Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe high CPU usage, probably not malware.


  • Please log in to reply
19 replies to this topic

#1 Keneedy

Keneedy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 20 September 2017 - 04:14 PM

 Hi!

Recently I realized that explorer.exe was using too much cpu, floating between 30% to even 70% of CPU's overall usage, even if nothing but explorer is open. Even if I close the explorer's windows themselves, explorer.exe runs in high percentages in background, even though I do absolutelly nothing. 

explorer.png 
(sorry, I'm brazilian so my windows it's in portuguese - also, sorry, English isn't my first language, feel free to correct me.)

So I scanned my pc with MalwareBytes, SuperAntiSpyware and even Avast Free. No malwares was found. 
Then I ran a system check inside SuperAntiSpyware and looked for potencially harmful programs, registry, rootkits, whatever. Also, I checked system's integrity with sfc /scannow, all was right.
Finally, I thought that it may be due to junk files, temp and so on, so I cleaned up with ccleaner, and although it deleted like 8gb, nothing changed in explorer's performance. All was right, except explorer's performance.

So I downloaded microsoft's Process Explorer to explore what the heck was using it, and found that the highest cpu's consuming threads, like 99% of the high cpu usage we see in explorer's cpu's usage, it's this Audioses.DLL+0x1141b0. 

ZOF4RyB.png

I scanned audioses.dll in virustotal, nothing was found. Also scanned my explorer.exe in virustotal and nothing still. 

Now I don't know what to do. Searched online for solutions and couldn't find any, strange, I thought, given that so many people seems to be with the same problem. 

I also created a minidump file of explorer.exe, thought it may be useful.

Don't know when this started, but it's been a while already, like several days.

So... anyone please help?

 

Edited by Keneedy, 21 September 2017 - 12:38 AM.


BC AdBot (Login to Remove)

 


#2 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:10 AM

Posted 20 September 2017 - 04:34 PM

Install latest version of device drivers and let us know issue resolves.

 

 

 

"Windows 7 DLL File Information - AudioSes.dl"

https://www.win7dll.info/audioses_dll.html


Posted Image


#3 Keneedy

Keneedy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 October 2017 - 01:47 PM

Thanks for the reply and sorry for my delay.
I installed the latest update to my sound drivers, but nothing changed. AUDIOSES.DLL keeps sucking my cpu power.
rS0p934.png


When I double-click audioses.dll, it appears this list of threads:

AUDIOSES.DLL+0x2a0cd
AUDIOSES.DLL+0x2a507
AUDIOSES.DLL+0xad1b
AUDIOSES.DLL+0xa766b
AUDIOSES.DLL+0x114538
AUDIOSES.DLL+0x114241
KERNEL32.DLL!BaseThreadInitThunk+0x14
ntdll.dll!RtlUserThreadStart+0x21




Also, Something I find rather odd about this high cpu usage specifically is that whenever I'm using cpu power for whatever I'm using it, Explorer drops down its cpu usage instead of adding up...

So it always keeps the total cpu usage at average 60%... it feeds on idle processing power.



#4 Keneedy

Keneedy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 October 2017 - 01:49 PM

I went to look which program was using audioses.dll and found this. It was listed two times in process explorer... 

8RraYTH.png 
Strangely, in resources monitor I found this AudioSes.dll.mui associated with chrome.exe PID 8672.
AITOyXY.png 

So I went to look what else was associated with this chrome.exe PID 8672, and about a hundred dll's are associated with it. Is this normal?
3PqFLQi.png


Hope this is normal... 



#5 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:10 AM

Posted 22 October 2017 - 02:46 PM

Boot your computer into Safe Mode and let us know issue resolves within Safe Mode.


Posted Image


#6 Keneedy

Keneedy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 October 2017 - 04:00 PM

What? Can someone alive please help me? 



#7 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:10 AM

Posted 22 October 2017 - 04:19 PM

I wonder what part of my last post you have not understand?


Posted Image


#8 Keneedy

Keneedy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 October 2017 - 04:27 PM

I'm sorry, but are you a bot?

What should i do in Safe Mode?
I've already tried going in Safe Mode, and the problem persists. I tried scanning system integrity as an administrator, in and out of safe mode. Couldn't fix.

 

 

If you're not a bot, sorry for my previous reply, i'm really directionless on this and needing actual help.



#9 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:10 AM

Posted 22 October 2017 - 04:36 PM

@Keneedy #6

 

I was about to post a reply giving advice on how to get into Safe Mode when your #8 appeared. 

 

You make the point in your opening post that English is not your first language. Neither is it Freebooter's, and as far as I know he doesn't speak Portugese either. Remember that we all have to make allowances for the fact the BC is a very international forum with members from all round the world. Freebooter is generally well informed but his responses tend to asssume a higher level of technical knowledge than is sometimes the case and are sometimes lacking in detail. But he is definitely not a bot !

 

I will give this 24 hours then, if necessary, see if I can find a second opinion.

 

Chris Cosgrove



#10 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:10 AM

Posted 22 October 2017 - 04:37 PM

You never mention that you have tried Safe Mode or tried new user account.


Posted Image


#11 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:10 AM

Posted 22 October 2017 - 04:39 PM

@Keneedy #6

 

I was about to post a reply giving advice on how to get into Safe Mode when your #8 appeared. 

 

You make the point in your opening post that English is not your first language. Neither is it Freebooter's, and as far as I know he doesn't speak Portugese either. Remember that we all have to make allowances for the fact the BC is a very international forum with members from all round the world. Freebooter is generally well informed but his responses tend to asssume a higher level of technical knowledge than is sometimes the case and are sometimes lacking in detail. But he is definitely not a bot !

 

I will give this 24 hours then, if necessary, see if I can find a second opinion.

 

Chris Cosgrove

Thank you Chris!


Posted Image


#12 Keneedy

Keneedy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 October 2017 - 05:01 PM

I'm so sorry, FreeBooter.

When i saw your second reply and found it somewhat similar to the first one, i thought you were a bot, and i also misinterpreted your nickname. It is absolutely not my intention to offend anyone here, i just got a little nervous when i thought he was a bot, and for that, i'm so sorry. 


I don't practice english very much, so its not very clear to me how to express feelings and so on. If i sounded hostile, please forgive me, it was not my intention. 


And you're right, i didn't mentioned i tried in Safe Mode here, i confused this post with others in other forums. Sorry.
I'll try again in safe mode, given the driver updating perhaps something changed, and i'll post again in a couple minutes.


Hope you guys understand and forgive me.



#13 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:10 AM

Posted 22 October 2017 - 05:21 PM

Thank you very much Keneedy!

 

My english isn't that good as well because of this i try to make my instructions little as possible if you don't understand me please let me know.

 

If Safe Mode does not resolves the problem we will use a utility to disable third-party shell extension.


Posted Image


#14 Keneedy

Keneedy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 October 2017 - 05:41 PM

Wow. 

Now in Safe Mode it is at regular levels. 
1DYcqUp.png

But when i go back to normal mode, the problem returns.

2kDrD8u.png



#15 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:10 AM

Posted 22 October 2017 - 05:48 PM

That is good now we know third-party startup program or service causing the problem.

 

I would like to have you run a Clean Boot.

How to perform a Clean Boot.

Warning: Disabling items in Services or Startup may leave your anitivirus disabled until the process is ended. For this reason I would suggest that you perform this process off line.

Press the 7W6b39o.png keys to open Run, then type msconfig in the search box. This will open System Configuration.

If you are prompted for an administrator password or for confirmation, you should enter the password or provide confirmation.

(1) Click/tap on the General tab.

(2) Click/tap on the Selective startup option.

(3) Remove the check mark in the Load startup items check box.

0JgaJnG.png

4. Click on the Services tab.

5. Place a check mark in the Hide all Microsoft services check box, this will remove the Microsoft Services from the list but will still be running.

6. Click Disable all, this will remove all of the check marks in the Services list.

yIKrmLs.png

7. Click on Apply then OK

ljHR4ZW.png

Click on Restart in the window that opens.

When the computer is restarted it will boot normally.

If the problem does not continue after the restart please do the following.

8. Divide the number of these services by two and you place checks in the first half of these, then restart the computer.

9. If the problem doesn't return in those services remove the checks and place checks in the remaining services and restart the computer.

10. When you find which half the service is in go on to the next step.

11. The half which has the service causing this problem remove half of the checks as you did previously to see which half has this service. Restart the computer.

12. If it isn't in the first half of these services, do the same with the last half of the services.

13. Once you have narrowed it down to the last three or four services remove the checks one at a time till you find the service at fault.

Once you have found the service post it in your topic. Do not take any action until I suggest the next step.


Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users