cfourkays
asked on
High explorer.exe CPU usage
HP Desktop with Windows 7 Home Edition SP1-64-bit 4G memory
Runs at 100% right after boot.
No malware, ran all cleaners, Malwarebytes, JFT, ADW, etc
It looks odd in that there are 3 to 4 instances of explorer.exe sharing to run 100%.
See att.
I was going to do an Inst/Repair but figured whatever this problem is might carry over.
I'm posting on the affected PC, real slowly.
Runs at 100% right after boot.
No malware, ran all cleaners, Malwarebytes, JFT, ADW, etc
It looks odd in that there are 3 to 4 instances of explorer.exe sharing to run 100%.
See att.
I was going to do an Inst/Repair but figured whatever this problem is might carry over.
I'm posting on the affected PC, real slowly.
I don't have an obvious answer, but have you tried this in Safe Mode? How about disabling everything through MSConfig?
ASKER
Safe Mode's fine. Running now with everything disabled.
Process Exp shows 4 instances of explorer.exe cpu like 32, 30, 21, 14, almost adding up to 100%.
Right now it's bouncing around 50, 20, 15,15.
The Task Manager's showing the same basic thing. Before it was just showing a solid 100%
Looking at Strings in Properties in Pro/Exp has a gazillion entries.
I do a lot of malware removal on costumers PC's so that was the first thing I checked. Nada.
Process Exp shows 4 instances of explorer.exe cpu like 32, 30, 21, 14, almost adding up to 100%.
Right now it's bouncing around 50, 20, 15,15.
The Task Manager's showing the same basic thing. Before it was just showing a solid 100%
Looking at Strings in Properties in Pro/Exp has a gazillion entries.
I do a lot of malware removal on costumers PC's so that was the first thing I checked. Nada.
Try (only):
Disable superfetch service (using services.msc) and see if the problem goes away. Disable it, restart, and see what happens. If no improvement, make it automatic again.
Disable superfetch service (using services.msc) and see if the problem goes away. Disable it, restart, and see what happens. If no improvement, make it automatic again.
ASKER
Wasn't there a rock group " SuperFetch"
Anyway, I thought we had it I disabled it and after restarting, everything looked normal for about 3 minutes.
Then the explorer.exe functions started showing an d its now back again.
3 explorer.exe's at the top each pulling over 25%.
Anyway, I thought we had it I disabled it and after restarting, everything looked normal for about 3 minutes.
Then the explorer.exe functions started showing an d its now back again.
3 explorer.exe's at the top each pulling over 25%.
Safe Mode doesn't show the symptom, but it does show up with everything (all startup and services, including Microsoft services) disabled?
If that is correct, then I would run sfc /scannow. I'm suspicious of a bad OS file of some sort. This may catch it.
If that is correct, then I would run sfc /scannow. I'm suspicious of a bad OS file of some sort. This may catch it.
ASKER
I thought the same thing when I first looked at it.
I ran the sfc twice now and it shows no errors.
Chkdsk /r OK.
I'm going to do an Inst/Repair later and see what I get.
Unless you have some other thoughts.
I ran the sfc twice now and it shows no errors.
Chkdsk /r OK.
I'm going to do an Inst/Repair later and see what I get.
Unless you have some other thoughts.
ASKER
Forgot to mention that the PC has that Hardware Diagnostic tool from PC-Doctor that runs a good hardware test, HDD, Memory, etc.
Ran that and came up clean.
Ran that and came up clean.
try a system restore to a date it was running fine
it can be caused by an update
it can be caused by an update
ASKER
I've done that.
Thanks for chipping away at this.
I did a lot of troubleshooting but there's probably a lot more I've missed.
I'm going to do the Inst/Repair and let you know what happens.
Pete
Thanks for chipping away at this.
I did a lot of troubleshooting but there's probably a lot more I've missed.
I'm going to do the Inst/Repair and let you know what happens.
Pete
run msconfig
in startup tab, click disable all
in services tab, click "hide MS services" then clikc disable all
reboot to test
in startup tab, click disable all
in services tab, click "hide MS services" then clikc disable all
reboot to test
ASKER
Hi Nobus, welcome.
OK, I forgot that one.
However, here's the result:
Here's a snip:
What interesting, to me, after a reboot, I'll start the Process Explorer and watch the first explorer.exe replace the System Idle Process, followed by 1, then 2 or 3 more explorer.exe's where they may total close up to 100%
OK, I forgot that one.
However, here's the result:
Here's a snip:
What interesting, to me, after a reboot, I'll start the Process Explorer and watch the first explorer.exe replace the System Idle Process, followed by 1, then 2 or 3 more explorer.exe's where they may total close up to 100%
ASKER
Isn't there a way to see what's driving those explorer.exe's?
Sorry for mis-info.
Does the same thing in Safe Mode.
Sorry for mis-info.
Does the same thing in Safe Mode.
so you disabled all, and when starting 1 explorer -you got several? that starts looking like a severe OS corruption .
Do you know when or how did this start ? maybe a system restore helps then
To look for the cause, try running task management - select performance tab
now click the Resource Monitor button, and select ram, cpu or disk, as you wish
Do you know when or how did this start ? maybe a system restore helps then
To look for the cause, try running task management - select performance tab
now click the Resource Monitor button, and select ram, cpu or disk, as you wish
ASKER
Can I do anything with this?
When I have my internet connected, it seems to trigger the explorer.ese's.
Just looking at another PC, I don't see the "explorer.exe" while connected the same way.
Pete
Resource-Monitor-Internet-connec.JPG
Resource-Monitor-Network-disconn.JPG
When I have my internet connected, it seems to trigger the explorer.ese's.
Just looking at another PC, I don't see the "explorer.exe" while connected the same way.
Pete
Resource-Monitor-Internet-connec.JPG
Resource-Monitor-Network-disconn.JPG
you said no malware ; but that's justy how it looks to me : hijacked
run Hijackthis and post the log file
http://sourceforge.net/projects/hjt/
run Hijackthis and post the log file
http://sourceforge.net/projects/hjt/
ASKER
Here you go.
hijackthis.log
hijackthis.log
you can remove or uninstall these to start with :
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2 641DAB8D89 8} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtect ion.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-0 3dc2f38c34 f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560 .0\msneshe llx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-A B4C880C841 4} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560 .0\msneshe llx.dll
here a bad one : O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOBCA7~ 1\GO36F4~1 .DLL
i suppose you have a brother device : O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
there are also a variety of "updater" services - you can uninstall them, or disable them at startup (with msconfig) if you are not sure how - tell me
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-0
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-A
here a bad one : O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOBCA7~
i suppose you have a brother device : O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
there are also a variety of "updater" services - you can uninstall them, or disable them at startup (with msconfig) if you are not sure how - tell me
ASKER
I had to remove that "helloworldBHO from the Registry.
The Live search Toolbars are just part of the MSN Explorer that HP with it's Online Package puts on.
I uninstalled the program since the customer doesn't use any of it.
Here's a new HJ log.
Pete
hijackthis-1.txt
The Live search Toolbars are just part of the MSN Explorer that HP with it's Online Package puts on.
I uninstalled the program since the customer doesn't use any of it.
Here's a new HJ log.
Pete
hijackthis-1.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Nobus,
I don't know which deleted entry cleared the problem but one of them did.
Had to remove the no name toolbar in the Registry. HJ would not remove either.
The 020 entry is still there but appears to have no affect. Can't find it, (yes, nothing hidden)
Here's the HJ log and a snip of the Resource Manager and Task Manager.
I'm a volunteer Malware removal guy on another Forum, (small one), and never once thought to go back to Hijackthis.
When stumped, this is where I go.
Many thanks.
Pete
I don't know which deleted entry cleared the problem but one of them did.
Had to remove the no name toolbar in the Registry. HJ would not remove either.
The 020 entry is still there but appears to have no affect. Can't find it, (yes, nothing hidden)
Here's the HJ log and a snip of the Resource Manager and Task Manager.
I'm a volunteer Malware removal guy on another Forum, (small one), and never once thought to go back to Hijackthis.
When stumped, this is where I go.
Many thanks.
Pete
ASKER
This one was not the normal removal for me since I went through all the latest, updated removal tools.
With nobus's help the problem was cleared by Hijack this removals.
With nobus's help the problem was cleared by Hijack this removals.
tx for feedback!