times when the
    > > computer is on idle (no open programs, disabled anti-virus, etc...). It shows
    > > up to 72% CPU peak use, on regular intervals (aprox. 8secs). I´ve scanned my
    > > computer with anti-virus software(NOD32, Trend...) and anti-spyware
    > > (ad-aware, SpyBot, Microsoft AntiSpyware) and the computer is clean.
    > > Microsoft adresses this problem on it's knowledge base, but the SP2 should
    > > solve the problem. My Xp is running the SP2 for a long time know( before the
    > > problem) and I don't think this is the case. does anyone know why is this
    > > happening? Does anyove have a fix? Please, help me before I format the hole
    > > thing...
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    You might be seeing the bug in MSantispyware that creates a very large error.log file, and burns CPU cycles with it's 'real time
    protection'

    --

    Mark L. Ferguson
    FAQ for MS Antispyware version 1.0.509
    http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
    marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
    ..
    "Rogerito" <Rogerito@discussions.microsoft.com> wrote in message news:CAEDA886-DAD6-4DE8-836D-519BC96A89D1@microsoft.com...
    > Thank you for the help, but as I said the CPU use peaks problem is not with
    > the iexplorer.exe (Internet Explorer) but with Explorer.EXE (GUI, task bar,
    > desktop...) anyway, I've already tried what you just said with no results.
    > Thanks anyway. anyone else? :)
    >
    > "Mark L. Ferguson" wrote:
    >
    >> The Advanced Tools menu in MSantispyware has a "Browser Hijack Settings Restore" that might help.
    >>
    >> --
    >>
    >> Mark L. Ferguson
    >> FAQ for MS Antispyware version 1.0.509
    >> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
    >> marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
    >> ..
    >> "Rogerito" <Rogerito@discussions.microsoft.com> wrote in message news:6F660AE6-3DE8-443F-8A78-6E39A7B758E4@microsoft.com...
    >> > After a slow down on performance (notabily games) I noticed that the
    >> > Explorer.EXE process on Task Manager is using CPU cycle times when the
    >> > computer is on idle (no open programs, disabled anti-virus, etc...). It shows
    >> > up to 72% CPU peak use, on regular intervals (aprox. 8secs). I´ve scanned my
    >> > computer with anti-virus software(NOD32, Trend...) and anti-spyware
    >> > (ad-aware, SpyBot, Microsoft AntiSpyware) and the computer is clean.
    >> > Microsoft adresses this problem on it's knowledge base, but the SP2 should
    >> > solve the problem. My Xp is running the SP2 for a long time know( before the
    >> > problem) and I don't think this is the case. does anyone know why is this
    >> > happening? Does anyove have a fix? Please, help me before I format the hole
    >> > thing...
    >>
    >>
    >>
  4. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    get HiJackThis and generate a report. Look it over carefully. Anything
    wierd or that you don't understand then do a google on it for further
    info.

    http://www.spywareinfo.com/~merijn/downloads.html

    It's normal for explorer.exe to use a TAD of cpu when idle, but no more
    than 1-2 percent. Do you have only a single instance, or two? Two is OK,
    if you have "launch in a seperate process" checked in Folder Options |
    View. [There are two different seperate process reg settings actually,
    google for "XP Seperate Process" to learn more].

    Get a rootkit revealer and verify you're clean, then search for all copies
    of explorer.exe. Verify version numbers and validity. A process explorer
    tool might also help id exactly what your wayward explorer.exe is doing.
    Both here:

    http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

    http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

    Sysinternals also has other valuable tools for tracking registry and file
    usage, etc.

    Good Luck.
  5. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Thank you for your help. I downloaded the Process Explorer from Sysinternals
    and (I'm new to this tool, so...) Under the explorer.exe (the only instance)
    I found one thred that is the one causing the peaks on the cpu. It shows up
    green briefely before disapering in red: it's pctrba.tmp in
    c:\windows\AppPatch. This file does not exist in this directory or anywhere
    in my machine, for the fact. There were two pctrba, one .bak and another .ini
    in this directory that I deleted. Now, when I change the Process Explorer to
    show dlls under explorer.exe, there´s another one (that exists on
    c:\windows\AppPatch) named abrtcp.dll who also is accessed when CPU peaks
    (about 20% ~30% CPU use). This one I can't delete, the message says it's in
    use by another aplication. Does this makes sense? What is this dll for?
    Should I remove and how??? Thank you very much for replies
    p.s.: for the record, I'm on a XPsp2 . The sp2 I uninstalled then
    reinstalled again. Security center, Anti-virus are disabled for now. Only
    firewall working.

    "frodo@theshire.org" wrote:

    > get HiJackThis and generate a report. Look it over carefully. Anything
    > wierd or that you don't understand then do a google on it for further
    > info.
    >
    > http://www.spywareinfo.com/~merijn/downloads.html
    >
    > It's normal for explorer.exe to use a TAD of cpu when idle, but no more
    > than 1-2 percent. Do you have only a single instance, or two? Two is OK,
    > if you have "launch in a seperate process" checked in Folder Options |
    > View. [There are two different seperate process reg settings actually,
    > google for "XP Seperate Process" to learn more].
    >
    > Get a rootkit revealer and verify you're clean, then search for all copies
    > of explorer.exe. Verify version numbers and validity. A process explorer
    > tool might also help id exactly what your wayward explorer.exe is doing.
    > Both here:
    >
    > http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
    >
    > http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
    >
    > Sysinternals also has other valuable tools for tracking registry and file
    > usage, etc.
    >
    > Good Luck.
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    hello again
    This is my Hijackthis log file:


    Logfile of HijackThis v1.99.1
    Scan saved at 21:25:06, on 2/5/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Arquivos de programas\KYE\Genius NetScroll Optical Mouse\mouseElf.exe
    C:\Arquivos de programas\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Rogerio\Meus documentos\Download\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://ww1.sao.terra.com.br/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://ww1.sao.terra.com.br/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -
    C:\WINDOWS\AppPatch\abrtcp.dll
    O4 - HKLM\..\Run: [mouseElf] C:\Arquivos de programas\KYE\Genius NetScroll
    Optical Mouse\mouseElf.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xportar para o Microsoft Excel -
    res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Criar 'Favorito móvel' -
    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
    C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Criar 'Favorito móvel'... -
    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Arquivos de programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de
    programas\Messenger\msmsgs.exe
    O14 - IERESET.INF:
    SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
    https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.08.43&unknown&unknown&http://www.toyota.com/vehicles/2005/prius/key_features/pc/index.html
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
    http://housecall-beta.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
    http://www.cult3d.com/download/cult.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
    http://simcity.ea.com/update/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101236142125
    O20 - Winlogon Notify: abrtcp - C:\WINDOWS\AppPatch\abrtcp.dll
    O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated -
    C:\WINDOWS\System32\ATMsrvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. -
    C:\Arquivos de programas\Executive Software\DiskeeperLite\DKService.exe


    As you can see on entries 02 and 020 there's that dll I mentioned before,
    abrtcp.dll, that nobody knows what is it. I'm sure that's the bug responsible
    for the problem (as it shows up in the explorer.exe task) but I just can't
    get rid of it. No anti-spyware or anti-virus seems recognize this as a bug,
    there're no mentions on google and I just can't delete from my system
    (hijackthis couldn't and if I start windows in safe mode, I can't either). So
    the prize question is: how can I remove this dll? Are thre any programs good
    for that? Should I look for any other software in my machine linked to this
    dll? Thank You all very much?
  7. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Just to update

    I´ve manage to remove the abrtcp.dll from the system, after using the
    Windows installation disk (the dll was loaded so early that even in safe
    mode with prompt I couldn't remove it). And, when I was about to do that, I
    noticed that the IE was redirecting me to the web page www.winantivirus.com
    and search42.com web site every time I typed on google, via the adress bar,
    words like virus, spyware, etc... So be aware of this web page and this soft
    and the .dll. And also, NOD32, Trend House Call Beta, MicrosoftAntiSpyware,
    Ad-aware and Spybot, NONE could remove or identify the infection.


    "Rogerito" wrote:

    > hello again
    > This is my Hijackthis log file:
    >
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 21:25:06, on 2/5/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\WINDOWS\System32\svchost.exe
    > C:\Arquivos de programas\KYE\Genius NetScroll Optical Mouse\mouseElf.exe
    > C:\Arquivos de programas\Internet Explorer\iexplore.exe
    > C:\WINDOWS\system32\wuauclt.exe
    > C:\Documents and Settings\Rogerio\Meus documentos\Download\HijackThis.exe
    >
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://ww1.sao.terra.com.br/
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://ww1.sao.terra.com.br/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    >
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    > O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -
    > C:\WINDOWS\AppPatch\abrtcp.dll
    > O4 - HKLM\..\Run: [mouseElf] C:\Arquivos de programas\KYE\Genius NetScroll
    > Optical Mouse\mouseElf.exe
    > O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    > O8 - Extra context menu item: E&xportar para o Microsoft Excel -
    > res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\WINDOWS\System32\msjava.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    > O9 - Extra button: Criar 'Favorito móvel' -
    > {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
    > O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
    > C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
    > O9 - Extra 'Tools' menuitem: Criar 'Favorito móvel'... -
    > {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\inetrepl.dll
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Arquivos de programas\Messenger\msmsgs.exe
    > O9 - Extra 'Tools' menuitem: Windows Messenger -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de
    > programas\Messenger\msmsgs.exe
    > O14 - IERESET.INF:
    > SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    > O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
    > https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.08.43&unknown&unknown&http://www.toyota.com/vehicles/2005/prius/key_features/pc/index.html
    > O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
    > http://housecall-beta.trendmicro.com/housecall/xscan60.cab
    > O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
    > http://www.cult3d.com/download/cult.cab
    > O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
    > http://simcity.ea.com/update/EARTPX.cab
    > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    > http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101236142125
    > O20 - Winlogon Notify: abrtcp - C:\WINDOWS\AppPatch\abrtcp.dll
    > O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated -
    > C:\WINDOWS\System32\ATMsrvc.exe
    > O23 - Service: Diskeeper - Executive Software International, Inc. -
    > C:\Arquivos de programas\Executive Software\DiskeeperLite\DKService.exe
    >
    >
    > As you can see on entries 02 and 020 there's that dll I mentioned before,
    > abrtcp.dll, that nobody knows what is it. I'm sure that's the bug responsible
    > for the problem (as it shows up in the explorer.exe task) but I just can't
    > get rid of it. No anti-spyware or anti-virus seems recognize this as a bug,
    > there're no mentions on google and I just can't delete from my system
    > (hijackthis couldn't and if I start windows in safe mode, I can't either). So
    > the prize question is: how can I remove this dll? Are thre any programs good
    > for that? Should I look for any other software in my machine linked to this
    > dll? Thank You all very much?
    >
    >
    >
    >
Ask a new question

Read More

Microsoft CPUs Windows XP