Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe 50%+ CPU useage after opening anything


  • Please log in to reply
5 replies to this topic

#1 begone77

begone77

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 30 September 2010 - 05:19 PM

I downloaded a program called Process Monitor to see what it was doing and this is what it pulled up.


5:00:00.9700712 PM Explorer.EXE 356 CloseFile C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe SUCCESS
5:00:00.9701068 PM Explorer.EXE 356 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\ElevationRequired NAME NOT FOUND Length: 144
5:00:00.9701272 PM Explorer.EXE 356 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{C1E99D5B-A0A3-426C-AE4D-13D3363A9393}\GDFVersion NAME NOT FOUND Length: 144
5:00:00.9702593 PM Explorer.EXE 356 CreateFile C:\ProgramData NAME COLLISION Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
5:00:00.9704449 PM Explorer.EXE 356 CreateFile C:\ProgramData SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
5:00:00.9704650 PM Explorer.EXE 356 QueryBasicInformationFile C:\ProgramData SUCCESS CreationTime: 7/13/2009 7:37:05 PM, LastAccessTime: 9/30/2010 12:28:46 PM, LastWriteTime: 9/30/2010 12:28:46 PM, ChangeTime: 9/30/2010 2:38:07 PM, FileAttributes: HDNCI
5:00:00.9704737 PM Explorer.EXE 356 CloseFile C:\ProgramData SUCCESS
5:00:00.9705945 PM Explorer.EXE 356 CreateFile C:\ProgramData\Microsoft\Windows\GameExplorer NAME COLLISION Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
5:00:00.9707854 PM Explorer.EXE 356 CreateFile C:\ProgramData\Microsoft\Windows\GameExplorer SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
5:00:00.9708078 PM Explorer.EXE 356 QueryBasicInformationFile C:\ProgramData\Microsoft\Windows\GameExplorer SUCCESS CreationTime: 7/13/2009 7:37:05 PM, LastAccessTime: 8/18/2010 2:08:16 PM, LastWriteTime: 8/18/2010 2:08:16 PM, ChangeTime: 9/30/2010 2:42:34 PM, FileAttributes: DNCI
5:00:00.9708161 PM Explorer.EXE 356 CloseFile C:\ProgramData\Microsoft\Windows\GameExplorer SUCCESS
5:00:00.9715648 PM Explorer.EXE 356 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:00:00.9715944 PM Explorer.EXE 356 RegQueryKey HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness SUCCESS Query: Cached, SubKeys: 0, Values: 0
5:00:00.9716706 PM Explorer.EXE 356 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:00:00.9720812 PM Explorer.EXE 356 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:00:00.9720954 PM Explorer.EXE 356 RegQueryKey HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness SUCCESS Query: Cached, SubKeys: 0, Values: 0
5:00:00.9721429 PM Explorer.EXE 356 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0




then it just repeats



5:07:57.0386732 PM Explorer.EXE 356 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:07:57.0386874 PM Explorer.EXE 356 RegQueryKey HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness SUCCESS Query: Cached, SubKeys: 0, Values: 0
5:07:57.0387340 PM Explorer.EXE 356 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:07:57.0390476 PM Explorer.EXE 356 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0

Indefinitely causing my CPU load to skyrocket.

How the heck can I disable this? Whats wrong?


Thanks for the help.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:20 PM

Posted 30 September 2010 - 05:29 PM

Are you using a modified GameUX Dll?

#3 begone77

begone77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 30 September 2010 - 05:31 PM

Are you using a modified GameUX Dll?


Not that I'm aware of, I can open anything and it will start to reproduce that process.

One sec and Ill open something else and post log.

#4 begone77

begone77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 30 September 2010 - 05:44 PM

I ended the explorer.exe process manually and restarted it, I tried opening some folders but nothing, then I tried to open a game from the desktop.

5:39:39.5986419 PM rundll32.exe 1696 RegOpenKey HKLM\System\CurrentControlSet\Services\DnsCache\Parameters REPARSE Desired Access: Read
5:39:39.5986524 PM rundll32.exe 1696 RegOpenKey HKLM\System\CurrentControlSet\Services\DnsCache\Parameters SUCCESS Desired Access: Read
5:39:39.5986651 PM rundll32.exe 1696 RegOpenKey HKLM\Software\Policies\Microsoft\Windows NT\DnsClient NAME NOT FOUND Desired Access: Read
5:39:39.5986760 PM rundll32.exe 1696 RegOpenKey HKLM\Software\Policies\Microsoft\System\DNSClient NAME NOT FOUND Desired Access: Query Value
5:39:39.5986912 PM rundll32.exe 1696 RegQueryValue HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain SUCCESS Type: REG_SZ, Length: 2, Data:
5:39:39.5987030 PM rundll32.exe 1696 RegQueryValue HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Domain SUCCESS Type: REG_SZ, Length: 2, Data:
5:39:39.5987157 PM rundll32.exe 1696 RegCloseKey HKLM\System\CurrentControlSet\services\Tcpip\Parameters SUCCESS
5:39:39.5987224 PM rundll32.exe 1696 RegCloseKey HKLM\System\CurrentControlSet\services\Dnscache\Parameters SUCCESS
5:39:39.6002439 PM rundll32.exe 1696 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:39:39.6002764 PM rundll32.exe 1696 RegQueryKey HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness SUCCESS Query: Cached, SubKeys: 0, Values: 0
5:39:39.6003488 PM rundll32.exe 1696 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:39:39.6007524 PM rundll32.exe 1696 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:39:39.6007667 PM rundll32.exe 1696 RegQueryKey HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness SUCCESS Query: Cached, SubKeys: 0, Values: 0
5:39:39.6008148 PM rundll32.exe 1696 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:39:39.6011353 PM rundll32.exe 1696 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:39:39.6011488 PM rundll32.exe 1696 RegQueryKey HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness SUCCESS Query: Cached, SubKeys: 0, Values: 0
5:39:39.6011944 PM rundll32.exe 1696 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0
5:39:39.6015139 PM rundll32.exe 1696 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial SUCCESS Type: REG_DWORD, Length: 4, Data: 0


now its the rundll32.exe?

Edited by begone77, 30 September 2010 - 05:50 PM.


#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:20 PM

Posted 30 September 2010 - 05:54 PM

Lets go to your internet options via control panel and see if you have auto dial selected on the connections tab.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:20 PM

Posted 30 September 2010 - 09:47 PM

Download Process Explorer: http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users