Explorer.exe and taskmgr.exe takes too much CPU power... while running

[mist_hero]

hmm... problem : both explorer.exe and taskmgr.exe consumes much CPU power than it should be... like 50-50 each (thus adding up to 100% CPU Usage)
-Programs starts to slow down (mostly anything that concerns explorer.exe and taskmgr.exe) firefox and iexplorer still work properly (still fast with the core 2 duo)
-It takes around 10 seconds or slower to make explorer.exe respond (opening through files) taskmgr.exe ... a bit faster than explorer... but still slow as someone using a typewriter
-This all happened when i tried to open my storage media device. Afterwards, my computer got infected by hbq.exe (i deleted it) i defragged my computer, i've also done a few chkdsks.
-i've also scanned for any viruses, cleaned out registry from all the hbq.exe bs as well as deleting autorun.ini(s) from my drives (since that's where hbq.exe comes from, autorun.)

And still my explorer and taskmgr is still running at it's lowest. :|
Oh and also, some video playback also slows down... i'm not sure if that's related though...
PC Specs :
Intel Core 2 Duo
2GB Transcend
Windows XP Professional SP3 RC
Nvidia GeForce 8500 GT

I've end processed Explorer.exe for a while... i'll just be surfing through other programs (like firefox.exe or vlc.exe or even winrar) for my daily things... need answers and solutions :|
EDIT : Oh and reformatting is not an option i'd like to know what the hell is slowing it down... if reformatting is the only option... then...i need to get an XP installer. I did view some threads about taskmgr and explorer slowing down... but it didnt really fix my problem....

 

[CCT]

If you do some reading here, you will find out where that baddie hides and how difficult it is to remove.

http://forums.techguy.org/malware-r...-unintentional-shutdowns-slowing-down-pc.html

 

[mist_hero]

hbq.exe can do that much damage? (restarting computers... never had that with hbq.exe at all) anyways, i've followed an easier instruction set in deleting/removing hbq.exe from here http://wlalng.wordpress.com/2008/02/20/how-to-remove-trojan-that-uses-an-autoruninf-file/

followed that through, and now on the problem : high cpu consumption of explorer.exe
Another thing to have a note about it, is that explorer doesnt slow down during safe mode.... but slows down in normal mode for some weird reason. A friend of mine from IRC said it must be one of those startup programs. But i'm not really sure...

 

[Bobbye]

1. Explorer.exe: This is either your Windows Desktop or you have Windows Explorer open.
Recommendation :
Vital !! Leave untouched. Note that the full path should be C:\Windows\Explorer.exe or C:\WinNT\Explorer.exe.

2. Explorer .exe: If the path of this file does NOT show up as C:\Windows\Explorer.exe or C:\WinNT\Explorer.exe then you most probably have a virus such as the Trojan.Kility virus.

Recommendation : Check the path If you have a virus, then simply make sure you have an up‑to‑date reputable antivirus program and run a full virus scan on your PC.

Virus with same name:
W32.MyDoom.B - Symantec Corporation
and other...

1. TaskMgr.exe: Windows NT4/2000/XP/2003 Task Manager. The path for this program is C:\WINNT\System32\Taskmgr.exe or C:\WINDOWS\System32\Taskmgr.exe.

2. Taskmgr.exe: If you are running Windows 2000/XP/2003 and you do not have the Windows Task Manager currently open, or if you are running Windows 95/98/ME, then you have the Trojan.StartPage.G virus, or one of the viruses that masquerades as the Task Manager.

Source: answersthatwork Tasklist

 

[mist_hero]

Explorer is running from C:\WINDOWS\explorer.exe no other explorer(s) open
Taskmgr is running from C:\WINDOWS\system32\taskmgr.exe no other Taskmgr(s) open

Thanks to Process Explorer.
Anyways, i'll follow it up with another virus scan, A^2 and Norton CE after i restart, i did a few changes on registry startup issues... as well as a fake svchost.exe running.

 

[mist_hero]

Ahh... finally solved the problem, after viewing the registry by a friend of mine on irc -> http://rafb.net/p/twFRHA86.html
he analyzed it, and the root was in the startup entries. and a few other things. I also deleted any programs that may have been running with those entries.
CPU Usage is at 0-15%. thanks for the quick solutions, though just to be sure i'll follow up on that hbq.exe removal...

 

[Bobbye]

I am concerned about your comment "I also deleted any programs that may have been running with those entries." I don't know if you're referring to the processes explorer.exe and taskmgr.exe or something in your Startup.

And this "as well as a fake svchost.exe running" is very puzzling!

If you were to prepare your system for Shutdown, not shutdown but open the Task Manager, you should see System Idle and taskmgr.exe consuming 100% of the CPU- there is a possibility that a small amount could be in System, but still included within the 100% total usage..

Deleting Registry entries randomly can get you into big trouble!

 

[mist_hero]

the fake svchost was found under system idle process... which was running from C:\Windows\System\, my friend from IRC found it on the registry i sent him (it's on that paste link) and i removed it off, plus any "File not found" entries.

All i saw competing for 50 CPU Process was Task manager or Explorer (within the confines of taskmgr.exe) but when i viewed it with process explorer, system idle process was also going high in the mid 30s-40s CPU Usage (though Explorer remains the highest)

 

[Bobbye]

When you are prepared to shut down and you open the Task Manager, you should see something like this;
System Idle: 98%
taskmgr.exe: 2%
explorer.exe: mine fluctuated 0-2% ( with the other 2 processes adjusting so that total CPU =100%.

There are multiple svchost.exe processes showing, but none are consuming any CPU. I still don't know how you determined one of them was 'false'. Malware can be found using the 'svchost.exe' process. Be sure to check the spelling of this word- svchost.exe are Service Host – Generic Host Process for Win32 Services. The full path to this file should be shown as C:\WinNT\System32\Svchost.exe or C:\Windows\System32\Svchost.exe.

SVCHOST.EXE> Svchost32.exe> Svhost.exe> Many viruses masquerade themselves as SVCHOST to escape detection. Some have names that are similar, such as SCCHOST, others actually drop a program file called SVCHOST in the Windows folder or a Windows sub‑folder.

The easiest to confuse is: SCVHOST.exe> You have the Backdoor.Sdbot.N virus, or one of the Gaobot viruses, or one of the many other viruses which drop SCVHOST.EXE (not to be confused with SVCHOST .

Source: answersthatwork Task List.

My viewing is through the Task Manager. Using Process Explorer might be the reason you show activity.

 

[mist_hero]

hmm i should've kept that file that actually does all of this... i got infected again after opening my MP4, same virus, easily dispatched this time. Opening from Double Click, it 'autoruns' something. Deleting 'autorun.inf' from your harddrives/flashdisks will save you the time.

Yeah, there's a lot of SVCHOST things flying around, if you view it with process explorer, it's all under System Idle Process. The virus program (if you managed to catch it, and didnt restart) should be seen outside of that System Idle Process Tree...
I identified them as false svchost... because well... friend said that it was under Windows\System\ folder.... apparently it fixed the CPU usage of both Explorer and Task Manager...

Oh another heads about this virus... my friend experienced something differently when his computer got infected (textpad popping out or something) and he never had CPU Usage going to it's maximum... dunno why... but it seems to be changing what it can do to your system.

 

[Bobbye]

You need to forget the friend and deal with what you have. Instead of looking in Process explorer, look in the Task Manager. That's where you will see the multiple svchost.exe processes and they are 'not' under' system Idle, whatever that means!