explorer.exe

Discussion in 'other software & services' started by Natural Born Killa, Aug 16, 2004.

Thread Status:
Not open for further replies.
  1. Natural Born Killa

    Natural Born Killa Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    I currently have a problem with explorer.exe.

    Everytime I acess my E partition of my stem drive, its maxes out the CPU usage and hogs a load of RAM - sometimes as high as 300mb!!!

    The HD set up is as follows:

    c: System drive
    e: storage

    Which both belong to my maxtor Diamondmax 8

    d: storage
    f: storage

    Which belong to my Segate Baracuda.

    I have done complete virus checks, and spyware scans - what on earth is causing this problem?

    Thankyou for your time,

    Paul
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I know of one instance if your AV System overly configured that it’ll cause this anomaly. Try disabling AV from the background and try accessing your E partition...
     
  3. Natural Born Killa

    Natural Born Killa Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    No luck with that :(

    I have also noticed there is a similar problem on the other drives, but to a lesser extent. The hihest it will hit on d: for example, is 50-60 percent.
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Have you checked to verify you HDD isn't failing?
     
  5. Natural Born Killa

    Natural Born Killa Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    I have run scandisk, and that came up with no problems?
     
  6. Natural Born Killa

    Natural Born Killa Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    Has no one got any ideas?
     
  7. Clowny

    Clowny Registered Member

    Joined:
    Aug 11, 2004
    Posts:
    70
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Natural Born Killa un requested HJT logs are not checked at wilders anymore please check here I am going to remove the log and close it


    bigc
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Another suggestion would be to run Sysinternals' FileMon while you access those drives. It might help you pinpoint the process (executable) responsible for locking your system up. Be sure to enable the volumes you want to monitor in the Volumes menu.

    Nick
     
  10. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Natural Born Killa Why is explorer.exe set to run at startup?


    O4 - HKCU\..\Run: [Windows Explorer] explorer.exe
     
    Last edited: Aug 18, 2004
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  12. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    You might want to do a search on your computer for explorer.exe and see how many you come up with and where they are located.
     
    Last edited: Aug 18, 2004
  13. Natural Born Killa

    Natural Born Killa Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    Thanks for all the responses people. I will try the Maxtor check once I reconnect my floppy disk, cos I dont use the things anymore! I am also going to try the other suggestions in the mean time, and Ill let you know how I get on.

    In response to your question, I am not sure why exploerer.exe is running at start up, should this be happening then? If not, I will remove it. SHall I do that?

    I also just did a search for explorer.exe, and I have it in 2 places. One in the c:\windows folder and one in the c:windows\ServicePackFiles\i386. There was, of course, also a pf file in the preftech.

    Thanks.
     
  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Explorer.exe is Windows Shell, also you use it when using "Windows Explorer",

    What Start-up do you see explorer.exe using? What's it's locations?
     
  15. Natural Born Killa

    Natural Born Killa Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    Whilst having SMART running, I went into D and E and started browsing, and it started running slow like it usually does, and SMART showed the increase in "Seek Time Performance", as it went above the threshold. WHat does this tell me, other than the obvious?
     
  16. Natural Born Killa

    Natural Born Killa Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    I am a little confused at to what your asking me, but I ran MSconfig and it originates from the following directory:

    HKCU\..\Run: [Windows Explorer] explorer.exe
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    What version of Windows?
     
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    When you done the search on Explorer.exe, were they both the same size files in both locations?
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I'd suggest to remove Windows Explorer from that start-up location, since Windows Shell loads elsewhere I don't see it necessary for it to be there.
     
  20. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Natural Born Killa, what version of Windows are you using? go to START->RUN and type REGEDIT and hit [ENTER]. double-click HKEY_CURRENT_USER and then SOFTWARE and then MICROSOFT and then WINDOWS and then CURRENTVERSION and then RUN. there you'll see the whole keyname and its value. tell us what it is. as Phant0m already suggested the shell is loaded from another entry so it is important that you check that entry.
     
  21. Natural Born Killa

    Natural Born Killa Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    OK, I am running XP, and the explorer was the same size in both locations , yes.

    I have done what you suggested AMRX, but I am slightly unsure of what you want?
     
  22. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Try running Autostart Viewer from DCS and post a screenshot (or save the output as a text file and post the text). There should not be a reference there autostarting explorer.exe. Only in HKLM\...

    Nick
     

    Attached Files:

    Last edited: Aug 19, 2004
  23. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Actually using HjackThis Utility, it doesn’t cover Windows Shell Start-up Group.
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Unless you using "Generating StartupList Log" Feature, but in the main viewer area...
     
  25. Natural Born Killa

    Natural Born Killa Registered Member

    Joined:
    Aug 16, 2004
    Posts:
    17
    DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Paul Doran@KD7, 08-19-2004
    c:\windows\system32\autoexec.nt
    C:\WINDOWS\system32\mscdexnt.exe
    C:\WINDOWS\system32\redir.exe
    C:\WINDOWS\system32\dosx.exe
    c:\windows\system32\config.nt
    C:\WINDOWS\system32\himem.sys
    c:\windows\system.ini [drivers]
    timer=timer.drv
    c:\windows\system.ini [boot]\shell
    C:\WINDOWS\Explorer.exe
    c:\windows\system.ini [boot]\scrnsave.exe
    C:\WINDOWS\System32\logon.scr
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    C:\WINDOWS\Explorer.exe
    HKCU\Control Panel\Desktop\scrnsave.exe
    C:\WINDOWS\System32\logon.scr
    HKCR\vbsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\vbefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wshfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wsffile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\GSICONEXE
    C:\WINDOWS\system32\GSICON.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\DSLAGENTEXE
    dslagent.exe USB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SoundFusion
    RunDll32 hercplgs.cpl,BootEntryPoint
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Imonitor
    C:\Program Files\McAfee\QuickClean\Plguni.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck
    C:\WINDOWS\system32\NeroCheck.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MCUpdateExe
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MSKAGENTEXE
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VSOCheckTask
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\McAfee Guardian
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MCAgentExe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VirusScan Online
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MSKDetectorExe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MPFTray
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\McRegWiz
    C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Explorer
    C:\WINDOWS\explorer.exe
    HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
    C:\WINDOWS\System32\CTFMON.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\System32\webcheck.dll
    C:\WINDOWS\System32\stobject.dll
    C:\WINDOWS\Tasks\McAfee Privacy Service Anti-Spyware Scan.job
    C:\PROGRA~1\McAfee\MCAFEE~3\swdetect.exe
    C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (KD7-Paul Doran).job
    c:\program files\mcafee.com\vso\mcmnhdlr.exe
    C:\WINDOWS\Tasks\McAfee.com Update Check (KD7-Paul Doran).job
    C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\Documents and Settings\Paul Doran\Start Menu\Programs\Startup\Active SMART.lnk
    C:\Program Files\Active SMART\ActiveSMART.exe
    HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
    autocheck autochk *
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    C:\WINDOWS\system32\userinit.exe
    HKLM\System\CurrentControlSet\Control\WOW\cmdline
    C:\WINDOWS\system32\ntvdm.exe
    HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
    C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    C:\WINDOWS\system32\mswsock.dll
    C:\WINDOWS\system32\rsvpsp.dll
    HKLM\System\CurrentControlSet\Services\VxD\Cyberkrn\
    C:\Program Files\McAfee\McAfee Shared Components\Cyberkrn.vxd
     
Thread Status:
Not open for further replies.