Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

My Computer, My Docs causes "explorer.exe" 100% cpu usage

Posted on 2006-05-23
20
Medium Priority
?
906 Views
Last Modified: 2008-01-09
My own new installation of XP Pro is acting squirrelly, and I'm stumped. After I end all the non-microsoft services/processes (like avg free, spybot, acronis, etc), the only ones left are ms windows procs, and a few diagnostic ones (like process explorer by sysinternals), ...
http://hijackthis.de/logfiles/814eb0adc6967e9c6b9fe6df229de278.html

... IN SPITE OF THIS, the same problem remains:  Clicking on My Computer or My Documents, or typing Start/Run/services.msc doesn't open a window -- instead, cpu usage immediately goes to 100%.  It stays there until I END the process explorer.exe.  Then the cpu usage goes quiet (and my task bar/ start button goes away, of course). Then I start up explorer.exe again (using task manager / run  or process explorer / run).  And the cpu stays quiet -- until I try to run My computer, or My Docs, etc. Then it's 100% cpu usage again.

On the other hand, if I quiet the cpu by ending explorer exe, then restart it, and keep the cpu quiet by avoiding My Computer or My Documents, then I can load programs like spybot or total commander from the start / all programs menu.

This next is probably unrelated -- but I notice that these three items keep loading over and over, despite my ending them. But they don't appear to be direclty related to the explorer.exe overload, but I'm not sure:
devldr32.exe - creative sound something
dwwin.exe  - dr watson something
drwtsn32.exe - dr watson something


I'm stumped. I ran an antivirius program -- no help. Thanks for any ideas!
0
Comment
Question by:dgrrr
  • 9
  • 7
  • 3
  • +1
20 Comments
 
LVL 8

Expert Comment

by:BOTA-X
ID: 16740433
How are you ending the services without using services.msc?  Command line?

Explorer may have some extensions loaded that are not spyware in nature, but have deleted or uninstalled in an unusual way.  Perhaps try right clicking IE...Properties...Programs....Manage Add Ons...

Disable everything and see if IE opens.  if so, start re-enabling stuff until you find the culprit.
0
 
LVL 93

Expert Comment

by:nobus
ID: 16740446
here some ideas :

http://www.computing.net/security/wwwboard/forum/14619.html
http://www.computing.net/cpus/wwwboard/forum/10462.html

btw - did you run these ? if not, run ALL - updated

     adaware :      http://www.lavasoftusa.com/
     Spybot :        http://www.download.com/3000-8022-10122137.html
http://housecall.trendmicro.com/                                                               online scan for trojans
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 16743430
Also goto www.ewido.net and scan your computer online 2....

Have you tried to restore your computer to prevuis point ? if not then try to do so...
Goto Safe mode and open my documents and my computer to check if the cpu rise up again or not..

Do system file check to your computer...!
Click Start --> Run --> Sfc /scannow and enter
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dgrrr
ID: 16748602
NOTE TO ALL -- I forgot to say -- the problem does NOT happen in SAFE MODE! Safe mode is OK!  Which of the above stuff / links does that RULE OUT?

***
In normal mode, both adaware and spybot keep hanging at the end of scan. In normal mode, they're ok.

Did safe mode online scans (trendmicro, ewido) -- nothing found

Safe mode - sfc /scannow won't run.

Tried it in Normal mode - - but DAMMIT  -- "sfc /scannow" won't run -- it starts adn then asks for the xp cd -- and but then when I click retry, it keeps asking for the cd over and over. Won't move forward -- altho Cd is fine. (used cdcheck to make sure)
Looked into this particular sfc error -- FUCK --- this is an entire other topic in itself!
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20813382.html?query=scannow&clearTAFilter=true

I have an extremely strong intuitition that I after I spend the next 5 hours on this ONE SIDE ISSUE (sfc asking for present cd), when sfc finally runs, it will not explain the 99% cpu usage issue, so... let's move on)


As for those threads from computing.net, the main one I see as possibly useful is the one that says "explorer.exe" itself is a virus / bad file, altho not found by three different av scans now. Of course, sfc /scannow might fix that, but I can't run it, normal or safe mode (see above). The post suggest to replace explorer.exe from teh Cd -- but explorer.exe is NOT ON the xp cd...

Based on above, what would you suggest next?

****
bota-x
It sounds like you're talking about IE - -I was talking about explorer.exe, NOT internet explorer...

0
 
LVL 93

Expert Comment

by:nobus
ID: 16749007
>>   In normal mode, both adaware and spybot keep hanging at the end of scan. In normal mode, they're ok.   <<   what do you mean ?
for sfc , look here how to run it :   www.updatexp.com/scannow-sfc.html -
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 16749998
Hello dggr

You can extract explorer.exe from the CD, IF you use your CD, place XP in and:  

Go to Start/Run and type in CMD:
expand x:\i386\explorer.ex_ c:\windows\explorer.exe

You will need to end this process from the task manager to replace the CD as it will not copy unless you have it off..
Kill the explorer process from the task manager and do the above copy command to replace it..

Don't forget to turn off System restore and scan your computer twice at the safe mode to make sure this virus is not hiding there.


See this thread...
http://groups.google.com.ly/group/microsoft.public.windowsxp.general/browse_thread/thread/2056198728f26f89/994262224ec8f903?lnk=st&q=where+is+explorer.exe+on+Xp+cd&rnum=1&hl=en#994262224ec8f903
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 16750067
Try to Re-register this file SHDOCVW.dll

Goto Start --> run --> Type regsvr32 shdocvw.dll

Then restart the computer and start my computer..
0
 

Author Comment

by:dgrrr
ID: 16752966
Thanks as always for your quick attention to this. Have to run out -- but will go thoroughly over the above asap (today/tomorow) and post.
0
 

Author Comment

by:dgrrr
ID: 16772252
Nobus --
What I meant to say in the earlier post was, spybot and adaware freeze in normal mode, but run ok in SAFE MODE

moh10ly --
when I run system restore in normal mode, it freezes. And in safe mode, it's inactive. So I haven't been able to "turn it off".  However, I ran multiple scans both in safe mode, and from a different windows installation (scanning the problem XP HD as a slave drive) with different AV software. Nothing bad found.

I re-registered SHDOCVW.dll and restarted -- no change yet. (problem persists)

replaced exlorer exe ..
expand x:\i386\explorer.ex_ c:\windows\explorer.exe
(altho I noticed that explorer.exe was replaced almost immeidately by itslef. So I used above command to create explorernew.exe, then copied that over explorer.exe

None of these help as of yet



To ALL:  since Safe Mode works fine (the problems doesn't happen in safe mode).  So I used MSCONFIG to boot into normal/ diagnostic mode.  This caused the following behavior:
(1) my documents opens and works fine, but the "folders" pane won't open.
(2) my computer, network neighborhood and services.msc still don't run -- But
(3) they don't freeze up cpu (cause high cpu usage) no matter how many times I run them.

So I turned services back on one by one, and "web client" was the one that made the difference.  Turning off Web Client allows My docs to open, and prevents freezing, but My Comp still doesn't run.

***General question -- Isn't msconfig's "diagnostic" mode, basically the same as safe mode? If so -- why would diagnostic mode still have the above issues, when Safe Mode does not?***

Well, I'm trying a "repair" (in-place reinstallation) of windows with the cd...
0
 

Author Comment

by:dgrrr
ID: 16772409
I did an in-place reinstallation of windows.  I rebooted the PC.  In normal mode, I found that the original problem (freezing) came back -- with or without "webclient" service turned off...  

At that point I turned off the PC for a day. Then this morning I turned it back on.  At this point I didn't test anything, just booted to windows. Webclient was still disabled, Everything else in MSCONFIG was normal.

At this point, without rebooting again or testing My Comp, I set MSCONFIG to for a diagnostic reboot, and I hit appy. But I DID NOT RESTART YET.  Also, ran the regfix line #12 from
http://www.kellys-korner-xp.com/xp_tweaks.htm
NOTE -- I ran it from a FLASH DRIVE, and browsed to that folder using the My Docs window.

At this point, I still hadn't restarted. But My Computer opened a window - at least once. But I can't be sure if it was just a copy of the flash driave window, or if it actually showed the folder pane like My Comp is supposed to.


Hopeful, I then reenabled webclient, and rebooted. The original problem was back (Freezing / cpu maxed out). So I used MSCONFIG to turn off webclient service again, and rebooted.  Now we were back to the situation where My Docs worked, My Comp didn't but there was no freezing. I tried browsing the flash drive, plugging nad unplugging it, tried applying the regfix again, (with and without reboot), didn't help.


So the new information at this point is:
(1) disabling Web Client service fixes the freezing, but many windows still don't open.
(2) reinstalling windows, or the regfix, or inserting a flash drive, MAY have gotten the my comp screen to open once, but it may have simply restored a My Docs window that was already open. I can't be sure.
0
 

Author Comment

by:dgrrr
ID: 16772422
NOTE - Total Commander (a file manager app) allows me to see and browse the same items that My Computer normally does. In any and all the abaove situations.
0
 
LVL 24

Accepted Solution

by:
Mohammed Hamada earned 1200 total points
ID: 16773996
Check this link Please and read it well, it might have something will help..

http://www.ntcompatible.com/thread26131-1.html

0
 
LVL 93

Expert Comment

by:nobus
ID: 16774411
i start to think it can be a hard ware issue, so try booting from a knoppix cd. if that works out ok, your hard is fine, or vice cersa.    www.knoppix.org
0
 

Author Comment

by:dgrrr
ID: 16774472
IT'S USER-RELATED!

moh10ly -- you are the balm!  Your recommended page said:  "Some have been able to resolve the issue by logging in as a different user and renaming the desktop directory of their primary user account. Then, when they logged back in it rebuilt their directory folder."

I tried creating a new user -- and the new users are OK! "My Computer" and "services.msc" works for the newly created user, in both normal mode and safe mode. In fact, I now realize why Safe Mode worked before -- because I was choosing to log into windows as the ADMIN, not the main (bad) USER, when in safe mode.  I just tried logging into safe mode as the bad (main) user, and the problem persists. So it has to do with Users, NOT safe mode / normal mode.

As suggested in the page, I tried renaming the bad (main) user's "desktop" folder, forcing it to be recreated. NO improvement (for that user).
Of course I can just lose that user profile. But are there any other suggestions (like other folders to delete), now that we know it's user-related?

Second -- anyone have any ideas on why and how this happens? (explorer freezing / locking cpu for one user?)
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 16775020
I have read an article before that adobe products cause conflict in the user's profile and it cause the computer to freeze but i'm not sure if it freezes explorer.exe file or not. Some .dat files which controlling the settings for adobe photoshop album, the exact folder which might have this problem is

C:\documents and settings\user profile\application data

Then one of the programs or saved application settings are making this to freeze...!

You probably have to uninstall the program, delete it's settings and reinstall to investigate the problem.
But you must save a restore point to avoid any damaging for your data...

0
 

Author Comment

by:dgrrr
ID: 16777484
Turns out the problem was was caused by something in "C:\documents and settings\user profile\local settings\"

When I renamed that folder to "local settings old", and logged the user out and back in (forcing the OS to create a new set of folders), the problem was gone. Then I restored the "bad" Local Settings folder in order to restore the probelm, because I wanted to try removing one sub-folder at a time, to determine which file/folder was causing the problem. I got far enuf to say it definitely was not Local Settings / Application Data.  It probably was not "temp" or "Temporary Internet Files".  I believe a file inside the "History" folder, either a desktop.ini file, or an extra copy of index.dat that was not allowing copying.  But I can't be sure, because after monkeying arounod a while, I couldn't get the problem to happen at all, even when I restored all the "bad" folders.

But that's all academic now -- the problem is gone.  I am SO GLAD you figured this bastard out!  Thanks so much!!!! I was really important to me this time, to find out what was wrong, instead of just having to do a clean install.



In case you're curious -- under the "local settings/temp" folder there are a series of 77 folders:
WER0e2a.dir00
WER1a2d.dir00
WER1ee7.dir00

and so on. Each of those folders contains 4 files --
appcompat.txt
FILENAME.exe.hdmp
FILENAME.exe.mdmp
manifest.txt

(where "FILENAME" is almost always "explorer", but sometimes is "procexp" (winternals "process explorer"), or drwatsn32, or rstrui.exe, or some other exec)

Do these folders look like they're part of some problem? Or is it normal to see these when you're having to end processes using task manager or process explorer?



Ok, last thing, I promise -- Like all techs, I use safe mode frequently to determine if a problem that I'm having in normal mode is part of the OS or part of some 3rd party software. But I rarely, almost never, try logging in as another user.
Is that a standard "thing to try", when you're troubleshooting? to switch users, or create a new admin user?  If it's always a good idea, I'll do it - -but if it's really only applicable in certain situations I don't want to be wasting time.

thx again!
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 16777642
I use the task manager alot to end some processes when they freeze, but i never noticed any files nor folders related to it even though i enver traced them, the .exe means an application and the .mdmp means a memory dump file which indicates that you might have the virtual memory file is corrupted, this would cause those kinds of reports/files..

>>>>> Is that a standard "thing to try", when you're troubleshooting? to switch users, or create a new admin user?  If it's always a good idea, I'll do it - -but if it's really only applicable in certain situations I don't want to be wasting time.

Basically I only create new accouts for certain purposes not always or usually...

And thanx for the grade ;)
0
 

Author Comment

by:dgrrr
ID: 16781301
NP. I usually split points to spread them out among contributors, because even when advice is not relelvant to the given problem, it's almost always good to know anyway.

But this time,  I thought it appropriate to award the one post that lead to success.  

to all: If any of your previous posts / links (before moh10ly's) pointed to the solution (bad file, specifically under My Docs) post here. And see what I can do.
0
 

Author Comment

by:dgrrr
ID: 16781306
to moh10ly - one more thing...

what situations call for re-registering  "SHDOCVW.dll"?

Is there a webpage that suggests when various "DLL" files should be re-registered?  Or an app that does the same thing?


thx!
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 16781682
Usually when you have a corrupted explorer.exe, after you extract a new one to the windows directory you will need to register this DLL...

I'm not sure where I have found this, but it has been awhile since i find it now... Have alook at the following link it may point something to your question.

http://www.colba.net/~hlebo49/errexplo.htm
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question