Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

explorer.exe always take over 50% cpu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

explorer.exe always take over 50% cpu

Unread postby ami_hunter2710 » April 7th, 2010, 4:42 am

explorer.exe always take over 50% cpu, if I open task manager, it takes very high cpu, too. Please help me! Here is the hijackthis log file


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:05 PM, on 4/7/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\serverappliance\appmgr.exe
C:\WINDOWS\system32\serverappliance\elementmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IBMIASRW.EXE
C:\iFtpSvc\iFtpSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\iNtfySvc\intfysvc.exe
E:\MDaemon\APP\MDAEMON.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\serverappliance\srvcsurg.exe
C:\WINDOWS\System32\svchost.exe
E:\MDaemon\WebAdmin\WebAdmin.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\tomcat6\bin\tomcat6.exe
c:\windows\microsoft.net\framework\v2.0.50727\aspnet_wp.exe
E:\MDaemon\APP\CFEngine.exe
E:\MDaemon\WorldClient\WorldClient.exe
E:\MDaemon\SpamAssassin\MDSpamD.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\tomcat6\bin\tomcat6w.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://thitructuyen.com/Default.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 222.255.31.225 tourism-tv.org
O1 - Hosts: 222.255.31.225 tvonline.aivietnam.net
O1 - Hosts: 222.255.31.225 vietnhat.aivietnam.net
O1 - Hosts: 222.255.31.225 vijagroup.com.vn
O1 - Hosts: 222.255.31.225 www.vijagroup.com.vn
O1 - Hosts: 222.255.31.225 asiaherano.com.vn
O1 - Hosts: 222.255.31.225 thitructuyen.com
O1 - Hosts: 222.255.31.225 www.thitructuyen.com
O1 - Hosts: 222.255.31.225 hoctructuyen.aivietnam.net
O1 - Hosts: 222.255.31.225 mail.aivietnam.net
O1 - Hosts: 222.255.31.225 test.aivietnam.net
O1 - Hosts: 222.255.31.225 vieclam.aivietnam.net
O1 - Hosts: 222.255.31.225 forum.aivietnam.net
O1 - Hosts: 222.255.31.225 school.aivietnam.net
O1 - Hosts: 222.255.31.225 eschool.aivietnam.net
O1 - Hosts: 222.255.31.225 sourcecode.aivietnam.net
O1 - Hosts: 222.255.31.225 technet.aivietnam.net
O1 - Hosts: 222.255.31.225 cuocdoituoidep.aivietnam.net
O1 - Hosts: 222.255.31.225 voiceofvietnam.aivietnam.net
O1 - Hosts: 222.255.31.225 media.aivietnam.net
O1 - Hosts: 222.255.31.225 game.aivietnam.net
O1 - Hosts: 222.255.31.225 vov.aivietnam.net
O1 - Hosts: 222.255.31.225 vovschool.aivietnam.net
O1 - Hosts: 222.255.31.225 invite.aivietnam.net
O1 - Hosts: 222.255.31.225 storage01.aivietnam.net
O1 - Hosts: 222.255.31.225 storage02.aivietnam.net
O1 - Hosts: 222.255.31.225 webtv.aivietnam.net
O1 - Hosts: 222.255.31.225 music.aivietnam.net
O1 - Hosts: 222.255.31.225 www.tv4it.net
O1 - Hosts: 222.255.31.225 ict-vietnam.org
O1 - Hosts: 222.255.31.225 www.ict-vietnam.org
O1 - Hosts: 222.255.31.225 danlyhotel.com
O1 - Hosts: 222.255.31.225 www.danlyhotel.com
O1 - Hosts: 222.255.31.225 tahabay.aivietnam.net
O1 - Hosts: 222.255.31.225 hotelhuonggiang.com
O1 - Hosts: 222.255.31.225 www.hotelhuonggiang.com
O1 - Hosts: 222.255.31.225 traffic.aivietnam.net
O1 - Hosts: 222.255.31.225 etc.aivietnam.net
O1 - Hosts: 222.255.31.225 travelvietnam-etc.com
O1 - Hosts: 222.255.31.225 daukhi.aivietnam.net
O1 - Hosts: 222.255.31.225 ximanghuunghi.com.vn
O1 - Hosts: 222.255.31.225 sdh.aivietnam.net
O1 - Hosts: 222.255.31.225 tvonline.aivietnam.net
O1 - Hosts: 222.255.31.225 ccp.aivietnam.net
O1 - Hosts: 222.255.31.225 ptth.aivietnam.net
O1 - Hosts: 222.255.31.225 testhethong.aivietnam.net
O1 - Hosts: 222.255.31.225 beta.molisa.aivietnam.net
O1 - Hosts: 222.255.31.225 simexkorea.com
O1 - Hosts: 222.255.31.225 www.simexkorea.com
O1 - Hosts: 222.255.31.225 ict.aivietnam.net
O1 - Hosts: 222.255.31.225 icten.aivietnam.net
O1 - Hosts: 222.255.31.225 ictvietnam.vn
O1 - Hosts: 222.255.31.225 mti.aivietnam.net
O1 - Hosts: 222.255.31.225 csd.aivietnam.net
O1 - Hosts: 222.255.31.225 elearning.csd.aivietnam.net
O1 - Hosts: 222.255.31.225 storage01.csd.aivietnam.net
O1 - Hosts: 222.255.31.225 csd.aivietnam.net
O1 - Hosts: 222.255.31.225 toyotavn.aivietnam.net
O1 - Hosts: 222.255.31.225 toyotavn.local
O1 - Hosts: 222.255.31.225 nguyenvanhuyen.aivietnam.net
O1 - Hosts: 222.255.31.225 acc.aivietnam.net
O1 - Hosts: 222.255.31.225 hdcdgsnn.gov.vn
O1 - Hosts: 222.255.31.225 tid-vn.com.vn
O1 - Hosts: 222.255.31.225 www.tid-vn.com.vn
O1 - Hosts: 222.255.31.225 brosishotels.com.vn
O1 - Hosts: 222.255.31.225 www.brosishotels.com.vn
O1 - Hosts: 222.255.31.225 thienthaihotel.com.vn
O1 - Hosts: 222.255.31.225 www.thienthaihotel.com.vn
O1 - Hosts: 222.255.31.225 thienthaihotel.com
O1 - Hosts: 222.255.31.225 www.thienthaihotel.com
O1 - Hosts: 222.255.31.225 coolhotel.vn
O1 - Hosts: 222.255.31.225 www.coolhotel.vn
O1 - Hosts: 222.255.31.225 oceanhotel.vn
O1 - Hosts: 222.255.31.225 www.oceanhotel.vn
O1 - Hosts: 222.255.31.225 aivietnam.truongcongnghe.vn
O1 - Hosts: 222.255.31.225 dolphin.truongcongnghe.vn
O1 - Hosts: 222.255.31.225 ipcn.truongcongnghe.vn
O1 - Hosts: 222.255.31.225 ipcn.mpi.gov.vn
O1 - Hosts: 222.255.31.225 truongchuyensupham.edu.vn
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ApacheTomcatMonitor] "C:\tomcat6\bin\tomcat6w.exe" //MS//Tomcat6
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1670232476-2090688829-2480138412-1004\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'ASPNET')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O15 - ESC Trusted Zone: http://*.aivietnam.net
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.thitructuyen.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://10.0.0.2
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5284383375
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EA37A81-DB31-4C79-B6A6-1BAE91ABB932}: NameServer = 203.162.0.181
O17 - HKLM\System\CS1\Services\Tcpip\..\{7EA37A81-DB31-4C79-B6A6-1BAE91ABB932}: NameServer = 203.162.0.181
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
O23 - Service: Kaspersky Lab Administration Server (CSAdminServer) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe
O23 - Service: IBM Automatic Server Restart Service for IPMI (ibms6asr) - IBM Corporation - C:\WINDOWS\system32\IBMIASRW.EXE
O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe
O23 - Service: Ipswitch Notification Server (inotifysvr) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iNtfySvc\intfysvc.exe
O23 - Service: Kaspersky Lab Network Agent (KLNagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe
O23 - Service: MDaemon - Alt-N Technologies, Ltd. - E:\MDaemon\APP\MDAEMON.EXE
O23 - Service: Red5 - Unknown owner - E:\web\tvonline\BNN\Service\Red5_1\wrapper\wrapper.exe (file missing)
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\tomcat6\bin\tomcat6.exe
O23 - Service: WebAdmin - Alt-N Technologies, Ltd. - E:\MDaemon\WebAdmin\WebAdmin.exe

--
End of file - 9941 bytes
ami_hunter2710
Active Member
 
Posts: 1
Joined: April 7th, 2010, 4:36 am
Advertisement
Register to Remove

Re: explorer.exe always take over 50% cpu

Unread postby Dakeyras » April 7th, 2010, 8:34 am

As this issue involves either a company owned machine or a machine that is used for business purposes, it falls outside the scope of this forum. Therefore, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware