Solved

High explorer.exe CPU usage

Posted on 2013-11-02
22
999 Views
Last Modified: 2013-11-07
HP Desktop with Windows 7 Home Edition SP1-64-bit  4G memory

Runs at 100% right after boot.
No malware, ran all cleaners, Malwarebytes, JFT, ADW, etc

It looks  odd in that there are 3 to 4 instances of explorer.exe sharing to run 100%.
See att.

I was going to do an Inst/Repair but figured whatever this problem is might carry over.
I'm posting on the affected PC, real slowly.

Process Exp
0
Comment
Question by:cfourkays
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 7
  • 2
  • +1
22 Comments
 
LVL 21

Expert Comment

by:CompProbSolv
ID: 39618980
I don't have an obvious answer, but have you tried this in Safe Mode?  How about disabling everything through MSConfig?
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39619036
Safe Mode's fine. Running now with everything disabled.

Process Exp shows 4 instances of explorer.exe cpu like 32, 30, 21, 14, almost adding up to 100%.
Right now it's bouncing around 50, 20, 15,15.

The Task Manager's showing the same basic thing. Before it was just showing a solid 100%
Looking at Strings in Properties in Pro/Exp has a gazillion entries.
I do a lot of malware removal on costumers PC's so that was the first thing I checked. Nada.
0
 
LVL 24

Expert Comment

by:aadih
ID: 39619055
Try (only):

Disable superfetch service (using services.msc) and see if the problem goes away.  Disable it, restart, and see what happens. If no improvement, make it automatic again.
0
Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

 
LVL 2

Author Comment

by:cfourkays
ID: 39619191
Wasn't there a rock group " SuperFetch"

Anyway, I thought we had it I disabled it and after restarting, everything looked normal for about 3 minutes.
Then the explorer.exe functions started showing an d its now back again.
3 explorer.exe's at the top each pulling over 25%.
0
 
LVL 21

Expert Comment

by:CompProbSolv
ID: 39619196
Safe Mode doesn't show the symptom, but it does show up with everything (all startup and services, including Microsoft services) disabled?

If that is correct, then I would run sfc /scannow.  I'm suspicious of a bad OS file of some sort.  This may catch it.
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39619324
I thought the same thing when I first looked at it.
I ran the sfc twice now and it shows no errors.
Chkdsk /r OK.
I'm going to do an Inst/Repair later and see what I get.
Unless you have some other thoughts.
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39619341
Forgot to mention that the PC has that Hardware Diagnostic tool from PC-Doctor that runs a good hardware test, HDD, Memory, etc.
Ran that and came up clean.
0
 
LVL 92

Expert Comment

by:nobus
ID: 39619608
try a system restore to a date it was running fine
it can be caused by an update
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39619993
I've done that.
Thanks for chipping away at this.
I did a lot of troubleshooting but there's probably a lot more I've missed.

I'm going to do the Inst/Repair and let you know what happens.

Pete
0
 
LVL 92

Expert Comment

by:nobus
ID: 39620058
run msconfig
in startup tab, click disable all
in services tab, click "hide MS services" then clikc disable all
reboot to test
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39620138
Hi Nobus, welcome.

OK, I forgot that one.
However, here's the result:
Here's a snip:
What interesting, to me, after a reboot, I'll start the Process Explorer and watch the first explorer.exe replace the System Idle Process, followed by 1, then 2 or 3 more explorer.exe's where they may total close up to 100%

Process Exp
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39620336
Isn't there a way to see what's driving those explorer.exe's?

Sorry for mis-info.

Does the same thing in Safe Mode.
0
 
LVL 92

Expert Comment

by:nobus
ID: 39620870
so you disabled all, and when starting 1 explorer -you got several? that starts looking like a severe OS corruption .
Do you know   when or how did this start ?  maybe a system restore helps then

To look for the cause, try running task management -  select performance tab
now click the Resource Monitor button, and select ram, cpu or disk, as you wish
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39624856
Can I do anything with this?
When I have my internet connected, it seems to trigger the explorer.ese's.
Just looking at another PC, I don't see the "explorer.exe" while connected the same way.
Pete
Resource-Monitor-Internet-connec.JPG
Resource-Monitor-Network-disconn.JPG
0
 
LVL 92

Expert Comment

by:nobus
ID: 39624991
you said no malware ; but that's justy how it looks to me : hijacked
run Hijackthis and post the log file
http://sourceforge.net/projects/hjt/
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39625039
Here you go.
hijackthis.log
0
 
LVL 92

Expert Comment

by:nobus
ID: 39626569
you can remove  or uninstall these to start with :
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

here a bad one :  O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOBCA7~1\GO36F4~1.DLL

i suppose you have a brother device  :  O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe

there are also a variety of "updater" services - you can uninstall them, or disable them at startup (with msconfig) if you are not sure how - tell me
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39628863
I had to remove that "helloworldBHO from the Registry.
The Live search Toolbars are just part of the MSN Explorer that HP with it's Online Package puts on.
I uninstalled the program since the customer doesn't use any of it.

Here's a new HJ log.

Pete
hijackthis-1.txt
0
 
LVL 92

Accepted Solution

by:
nobus earned 500 total points
ID: 39629498
i always uninstall ALL toolbars and "updaters"
do you know how to use the hijackthis for removing these entries?
you can still remove these :  
O3 - Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - (no file)

O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOBCA7~1\GO36F4~1.DLL

then at least all unnecessary - and strange items are gone
0
 
LVL 2

Author Comment

by:cfourkays
ID: 39630496
Hi Nobus,
I don't know which deleted entry cleared the problem but one of them did.
Had to remove the no name toolbar in the Registry. HJ would not remove either.
The 020 entry is still there but appears to have no affect. Can't find it, (yes, nothing hidden)
Here's the HJ log and a snip of the Resource Manager and Task Manager.


I'm a volunteer Malware removal guy on another Forum, (small one), and never once thought to go back to Hijackthis.
When stumped, this is where I go.

Many thanks.

Pete
0
 
LVL 2

Author Closing Comment

by:cfourkays
ID: 39630514
This one was not the normal removal for me since I went through all the latest, updated removal tools.
With nobus's  help the problem was cleared by Hijack this removals.
0
 
LVL 92

Expert Comment

by:nobus
ID: 39630580
tx for feedback!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question