Windows 7-explorer.exe using 100% CPU + Other Serious Issues

rainerudhiel Posts 3 Registration date Monday November 18, 2013 Status Member Last seen December 1, 2013 - Nov 18, 2013 at 05:12 AM
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 - Dec 2, 2013 at 05:05 AM
Hello, really looking to get some advice. I've been looking everywhere regarding my problem--most answers for this topic come up for windows XP...and though I've tried following the answers posted, nothing seems to work. The last partial success I had (briefly) was going in to regedit, looking at the image file execution, and deleting iexporer.exe (as posted here)

The CPU doesn't spike when I am running anything, in fact it is like that when I have closed every possible thing I can think of and the computer is just sitting here (which is why I'm having problems finding an answer). I think that my problems with this may stem from something else.

Recently, I had a problem with a worm/trojan that had been hiding in the computer for possibly a few years and I didn't even notice. In fact, on my previous computer I was told the program was essential for windows. The file was called dllhost32*

About a week ago, I was in the middle of gaming, and just after I closed out the game, my computer started to slow down horribly. I went in to task manager and found that dllhost32* had 20+ instances of itself...even clicking 'end process/tree' did nothing. I ran malware bytes, microsoft security essentials, downloaded and ran AVG, nothing would catch it. I googled it, and found out what it was exactly. I ended up having to search for it manually, and ended up finding dllhost32* hidden away in some folders: system32 (c:\windows), syswow64(c:\windows), amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.6.7600.16385_none_a018e05d0d33081d(C:\windows\winsxs) ,

and additionally- I found a file named dllhst3g in the same folders with the addition to this one: x86_microsoft-windows-com-surrogate-31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7(c:\windows\winsxs).

Needless to say it was a VERY painstaking process, since all of these files are 'owned' by 'trusted installer' in safe mode I had to 'own' each of them to delete them.

Everything should have been alright, yes? Well after restarting everything seemed okay except I couldn't open picture files with Windows Picture Viewer. The files were there, and would open with everything else. My brother advised on a cmd scan that would fix the errors--which it did, and allowed me to use the program to open these pictures-except, it brought back dllhost32*!! I was having the same problems all over again. So, I deleted it all again, manually, ran some virus scans, etc.

So here I am now. CPU at 100% with explorer.exe

I've followed tons of advice, from looking for corrupt .lnk files on the desktop(and downloading something called remote target shortcut for UNC path -which did nothing) to using
security task manager, and even process explorer(which I never understood).

Doing a clean wipe and re-install of windows 7 isn't an option at the moment(i have windows 7 legally but not the install disc), and don't have anything to back- up my files on currently.

If anyone could help, I would really appreciate it!

Some additional notes:

-right click is slow to load.
-sometimes my open windows suddenly 'stop responding', and even my web browsers
- start menu items and application items(in folders) take a long time for their icon to show up
--cpu for explorer.exe is always at least 80-100%
-cpu is NOT used up in safe mode

3 replies

scarlet.ia Posts 17 Registration date Wednesday November 20, 2013 Status Member Last seen November 27, 2013 3
Nov 20, 2013 at 04:25 PM
Don't bother to search anymore for a solution.

Save all your data from C:\ partition and format/re-install your Windows.
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,241
Nov 20, 2013 at 05:25 PM

I suggest that your machine is badly infected.

Most virus infection need to be individually analysed, you can't just pick a solution here or there without risks.

I may be able to help you hoping that you have not caused to much damage.

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on the "Configure" button.

7. Click on the Magnifying glass with the + sign.

8. Click on "Search"

Wait for the tool to finished (maybe a long time)

9. Close ZHPDiag.

10. To transmit the report, click on this link :

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

10. Select the file ZHPDiag.txt.

11. Click on "upload »

12. Copy the URL and post it here.

Best regards

Moderator /Security Contributor
rainerudhiel Posts 3 Registration date Monday November 18, 2013 Status Member Last seen December 1, 2013
Dec 1, 2013 at 09:59 PM
Thanks to both of you for your advice. I went ahead and backed up stuff after deleting the dllhost32 stuff that I could find. Reinstalled windows and everything was working smoothly. After a while I decided to check and see if dllhost32 was returned, or the dllhst3g was back...and sure enough it was there. my wnsxs folder is littered with literally thousands of folders associated with this worm. Today I have reinstalled windows twice (via partition), and I am beginning to think that my partition(which returns everything to its factory condition) is infected with this as well. I can't access this though, so I can't delete the files porperly. I've also noticed that every file associated with the dllhost32/dllhst3g worm has a 'modified' date of 7/13/2009--around the time I had my last computer. I'm wondering what I should do now? I know how to chang ownership of files and delete them...but even AVG won't shred the files once they are in recycling and nothing else seems to work. Is my only other option to get a new (maybe disc) proper version of windows 7? Please help!
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,241
Dec 2, 2013 at 05:05 AM
Well I tried to help but instead you ignored me and you went on your own to do things,