Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1230
  • Last Modified:

Explorer.exe high cpu

In Process Explorer, I see several threads running with high processing power.
The Start address is SHLWAPI.dll!PathIsRootW+0xcc
The stack is
ntoskrnl.exe!ExpInterlockedFlushSList+0x126f
ntoskrnl.exe!KeWaitForMultipleObjects+0xcca
ntoskrnl.exe!KeWaitForMutexObject+0x2da
ntoskrnl.exe!_misaligned_access+0x35
ntoskrnl.exe!MmUnlockPages+0x1160
ntoskrnl.exe!KeWaitForMultipleObjects+0xe61
ntoskrnl.exe!KeWaitForMutexObject+0x2da
avgmfx64.sys+0x2763
avgmfx64.sys+0x880
avgmfx64.sys+0x75b
avgmfx64.sys+0xbe6
fltmgr.sys!FltIsCallbackDataDirty+0xd8a
fltmgr.sys!FltIsCallbackDataDirty+0x5c
fltmgr.sys!FltReadFile+0xddc6
fltmgr.sys!FltAcquirePushLockShared+0xc87
fltmgr.sys!FltReadFile+0xdddc
ntoskrnl.exe!ObOpenObjectByName+0x2733
ntoskrnl.exe!FsRtlOplockIsFastIoPossible+0x611
ntoskrnl.exe!ObOpenObjectByName+0x2f4
ntoskrnl.exe!SePrivilegeCheck+0x2d0
ntoskrnl.exe!NtCreateFile+0x78
ntoskrnl.exe!ZwUnloadKeyEx+0x20d3
ntdll.dll!NtCreateFile+0xa
LVPrcInj02.dll!LVPRCINJ_Challenge+0x132e
LVPrcInj02.dll!LVPRCINJ_Challenge+0x1487
kernel32.dll!CreateFileW+0x26c
SHELL32.dll!DriveType+0x93
SHELL32.dll!SHAlloc+0x10ce
SHELL32.dll!SHAssocEnumHandlers+0x740c
SHELL32.dll!SHAssocEnumHandlers+0x73a4
SHELL32.dll!SHCreateShellItemArray+0x555
SHELL32.dll!SHAssocEnumHandlers+0x7fa0
PROPSYS.dll!Ordinal407+0x1504
PROPSYS.dll!Ordinal407+0xc28
PROPSYS.dll!Ordinal407+0xc43
PROPSYS.dll!Ordinal416+0x58a
PROPSYS.dll!Ordinal416+0x78d
SHELL32.dll!SHSetLocalizedName+0x159e
SHELL32.dll!SHSetLocalizedName+0x1545
SHELL32.dll!SHSetLocalizedName+0x1aae
SHELL32.dll!SHSetLocalizedName+0x1a0b
SHELL32.dll!SHSetLocalizedName+0x426b
SHELL32.dll!SHSetLocalizedName+0x41ad
SHELL32.dll!StrCmpNIW+0x26a3
SHELL32.dll!StrCmpNIW+0x2454
SHELL32.dll!SHSetLocalizedName+0x1981
SHELL32.dll!SHSetLocalizedName+0x13d8
SHELL32.dll!StrCmpNIW+0x2b0d
SHELL32.dll!StrCmpNIW+0x33f4
SHELL32.dll!StrCmpNIW+0x30f8
SHLWAPI.dll!PathIsRootW+0x195
kernel32.dll!BaseThreadInitThunk+0xd
ntdll.dll!RtlUserThreadStart+0x21
I tried lot of different things wothout success.
I I kill hte process and restart it with a Run \ explorer.exe, the problem comes back after some time (extimated to 20 minutes in average)

Thanks for your help
0
havette
Asked:
havette
4 Solutions
 
mgonulluCommented:
Most probably you have a rootkit on your machine.
Try to run the RootKit revealer from Micrososft:
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
0
 
johnb6767Commented:
3 routes I would look at.....

1. Uninstall AVG, and retest......
2. Find this file, and please report where it resides... Might be a logitech file.....
3. Corrupted profile. Create a new user and test for the same behaviour......
0
 
McKnifeCommented:
Hi Havette!
Is the windows explorer opened or not is the most important thing.
Does it happen in safe mode as well?
Does it happen with other users?
0
 
QlemoC++ DeveloperCommented:
Looking at the stack dump I suppose it is either AVG (64bit version, might be not optimized and needing to much resources at each file access), or there is a process using explorer to open files in high frequency. I do not know of any Vista explorer part starting to act after some 20 minutes.
I would suggest to stop AVG from online scanning on read (at least), and see whether that helps.
0
 
havetteAuthor Commented:
problem is gone.
don't know why...
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now