Solved

Odd explorer.exe and Activity Window 7-64

  • 16 November 2016
  • 4 replies
  • 90 views

Userlevel 2
I have been having a problem with my Win7-64 machine since installing and then rolling  back install of Windows 10. Since that time, the PC remains stable ONLY if I open and maintain Windows Task Manager on the decktop. If WTM closes, the system locks (unresponsive) and the drive light runs continuously until I reset the machine. I have let it run (literally) for 5 days in this locked state w/o change (as a test)
 
 
A  few things have bubbled to the surface since the problem began (over a year ago). I present these in no particular order, although some are subjective).
 
The EXPLORER.EXE File
I have 8 different versions of Explorer installed on this PC (carry over from past Win installations). All versions of the explorer.exe date from 2009. I have This is about when Win 7-64 was installed over a 32-bit VIsta OS. My recollection of the original file was that it was named "EXPLORER.EXE" (all caps). Although dated 2009, all versions of the Explorer.exe files now are named in lower case. (yes, this is subjective but please bear with me) FOllowing are the Explorer versions on the system. Ddifferent file sizes for roughly the same write date.
 


 
The explorer.exe file visible in task manager displays in lower case although I clearly remember it displying in all upper case (EXPLORER.EXE). Selecting "properties" from within WTM, there is no date associated with the explorer.exe file executing per WTM. However, viewing file properties from within WTM indicates a previously named version of the file as "EXPLORER.EXE" but no file date (see following) ...
 


 
I submitted the separate explorer.exe versions to Webroot file submission. All came back OK.
 
Disc Check and Internet Connection
Prior to Win 10 the PC in question was the most stable system imaginable. Bullet proof. Sonce the system began locking up without Windows Task Manager running and open on the desk top, the system periodically demands a disc check during reboot. This action takes time so I tend to ignore the prompt. If I delay running run disc check enough times, the system begins closing Windows Task Manager by itself and locks up, again demanding a disc check upon reboot.
 
When I run disc check during reboot, it is roughly a 30 hour process. I am not exagerating this. It takes almost a day and a half to disc check this machine when it demands a disc check be completed. HOWEVER, I allowed a disc check recently when my router was down (was working on cable issues). The disc check completes in under 20 minutes.
 
The above is not an exageration and is highly reproducible. Disc chek on reboot connected to the Iinternet = 30 hours. Disc check w/o Internet = 20 minutes.
 
Router Data Usage
The third issue for consideration concerns my monthly data use. I live in a remote desert area and utilize a sateliet connection for Internet. I am limited to 150 Gigs of up + down per month and I never go above my monthly data alotment. However, my router (a Netgear Blackhawk) has built in usage limit) set to the same 150 Gig allocation. While I never excede the monthly limit as defined by the ISP, my router reports data usage at 4 to 5 times that of the provider. I am forced to reset the usage monitor  weekly.
 
A New Explorer In Most New Folders
I do not have capture of this as proof for every instance, however,  I managed earlier to capture a snag and then submit to Webroot a file named simply "explorer".  It appeared in a newly created folder this morning. The Date Modified time coincides with the create time of the folder. I have seen the file before but never managed to snag or copy until today.
 
In Summary
All of this is possibly a confluence of misinterpretted and unrelated issues. Or, it could be something more sinister. I have absolutely no idea. Webroot and every other virus tool reports nothing. However, the PC behaves oddly. I have again and again researched this issue as a virus or root issue and come up with nothing. I have also posted in several MS boards for an explanation. Nada on that effort. My next step is to completely blow the system and do a total rebuild on a new drive. There is so much history in the system I find that difficult to do. So, giving this one last shot here.
 
Does the above raise a red flag for anyone, is any of this familiar to anyone, and in general, what are thioughts here?
Dave
icon

Best answer by BurnDaddy 16 November 2016, 22:11

View original

4 replies

Userlevel 7
Badge +56
Hello,
 
I hate to say going back from Win 10 to Win 7 it would be best to do a clean OS reinstall as there are many issues with Rollback to Win 7 from 10. That would be my best suggestion.
 
Daniel
Hello again TheDHndrsn,
 
Sorry to hear about the issues you're having. It sound exasperating, to say the least.
 
The first thing I would do is to submit a trouble ticket to Webroot. Let support have a look. Perhaps they can gather logs or even remote into your PC if necessary. When you submit the ticket you can point them to this topic so that you don't have to rewrite everything that you detailed here. Give them a chance to reply, usually 24-48 hours but often times sooner. Don't submit multiple tickets as each new ticket sends you to the back of the line.
 
The issues you describe with explorer seem very odd indeed. The disc check requests sound like a possible hardware issue but I don't think there should be such a discrepancy in times between being connected to the Internet and not. As far as I know Windows doesn't connect to the Internet during disc checks.
 
Have you tried starting your computer in Safe mode?
 
Have you tried disconnecting all unnecessary hardware like external drives, printers, webcams, etc.?
 
Is it possible for you to do a clean install of Windows 7 (after backing up you files, of course)?
 
Another suggestion would be to go ahead and upgrade to Windows 10. I know this is a doosie, as I was very hesitant to upgrade myself. But I have found it to be better than Win7, actually, and have grown to quite like it.
 
These are just some things I've thought of off the top of my head. Perhaps other members here in the Community will see this and contribute their thoughts.
 
But I would definitely start with the support ticket, at least to rule out malware.
 
Sorry I couldn't have been more help. It's just that there could really be a number of different issues at play here.
 
Take care and let us know what support has to say.;)
 
BD
 
 
 
 
 
 
Userlevel 2
Please close this request. I have identified the issue. It was malware after all.
 
I hate to relate this guys, 'cause I love Webroot, but a Norton tool untilmately ID'd the issue.
 
The problem was a file installed with an LG (as in the electronics ocmpany) application installed. Norton identified the ap as malware. It was uploading copy of data and activity whenever I was connected to the web. Unfortunately, I did not think to copy and save the name of the application  and information Norton provided so I am unable to share more on this.
 
The application was i-LGdrive or something such as that. Sorry.
 
Norton also identified one additional DLL in the System 32 folder that was unknown to their database but appeared suspicios. It did not recommend removal but I removed the DLL anyhow.
 
The system is back once again to its former self. No crashes. Only a single explorer.exe running.
 
Notron may have ID'd the issue, but you folks were the most responsive to this issue. For that reason alone I plan to remain with Webroot.
 
Regards,
Dave
Userlevel 7
Badge +25
@  wow what a fiasco you went through.  I am glad that your issue is resolved.   We are glad that you plan to stay with Webroot.  Please feel free to access the Webroot Community Forum for any issues you may have.

Reply