2
1
I'm running Windows 10 Pro 1903 (18362.418) on an Acer A515-51G-72DB laptop. The only thing I think is interacting with explorer.exe is ClassicStartMenu.
I'm not sure when was the starting point, but recently, explorer.exe started showing the behavior above to the point that I have to keep killing the process every 15 minutes or so for Windows to remain usable. Also this only happens when an explorer window is open.
I did follow the steps described HERE to generate and analyze an ETL file with Windows Performance Toolkit (results below), but I don't know what to do with my findings.
Here's the output (filtered to explorer.exe) as raw data (sorted by Weight%), screenshots (1), (2), (3) and WPAPK:
Line #, Process, Stack, Function, Count, Weight (in view) (ms), TimeStamp (s), % Weight
1, explorer.exe (8212), , , 32667, 32.501,176802, , 4,97
2, , n/a, , 16348, 16.260,730167, , 2,49
3, , [Root], , 16319, 16.240,446635, , 2,48
4, , |- ntdll.dll!RtlUserThreadStart, , 16240, 16.161,338732, , 2,47
5, , | kernel32.dll!BaseThreadInitThunk, , 16240, 16.161,338732, , 2,47
6, , | |- SHCore.dll!_WrapperThreadProc, , 12829, 12.776,373921, , 1,95
7, , | | |- shell32.dll!CChangeNotify::s_ThreadProc, , 11462, 11.413,706151, , 1,75
8, , | | | shell32.dll!CChangeNotify::_MessagePump, , 11462, 11.413,706151, , 1,75
9, , | | | |- user32.dll!DispatchMessageWorker, , 11319, 11.271,266149, , 1,72
10, , | | | | user32.dll!UserCallWinProcCheckWow, , 11319, 11.271,266149, , 1,72
11, , | | | | shell32.dll!CChangeNotify::s_WndProc, , 11319, 11.271,266149, , 1,72
12, , | | | | |- shell32.dll!CAnyAlias::v_SendNotification, , 10832, 10.785,277243, , 1,65
13, , | | | | | |- shell32.dll!ReparseRelativeIDListInternal, , 6437, 6.411,484738, , 0,98
14, , | | | | | | |- shell32.dll!CFolderShortcut::ParseDisplayName, , 2144, 2.134,065200, , 0,33
15, , | | | | | | | |- windows.storage.dll!CRegFolder::ParseDisplayName, , 2055, 2.045,744996, , 0,31
16, , | | | | | | | | |- windows.storage.dll!CKnownFoldersFolder::ParseDisplayName, , 1624, 1.615,865696, , 0,25
17, , | | | | | | | | | |- windows.storage.dll!CKnownFoldersFolder::_EnumFolders, , 1390, 1.383,063595, , 0,21
18, , | | | | | | | | | | |- windows.storage.dll!CKnownFoldersFilter::ShouldShowKnownFolder, , 772, 767,444117, , 0,12
19, , | | | | | | | | | | | |- windows.storage.dll!CKnownFoldersFilter::IsKnownFolderSetByPolicy, , 649, 644,714715, , 0,10
20, , | | | | | | | | | | | | |- windows.storage.dll!kfapi::GetFolderRedirectionCapabilities, , 648, 643,714715, , 0,10
21, , | | | | | | | | | | | | | |- windows.storage.dll!CLastStateKeeper::Init, , 335, 333,309012, , 0,05
22, , | | | | | | | | | | | | | | |- windows.storage.dll!CLastStateKeeper::IsTSAsyncLogonPolicyEnabled, , 145, 144,057300, , 0,02
23, , | | | | | | | | | | | | | | | |- windows.storage.dll!CLastStateKeeper::_IsVDIRoleInstalled, , 110, 109,361699, , 0,02
24, , | | | | | | | | | | | | | | | | |- KernelBase.dll!RegOpenKeyExW, , 70, 69,818499, , 0,01
25, , | | | | | | | | | | | | | | | | | KernelBase.dll!RegOpenKeyExInternalW, , 70, 69,818499, , 0,01
26, , | | | | | | | | | | | | | | | | | |- KernelBase.dll!LocalBaseRegOpenKey, , 69, 68,818699, , 0,01
27, , | | | | | | | | | | | | | | | | | | |- ntdll.dll!ZwOpenKeyEx, , 55, 54,645398, , 0,01
28, , | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiSystemServiceCopyEnd, , 48, 47,674998, , 0,01
29, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!NtOpenKeyEx, , 48, 47,674998, , 0,01
30, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!CmOpenKey, , 48, 47,674998, , 0,01
31, , | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ObOpenObjectByName, , 47, 46,668899, , 0,01
32, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!ObOpenObjectByNameEx, , 47, 46,668899, , 0,01
33, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ObpLookupObjectName, , 35, 34,627699, , 0,01
34, , | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpParseKey, , 33, 32,668099, , 0,00
35, , | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpDoParseKey, , 31, 30,769798, , 0,00
36, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpPerformCompleteKcbCacheLookup, , 14, 13,800897, , 0,00
37, , | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpPerformCompleteKcbCacheLookup<itself>, CmpPerformCompleteKcbCacheLookup, 12, 11,801598, , 0,00
38, , | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ExReleasePushLockEx, ExReleasePushLockEx, 1, 0,999700, 2.110,246868500, 0,00
39, , | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ExAcquirePushLockSharedEx, ExAcquirePushLockSharedEx, 1, 0,999599, 2.164,792446299, 0,00
40, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpCheckOpenAccessOnKeyBody, , 6, 5,989800, , 0,00
41, , | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!SeAccessCheck, , 2, 1,999700, , 0,00
42, , | | | | | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!AdminlessTelemetryEnabled, , 2, 1,999700, , 0,00
43, , | | | | | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!SeCodeIntegrityQueryPolicyInformation, , 2, 1,999700, , 0,00
44, , | | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!_guard_dispatch_icall, _guard_dispatch_icall, 1, 0,999900, 2.147,543414400, 0,00
45, , | | | | | | | | | | | | | | | | | | | | | | | | | | |- CI.dll!CipQueryPolicyInformation, , 1, 0,999800, , 0,00
46, , | | | | | | | | | | | | | | | | | | | | | | | | | | | CI.dll!SIPolicyQueryPolicyInformation, , 1, 0,999800, , 0,00
47, , | | | | | | | | | | | | | | | | | | | | | | | | | | | , SIPolicyQueryPolicyInformation, 1, 0,999800, 2.123,418773900, 0,00
48, , | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ExReleaseResourceLite, , 2, 1,998800, , 0,00
49, , | | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ExReleaseResourceLite<itself>, ExReleaseResourceLite, 1, 0,999600, 2.111,632910600, 0,00
50, , | | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ExpReleaseResourceSharedForThreadLite, ExpReleaseResourceSharedForThreadLite, 1, 0,999200, 2.111,511848600, 0,00
51, , | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!SeOpenObjectAuditAlarmWithTransaction, SeOpenObjectAuditAlarmWithTransaction, 1, 0,999900, 2.154,097251400, 0,00
52, , | | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpCheckOpenAccessOnKeyBody<itself>, CmpCheckOpenAccessOnKeyBody, 1, 0,991400, 2.109,145310700, 0,00
53, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpDereferenceKeyControlBlock, CmpDereferenceKeyControlBlock, 2, 2,081600, , 0,00
54, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpComputeComponentHashes, CmpComputeComponentHashes, 2, 1,898401, , 0,00
55, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpLockRegistry, , 1, 1,012500, , 0,00
56, , | | | | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!ExAcquireResourceSharedLite, , 1, 1,012500, , 0,00
57, , | | | | | | | | | | | | | | | | | | | | | | | | | , ExAcquireResourceSharedLite, 1, 1,012500, 2.140,612770600, 0,00
58, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpLockKcbStackShared, CmpLockKcbStackShared, 1, 1,000100, 2.140,605104100, 0,00
59, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpUnlockKcb, , 1, 1,000000, , 0,00
60, , | | | | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!ExReleasePushLockEx, , 1, 1,000000, , 0,00
61, , | | | | | | | | | | | | | | | | | | | | | | | | | , ExReleasePushLockEx, 1, 1,000000, 2.127,105902200, 0,00
62, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpCreateKeyBody, , 1, 0,999800, , 0,00
63, , | | | | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!ObpAllocateObject, , 1, 0,999800, , 0,00
64, , | | | | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!ExAllocatePoolWithTag, , 1, 0,999800, , 0,00
65, , | | | | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!ExAllocateHeapPool, , 1, 0,999800, , 0,00
66, , | | | | | | | | | | | | | | | | | | | | | | | | | , ExAllocateHeapPool, 1, 0,999800, 2.115,067369600, 0,00
67, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpRecordParseStartingKcb, CmpRecordParseStartingKcb, 1, 0,999700, 2.160,912023700, 0,00
68, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpUnlockHashEntryByKcb, , 1, 0,999600, , 0,00
69, , | | | | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!ExReleasePushLockEx, , 1, 0,999600, , 0,00
70, , | | | | | | | | | | | | | | | | | | | | | | | | | , ExReleasePushLockEx, 1, 0,999600, 2.132,724940400, 0,00
71, , | | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpDoParseKey<itself>, CmpDoParseKey, 1, 0,987400, 2.158,108737100, 0,00
72, , | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpCallCallBacksEx, , 1, 1,000101, , 0,00
73, , | | | | | | | | | | | | | | | | | | | | | | | | WdFilter.sys!<PDB not found>, , 1, 1,000101, , 0,00
74, , | | | | | | | | | | | | | | | | | | | | | | | | , ?, 1, 1,000101, 2.141,272666100, 0,00
75, , | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpParseKey<itself>, CmpParseKey, 1, 0,898200, 2.145,898431800, 0,00
76, , | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!SeAccessCheckWithHint, , 2, 1,959600, , 0,00
77, , | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!SeCodeIntegrityQueryPolicyInformation, , 1, 0,999200, , 0,00
78, , | | | | | | | | | | | | | | | | | | | | | | | | CI.dll!CipQueryPolicyInformation, , 1, 0,999200, , 0,00
79, , | | | | | | | | | | | | | | | | | | | | | | | | CI.dll!SIPolicyQueryPolicyInformation, , 1, 0,999200, , 0,00
80, , | | | | | | | | | | | | | | | | | | | | | | | | CI.dll!SIPolicyQueryWindowsLockdownMode, , 1, 0,999200, , 0,00
81, , | | | | | | | | | | | | | | | | | | | | | | | | CI.dll!SIPolicyIsPolicyActive, , 1, 0,999200, , 0,00
82, , | | | | | | | | | | | | | | | | | | | | | | | | , SIPolicyIsPolicyActive, 1, 0,999200, 2.118,200509499, 0,00
83, , | | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!SeAccessCheckWithHintWithAdminlessChecks, SeAccessCheckWithHintWithAdminlessChecks, 1, 0,960400, 2.145,237391800, 0,00
84, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!SepCreateAccessStateFromSubjectContext, SepCreateAccessStateFromSubjectContext, 3, 2,999199, , 0,00
85, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ObpCreateHandle, , 3, 2,994001, , 0,00
86, , | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ObpIncrementHandleCountEx, , 1, 1,008701, , 0,00
87, , | | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!ExAcquirePushLockExclusiveEx, , 1, 1,008701, , 0,00
88, , | | | | | | | | | | | | | | | | | | | | | | | , ExAcquirePushLockExclusiveEx, 1, 1,008701, 2.160,897378200, 0,00
89, , | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ObpCreateHandle<itself>, ObpCreateHandle, 1, 1,000400, 2.117,312571800, 0,00
90, , | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ExAcquirePushLockExclusiveEx, ExAcquirePushLockExclusiveEx, 1, 0,984900, 2.162,383767800, 0,00
91, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ExpInterlockedPopEntrySListEnd, ExpInterlockedPopEntrySListEnd, 2, 1,999700, , 0,00
92, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ObOpenObjectByNameEx<itself>, ObOpenObjectByNameEx, 2, 1,998500, , 0,00
93, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!SepDeleteAccessState, SepDeleteAccessState, 1, 1,049600, 2.109,194289800, 0,00
94, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!SeSetLearningModeObjectInformation, SeSetLearningModeObjectInformation, 1, 1,000200, 2.162,292804200, 0,00
95, , | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpReleaseShutdownRundown, , 1, 1,006099, , 0,00
96, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!KiLeaveCriticalRegionUnsafe, , 1, 1,006099, , 0,00
97, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!KiCheckForKernelApcDelivery, , 1, 1,006099, , 0,00
98, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!KiDeliverApc, , 1, 1,006099, , 0,00
99, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!EtwpStackWalkApc, , 1, 1,006099, , 0,00
100, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!EtwpTraceStackWalk, , 1, 1,006099, , 0,00
101, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!RtlWalkFrameChain, , 1, 1,006099, , 0,00
102, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!RtlpWalkFrameChain, , 1, 1,006099, , 0,00
103, , | | | | | | | | | | | | | | | | | | | | | , RtlpWalkFrameChain, 1, 1,006099, 2.165,101546299, 0,00
104, , | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiSystemServiceUser, KiSystemServiceUser, 3, 2,989499, , 0,00
105, , | | | | | | | | | | | | | | | | | | | |- ntdll.dll!ZwOpenKeyEx<itself>, ZwOpenKeyEx, 3, 2,981201, , 0,00
106, , | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiSystemServiceExit, KiSystemServiceExit, 1, 0,999700, 2.143,828675599, 0,00
107, , | | | | | | | | | | | | | | | | | | |- KernelBase.dll!ConstructKernelKeyPath, , 14, 14,173301, , 0,00
108, , | | | | | | | | | | | | | | | | | | | ntdll.dll!NtQueryKey, , 14, 14,173301, , 0,00
109, , | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiSystemServiceCopyEnd, , 6, 6,057602, , 0,00
110, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!NtQueryKey, , 6, 6,057602, , 0,00
111, , | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpCallCallBacksEx, , 3, 3,070602, , 0,00
112, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpCallCallBacksEx<itself>, CmpCallCallBacksEx, 2, 2,070701, , 0,00
113, , | | | | | | | | | | | | | | | | | | | | | |- WdFilter.sys!<PDB not found>, ?, 1, 0,999901, 2.111,836947000, 0,00
114, , | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ObReferenceObjectByHandle, , 2, 1,999000, , 0,00
115, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!ObpReferenceObjectByHandleWithTag, , 2, 1,999000, , 0,00
116, , | | | | | | | | | | | | | | | | | | | | | , ObpReferenceObjectByHandleWithTag, 2, 1,999000, , 0,00
117, , | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ExAcquireRundownProtection, ExAcquireRundownProtection, 1, 0,988000, 2.110,153867400, 0,00
118, , | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiSystemServiceUser, KiSystemServiceUser, 4, 4,045300, , 0,00
119, , | | | | | | | | | | | | | | | | | | | |- ntdll.dll!NtQueryKey<itself>, NtQueryKey, 2, 2,070999, , 0,00
120, , | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiSystemServiceStart, KiSystemServiceStart, 1, 0,999900, 2.153,496947400, 0,00
121, , | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiDpcInterrupt, , 1, 0,999500, , 0,00
122, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!KxDispatchInterrupt, , 1, 0,999500, , 0,00
123, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!SwapContext, , 1, 0,999500, , 0,00
124, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!EtwTraceContextSwap, , 1, 0,999500, , 0,00
125, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!EtwpLogContextSwapEvent, , 1, 0,999500, , 0,00
126, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!EtwpStackTraceDispatcher, , 1, 0,999500, , 0,00
127, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!EtwpTraceStackWalk, , 1, 0,999500, , 0,00
128, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!RtlWalkFrameChain, , 1, 0,999500, , 0,00
129, , | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!RtlpWalkFrameChain, , 1, 0,999500, , 0,00
130, , | | | | | | | | | | | | | | | | | | | | , RtlpWalkFrameChain, 1, 0,999500, 2.158,223313600, 0,00
131, , | | | | | | | | | | | | | | | | | |- KernelBase.dll!RegOpenKeyExInternalW<itself>, RegOpenKeyExInternalW, 1, 0,999800, 2.154,278650500, 0,00
132, , | | | | | | | | | | | | | | | | |- KernelBase.dll!RegQueryValueExW, , 29, 28,654801, , 0,00
133, , | | | | | | | | | | | | | | | | | KernelBase.dll!LocalBaseRegQueryValue, , 29, 28,654801, , 0,00
134, , | | | | | | | | | | | | | | | | | |- ntdll.dll!ZwQueryValueKey, , 27, 26,654702, , 0,00
135, , | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiSystemServiceCopyEnd, , 22, 21,655303, , 0,00
136, , | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!NtQueryValueKey, , 21, 20,749203, , 0,00
137, , | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmQueryValueKey, , 11, 10,937601, , 0,00
138, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpAttachToRegistryProcess, , 5, 5,050100, , 0,00
139, , | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!KiStackAttachProcess, , 5, 5,050100, , 0,00
140, , | | | | | | | | | | | | | | | | | | | | | | , KiStackAttachProcess, 5, 5,050100, , 0,00
141, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpDetachFromRegistryProcess, , 3, 2,886999, , 0,00
142, , | | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!KiUnstackDetachProcess, , 3, 2,886999, , 0,00
143, , | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiUnstackDetachProcess<itself>, KiUnstackDetachProcess, 2, 2,001100, , 0,00
144, , | | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!KiMoveApcState, KiMoveApcState, 1, 0,885899, 2.112,045007099, 0,00
145, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpLockRegistry, CmpLockRegistry, 2, 2,000402, , 0,00
146, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmQueryValueKey<itself>, CmQueryValueKey, 1, 1,000100, 2.123,979445900, 0,00
147, , | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpCallCallBacks, , 2, 1,998201, , 0,00
148, , | | | | | | | | | | | | | | | | | | | | | ntoskrnl.exe!CmpCallCallBacksEx, , 2, 1,998201, , 0,00
149, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmpCallCallBacksEx<itself>, CmpCallCallBacksEx, 1, 1,000400, 2.115,535365800, 0,00
150, , | | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!ExpInterlockedPopEntrySListEnd, ExpInterlockedPopEntrySListEnd, 1, 0,997801, 2.112,055010500, 0,00
151, , | | | | | | | | | | | | | | | | | | | | |- ntoskrnl.exe!CmPostCallbackNotification, , 2, 1,993000, , 0,00
---------------------------CROPPED---------------------------
Also here's what Sysinternals' Process Explorer gives as "Starting Adress" when looking at Properties>Threads in explorer.exe for the thread with highest CPU usage:
shcore.dll!Ordinal172+0x30
My guess is that this "Ordinal172" is key to the solution, as I have stumbled upon similar questions, but with other Ordinals.
Fabio Freitas
Posted 2019-11-15T13:30:40.937
Reputation: 21