Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

explorer.exe always take over 50% cpu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

explorer.exe always take over 50% cpu

Unread postby ami_hunter2710 » April 7th, 2010, 4:42 am

explorer.exe always take over 50% cpu, if I open task manager, it takes very high cpu, too. Please help me! Here is the hijackthis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:05 PM, on 4/7/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://thitructuyen.com/Default.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: tourism-tv.org
O1 - Hosts: tvonline.aivietnam.net
O1 - Hosts: vietnhat.aivietnam.net
O1 - Hosts: vijagroup.com.vn
O1 - Hosts: www.vijagroup.com.vn
O1 - Hosts: asiaherano.com.vn
O1 - Hosts: thitructuyen.com
O1 - Hosts: www.thitructuyen.com
O1 - Hosts: hoctructuyen.aivietnam.net
O1 - Hosts: mail.aivietnam.net
O1 - Hosts: test.aivietnam.net
O1 - Hosts: vieclam.aivietnam.net
O1 - Hosts: forum.aivietnam.net
O1 - Hosts: school.aivietnam.net
O1 - Hosts: eschool.aivietnam.net
O1 - Hosts: sourcecode.aivietnam.net
O1 - Hosts: technet.aivietnam.net
O1 - Hosts: cuocdoituoidep.aivietnam.net
O1 - Hosts: voiceofvietnam.aivietnam.net
O1 - Hosts: media.aivietnam.net
O1 - Hosts: game.aivietnam.net
O1 - Hosts: vov.aivietnam.net
O1 - Hosts: vovschool.aivietnam.net
O1 - Hosts: invite.aivietnam.net
O1 - Hosts: storage01.aivietnam.net
O1 - Hosts: storage02.aivietnam.net
O1 - Hosts: webtv.aivietnam.net
O1 - Hosts: music.aivietnam.net
O1 - Hosts: www.tv4it.net
O1 - Hosts: ict-vietnam.org
O1 - Hosts: www.ict-vietnam.org
O1 - Hosts: danlyhotel.com
O1 - Hosts: www.danlyhotel.com
O1 - Hosts: tahabay.aivietnam.net
O1 - Hosts: hotelhuonggiang.com
O1 - Hosts: www.hotelhuonggiang.com
O1 - Hosts: traffic.aivietnam.net
O1 - Hosts: etc.aivietnam.net
O1 - Hosts: travelvietnam-etc.com
O1 - Hosts: daukhi.aivietnam.net
O1 - Hosts: ximanghuunghi.com.vn
O1 - Hosts: sdh.aivietnam.net
O1 - Hosts: tvonline.aivietnam.net
O1 - Hosts: ccp.aivietnam.net
O1 - Hosts: ptth.aivietnam.net
O1 - Hosts: testhethong.aivietnam.net
O1 - Hosts: beta.molisa.aivietnam.net
O1 - Hosts: simexkorea.com
O1 - Hosts: www.simexkorea.com
O1 - Hosts: ict.aivietnam.net
O1 - Hosts: icten.aivietnam.net
O1 - Hosts: ictvietnam.vn
O1 - Hosts: mti.aivietnam.net
O1 - Hosts: csd.aivietnam.net
O1 - Hosts: elearning.csd.aivietnam.net
O1 - Hosts: storage01.csd.aivietnam.net
O1 - Hosts: csd.aivietnam.net
O1 - Hosts: toyotavn.aivietnam.net
O1 - Hosts: toyotavn.local
O1 - Hosts: nguyenvanhuyen.aivietnam.net
O1 - Hosts: acc.aivietnam.net
O1 - Hosts: hdcdgsnn.gov.vn
O1 - Hosts: tid-vn.com.vn
O1 - Hosts: www.tid-vn.com.vn
O1 - Hosts: brosishotels.com.vn
O1 - Hosts: www.brosishotels.com.vn
O1 - Hosts: thienthaihotel.com.vn
O1 - Hosts: www.thienthaihotel.com.vn
O1 - Hosts: thienthaihotel.com
O1 - Hosts: www.thienthaihotel.com
O1 - Hosts: coolhotel.vn
O1 - Hosts: www.coolhotel.vn
O1 - Hosts: oceanhotel.vn
O1 - Hosts: www.oceanhotel.vn
O1 - Hosts: aivietnam.truongcongnghe.vn
O1 - Hosts: dolphin.truongcongnghe.vn
O1 - Hosts: ipcn.truongcongnghe.vn
O1 - Hosts: ipcn.mpi.gov.vn
O1 - Hosts: truongchuyensupham.edu.vn
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ApacheTomcatMonitor] "C:\tomcat6\bin\tomcat6w.exe" //MS//Tomcat6
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1670232476-2090688829-2480138412-1004\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'ASPNET')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O15 - ESC Trusted Zone: http://*.aivietnam.net
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.thitructuyen.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5284383375
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EA37A81-DB31-4C79-B6A6-1BAE91ABB932}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{7EA37A81-DB31-4C79-B6A6-1BAE91ABB932}: NameServer =
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
O23 - Service: Kaspersky Lab Administration Server (CSAdminServer) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe
O23 - Service: IBM Automatic Server Restart Service for IPMI (ibms6asr) - IBM Corporation - C:\WINDOWS\system32\IBMIASRW.EXE
O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe
O23 - Service: Ipswitch Notification Server (inotifysvr) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iNtfySvc\intfysvc.exe
O23 - Service: Kaspersky Lab Network Agent (KLNagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe
O23 - Service: MDaemon - Alt-N Technologies, Ltd. - E:\MDaemon\APP\MDAEMON.EXE
O23 - Service: Red5 - Unknown owner - E:\web\tvonline\BNN\Service\Red5_1\wrapper\wrapper.exe (file missing)
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\tomcat6\bin\tomcat6.exe
O23 - Service: WebAdmin - Alt-N Technologies, Ltd. - E:\MDaemon\WebAdmin\WebAdmin.exe

End of file - 9941 bytes
Active Member
Posts: 1
Joined: April 7th, 2010, 4:36 am
Register to Remove

Re: explorer.exe always take over 50% cpu

Unread postby Dakeyras » April 7th, 2010, 8:34 am

As this issue involves either a company owned machine or a machine that is used for business purposes, it falls outside the scope of this forum. Therefore, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
MRU Honors Graduate
MRU Honors Graduate
Posts: 8750
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware