Questions

Explorer.exe is on 50-60 % CPU uses.......!

Tags:
+
0 Votes
Locked

Explorer.exe is on 50-60 % CPU uses.......!

sanjana8480
Good day to all Friends!

I have windows server 2000 with SP4 installed on IBM x Series 236 with SQL 2005, AV is Office Scan with current updates.
Now I guess it is infected with some virus / Trojans.
When I double click on My computer it doesn?t open and looking at task manager explorer.exe shows 25% CPU uses, when I again double click to open my computer, explorer.exe again goes to 50-60 %. When I close explorer.exe and again run explorer.exe, CUP come down to normal operation which is 0-2%. I tried opening explorer.exe from C:\winnt\explorer.exe but the result remains the same.
For your reference I am sending Hijackthis Log & processlist.txt


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:41 AM, on 4/14/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\IBMHPASV.EXE
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\taskmgr.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.somedomain.net.ae:8080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://podgateway.mydomainname.com:808/OfficeScan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://podgateway.mydomainname.com:808/OfficeScan/console/ClientInstall/setupini.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://domaingateway.mydomainname.com:808/OfficeScan/console/ClientInstall/RemoveCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mydomainname.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{70157781-EBBD-4643-8AF7-A0ABBF5136F9}: NameServer = 192.168.100.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B61389F-76B5-4347-9490-E5E1925F3AFD}: NameServer = 192.168.100.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mydomainname.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{70157781-EBBD-4643-8AF7-A0ABBF5136F9}: NameServer = 192.168.100.11
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mydomainname.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{70157781-EBBD-4643-8AF7-A0ABBF5136F9}: NameServer = 192.168.100.11
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM Active PCI Alert Service (IBMHPS) - IBM Corporation - C:\WINNT\System32\IBMHPASV.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 5120 bytes


Process list saved on 9:20:48 AM, on 4/14/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)

[pid] [full path to filename] [file version] [company name]
192 C:\WINNT\System32\smss.exe 5.0.2195.6601 Microsoft Corporation
212 C:\WINNT\system32\winlogon.exe 5.0.2195.6714 Microsoft Corporation
264 C:\WINNT\system32\services.exe 5.0.2195.6700 Microsoft Corporation
276 C:\WINNT\system32\lsass.exe 5.0.2195.6695 Microsoft Corporation
420 C:\WINNT\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
464 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
512 C:\WINNT\system32\spoolsv.exe 5.0.2195.6659 Microsoft Corporation
760 C:\WINNT\System32\IBMHPASV.EXE 5.0.0.0 IBM Corporation
776 C:\WINNT\System32\inetsrv\inetinfo.exe 5.0.2195.6620 Microsoft Corporation
792 C:\WINNT\System32\llssrv.exe 5.0.2195.6697 Microsoft Corporation
932 C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe 6.0.0.1250 Trend Micro Inc.
964 C:\WINNT\system32\MSTask.exe 4.71.2195.6704 Microsoft Corporation
1052 C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe 6.0.0.1250 Trend Micro Inc.
1236 C:\WINNT\System32\WBEM\WinMgmt.exe 1.50.1085.100 Microsoft Corporation
1296 C:\WINNT\system32\svchost.exe 5.0.2134.1 Microsoft Corporation
1308 C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe 10.0.5520.0 VERITAS Software Corporation
2220 C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe 6.0.0.1250 Trend Micro Inc.
1960 C:\WINNT\System32\svchost.exe 5.0.2134.1 Microsoft Corporation
2224 C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe 10.0.5520.0 VERITAS Software Corporation
1360 C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe 6.0.0.1250 Trend Micro Inc.
2496 C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe 6.0.0.1250 Trend Micro Inc.
1740 C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe 2000.80.760.0 Microsoft Corporation
900 C:\WINNT\explorer.exe 5.0.3700.6690 Microsoft Corporation
2096 C:\WINNT\system32\mmc.exe 5.0.2195.6601 Microsoft Corporation
1980 C:\WINNT\system32\taskmgr.exe 5.0.2195.6620 Microsoft Corporation
820 C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe 2000.80.760.0 Microsoft Corporation
1232 C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe 2000.80.760.0 Microsoft Corporation
1264 C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe 9.107.8320.0 Microsoft Corporation
1188 C:\WINNT\System32\msdtc.exe 1999.9.3421.3 Microsoft Corporation
2512 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 2.0.0.2 Trend Micro Inc.

************************************************************************

Pls tell me how I can get rid of this problem.
Your valuable answers are welcome.

Many thanks.
  • +
    0 Votes
    seanferd

    No good reason for it.

    Also, it's generally not a good idea to post HijackThis logs without being requested to do so. Do that in forums where they request it all the time.

  • +
    0 Votes
    seanferd

    No good reason for it.

    Also, it's generally not a good idea to post HijackThis logs without being requested to do so. Do that in forums where they request it all the time.