1

Windows 7 64bit.

I am using ProcessExplorer from Sysinternals, and it says, that the offending call is

ntdll.dll!RtlValidateHeap+0x170

however, the call stack towards the entry is always different, so it's hard for me to track the problem. Maybe it's a mal-programed trojan, causing exceptions in Explorer.exe, but that is only a wild speculation.

Explorer.exe is then consuming 25% (a core on a dual core). Killing the process makes the task bar go away, respawning from task manager, and half a minute later it's again eating all CPU cycles.

EEAA
  • 108,414
  • 18
  • 172
  • 242
JohnDoe
  • 111
  • 1
  • 4
  • I suspect a DLL that isn't releasing resources for some reason. What plugins do you have installed? –  Sep 16 '12 at 18:29
  • 1
    It's most likely a shell extension. You can use [autoruns](http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) to identify all shell extensions. – David Schwartz Sep 16 '12 at 21:39

1 Answers1

1

Use SysInternal's sister program, Process Monitor, to see what it's actually doing.

Simon Catlin
  • 5,222
  • 3
  • 16
  • 20