In an attempt to gather more memory I came across an iexplore.exe process along with an explorer.exe process.  The iexplore.exe is chewing more memory.  Is it a legit process?  Can it be removed if not?

Thanks,

VNBoonie

In an attempt to gather more memory I came across an iexplore.exe process along with an explorer.exe process.  The iexplore.exe is chewing more memory.  Is it a legit process?  Can it be removed if not?

Thanks,

VNBoonie

Hi VNBoonie71,

Welcome to Norton Community!

Windows Explorer(explorer.exe) is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents the user interface on the monitor and enables the user to control the computer. It is sometimes referred to as the Windows Shell, or simply “Explorer”. This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system. The explorer.exe file is located in the folder C:\Windows. In other cases, explorer.exe is a virus, spyware, trojan or worm.

The iexplore.exe file is referred to as the executable file of Microsoft Internet Explorer. The graphical user interface of the iexplore.exe file is composed of graphical Internet pages viewed. Iexplore.exe is the Web browser that connects to the Internet when a user enters a URL in the address bar found on its GUI. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.

This iexplore.exe could also be a process which belongs to a trojan. Determining whether iexplore.exe is a virus or a legitimate Windows process depends on the directory location it executes or runs from. The default path of iexplore.exe in Windows XP is C:\Program Files\Internet Explorer.

Yogesh

Hi,

I found iexplore (no .exe) in C:\Program Files\Internet Explorer folder and 9 other C:\WINDOWS folders.

I did find 3 different iexplore.exe files in C:\WINDOW\Prefetch.  Can any of those be removed?

Thanks,

VNBoonie

Hi VNBoonie71,

Right-click on iexplore that you found in C:\Program Files\Internet Explorer folder and select Properties. Under General tab, you can find the File type mentioned as "Application". This means that it is an Executable or .exe file.

Download Hijackthis using this link: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download. You need download the third in the list (Excutable), install it and click "Do a system scan and save a log". Then open the log in Notepad. Either post the log or send it as a private message. Click on my name in the post, and you can find the option to send Private message in my profile.

Yogesh

---

VNBoonie71 wrote:

Hi,

I found iexplore (no .exe) ......

---

There is a setting in Windows Explorer -- the file manager one -- which is default set to "hide extensions for known file types" [that is the wording in XP; might be slightly different in VISTA?] which is a crazy idea of Microsoft's to help people.

I would recommend that you uncheck the box against this item which you will find:

Open Windows Explorer (not Internet Explorer) and click on Tools / Folder Options / View and locate:

[ x ] hide extensions for known file types

and click on the check box to uncheck it.

Then at the top of that screen click on Apply to all folders

Then you will see the extension for all files and be able to tell the difference between two files next to each other both with the same name ..... because one is name.ini and the other is name.exe for example.

Another advantage of doing this is that some malware takes the name of a file and inserts a harmless looking extension when it is really an .exe file that will run if you click on it.

Hope that helps you understand some of the goings on in your computer.

iexolprer.exe  = internet explorer

explorer.exe = Windows explorer

soccer dad- I'm not tha bright when it comes to these things, so

windows explorer functions as in exploring the windows files and programs? and both of these are needed right?

And one can have 3 iexplorer.exe if they have 3 internet windows open, right? Which by the way, is there any problem in doing that?

Simply try it yourself. Dowload Process Explorer. But why open up 3 windows of Internet Explorer when IE 7 has tab browsing. Or better yet use Firefox.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

I just do it. No good reason. For some reason I like another window open. I bet it takes up more resources

Simply Google it NY and you will find your answer.

http://en.wikipedia.org/wiki/Windows_Explorer

windows explorer functions as in exploring the windows files and programs? and both of these are needed right?

And one can have 3 iexplorer.exe if they have 3 internet windows open, right? Which by the way, is there any problem in doing that?

NY1986,

You are right about Windows Explorer. Windows Explorer is an application that provides detailed information about your files, folders, and drives. You can use it to see how your files are organized and to copy, move, and rename files, as well as perform other tasks pertaining to files, folders, and drives. It is part of the Microsoft Windows operating system that provides a graphical user interface for accessing the file systems, presents the user interface on the monitor and enables the user to control the computer. The simplest way to access Windows Explorer is to right-click th menu or the My Computer icon and select Explore. If your keyboard has a Windows logo key, you can press Win+E to launch Windows Explorer. Alternatively, you can access it from the start menu. In newer operating systems, it is under Accessories.

You are also correct about the iexplore.exe. The number of processes depends on the number of instances of the application which runs. There is no problem in doring that, but the CPU usage for iexplore.exe depends on the Web Page you open in that instance. Any graphics that the web site has will consume your resources/CPU power. If they are moving graphics like flash player, videos,it may increase even more .

Yogesh

Here's the Hijackthis log.

Thanks for your help everyone.

VNBoonie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:23 PM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Norton 360\ScanStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\boonie & mona\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://support.att.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213979232513
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)

--
End of file - 7471 bytes

Hi VNBoonie,

Thanks for posting the log.

Run the Hijackthis Scan, check only the following entry and click Fix.

O4 - Startup: PowerReg Scheduler V3.exe

Then run LiveUpdate from Norton program repeatedly until you see the message that no more updates are available. Then run a Full system scan.

Yogesh