explorer.exe running a max fever of 170,000 K

DMcLaughlin · 06-30-2008, 04:29 AM

When I look at the processes in my task manager, I see explorer.exe hogging up to 170,000 K. That is definitely not normal and I don't know why it is running that high. I doubt it is any kind of malware or spyware or anything because I keep my computer pretty clean. I use SpywareBlaster, Ad-Aware, and SpyBot S&D, and AVG Anti-Virus. Also, Firefox is running a fever of around 120,000 K as well. Any tips for that?

Thanks!

----------------
Now playing: A Fine Frenzy - Near To You
via FoxyTunes

Mak213 · 06-30-2008, 07:55 AM

Hello,

Please read thru and use Osiris's Guide to spyware removal.

http://www.tech-forums.net/pc/f51/sp...osiris-165828/

Post your hijackt this log in the Analyze area.

http://www.tech-forums.net/pc/f70/

Cheers,
Mak

Snake91839 · 06-30-2008, 08:11 AM

eh, I doubt it's anything like spyware. Also, HJT won't really give anything because it's just one process. Does it do this all the time, or was it just once or twice. Sometimes it will do that when it's not responding to try to get back on it's feet.

Mak213 · 06-30-2008, 08:16 AM

Hello,

The process itself explorer.exe could be a virus. That could be why it is so high of usage. That is why i want to see the log so that i can determine if it is or isnt related to a virus or malware.

I think i know enough of PC's to know when a situation could be the result of a virus or malware.

Cheers,
Mak

DMcLaughlin · 06-30-2008, 08:17 AM

Quote:

Originally Posted by Snake91839

eh, I doubt it's anything like spyware. Also, HJT won't really give anything because it's just one process. Does it do this all the time, or was it just once or twice. Sometimes it will do that when it's not responding to try to get back on it's feet.

It does it very frequently. Right now it is at 175,000 K.

Quote:

Originally Posted by Mak213

Hello,

The process itself explorer.exe could be a virus. That could be why it is so high of usage. That is why i want to see the log so that i can determine if it is or isnt related to a virus or malware.

I think i know enough of PC's to know when a situation could be the result of a virus or malware.

Cheers,
Mak

Here's the log (I'll also post it in Analyze):

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:55 AM, on 6/30/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Sizer\sizer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\twhirl\twhirl.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Sizer (2).lnk = C:\Program Files\Sizer\sizer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/...s/y/poti_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196117104849
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 1: (no name) - Netvibes

--
End of file - 4401 bytes

QuadCore88 · 07-01-2008, 01:58 AM

C:\Program Files\twhirl\twhirl.exe
That's Malware, You might want to remove it.

Everything else is A-OK!

Mak213 · 07-01-2008, 04:17 AM

Quote:

Originally Posted by QuadCore88

C:\Program Files\twhirl\twhirl.exe
That's Malware, You might want to remove it.

Everything else is A-OK!

That might not be malware.

twhirl | a twitter client

Completely legit program.

Please do not advise on Malware Removal. We have a Security Team to do such things. Thank you.

Cheers,
Mak

06-30-2008, 04:29 AM	#1 (permalink)
DMcLaughlin Newb Techie Join Date: Jun 2007 Location: United States of America Posts: 27	explorer.exe running a max fever of 170,000 K When I look at the processes in my task manager, I see explorer.exe hogging up to 170,000 K. That is definitely not normal and I don't know why it is running that high. I doubt it is any kind of malware or spyware or anything because I keep my computer pretty clean. I use SpywareBlaster, Ad-Aware, and SpyBot S&D, and AVG Anti-Virus. Also, Firefox is running a fever of around 120,000 K as well. Any tips for that? Thanks! ---------------- Now playing: A Fine Frenzy - Near To You via FoxyTunes

06-30-2008, 07:55 AM	#2 (permalink)
Mak213 Commander Super Mod Joker Join Date: Sep 2004 Location: In Trotter's crawl space Posts: 14,370	Re: explorer.exe running a max fever of 170,000 K Hello, Please read thru and use Osiris's Guide to spyware removal. http://www.tech-forums.net/pc/f51/sp...osiris-165828/ Post your hijackt this log in the Analyze area. http://www.tech-forums.net/pc/f70/ Cheers, Mak __________________

06-30-2008, 08:11 AM	#3 (permalink)
Snake91839 Super Techie Join Date: Jul 2006 Location: Silicon Valley Posts: 362	Re: explorer.exe running a max fever of 170,000 K eh, I doubt it's anything like spyware. Also, HJT won't really give anything because it's just one process. Does it do this all the time, or was it just once or twice. Sometimes it will do that when it's not responding to try to get back on it's feet. __________________

06-30-2008, 08:16 AM	#4 (permalink)
Mak213 Commander Super Mod Joker Join Date: Sep 2004 Location: In Trotter's crawl space Posts: 14,370	Re: explorer.exe running a max fever of 170,000 K Hello, The process itself explorer.exe could be a virus. That could be why it is so high of usage. That is why i want to see the log so that i can determine if it is or isnt related to a virus or malware. I think i know enough of PC's to know when a situation could be the result of a virus or malware. Cheers, Mak __________________

07-01-2008, 01:58 AM	#6 (permalink)
QuadCore88 Banned Join Date: Jul 2008 Location: BC, Canada Posts: 38	Re: explorer.exe running a max fever of 170,000 K C:\Program Files\twhirl\twhirl.exe That's Malware, You might want to remove it. Everything else is A-OK!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode