0
I'm using Windows 10.0.17134.228.
Recently my explorer.exe started spiking CPU usage up to 100%. Restarting the process seems to temporarily fix the problem.
I've scanned my pc with MBAM and Windows Defender and nothing was found. I decided to have a look at what is happening with Process Monitor and it seems like explorer.exe is spam accessing a few registry keys.
The keys in question are:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\AllowedEnumeration => Name not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer => Success
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server => Success
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\RDVirtualizationPool => Name not found
Because I saw "terminal server" I was scared maybe someone is trying to spam his way into my computer (remote desktop?) but I've already disabled that. Using a VPN changes nothing. I'm being a hardware firewall with no ports forwarded.
I've ran SFC /SCANNNOW (no results) and SIGVERIF (all good).
Does anyone have an idea about what is happening?
kwantuM
Posted 2018-09-04T20:07:07.083
Reputation: 101
Can you download and run Process Explorer from Sysinternals/Microsoft - Bring up the Properties of explore.exe and look at the Threads tab and sort by CPU. If you look at the stacks of the threads at the top, any interesting modules?
Otherwise, the next step might be to get Procdump, also Sysinternals, and create a series of dump files. Say 3, 5 seconds apart. e.g. procdump -ma explore.exe. Then use Windbg (Debugging Tools for Windows and part of the SDK). Load them all in and run !runaway on each to see the thread in question consuming CPU. Then look at the stacks of them. – HelpingHand – 2018-09-04T21:06:41.990