Vista, Process Monitor: How can I find the reason of a steady CreateFile/CloseFile ?

albert39

Member
Situation: Vista Home Basic, blocked because CPU ist runnung with 100% and explorer.exe with >90% with path to C:\programs. HiJackThis shows no infection. (Thanks to Niemiro).
Process Explorer shows in explorer.exe --> Properties --> Threads 2 to 3 ntdll.dll with >90.000.000 Cycles Delta and SHLWAPI.dll with >1.000.000 Cycles Delta. When I suspend the ntdll.dll, the Windows Explorer behaves normal until to the next system start.

The Process Monitor shows a continous CreateFile/CloseFile in the explorer.exe with the path C:\programs.

My request to the experts in this group:
How can I find the program or the procedure starting this CreateFile/CloseFile ?

(Deactivating all services, all startup programs and the AVAST does not help, but in Safety Mode all is o.k.)

Thanks for your help

Albert
 

My Computer

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Re: Vista, Process Monitor: How can I find the reason of a steady CreateFile/CloseFil

Thank you Richard.

Start with a full antivirus scan. Make sure you update first
Download and run malwarebytes at full scan
No malware found (with AVAST Internet Security, full scan)

Even with all services and start programs disabled, the CPU remains 100%.

Are you using
Shell Light-weight Utility Library
That is the cause of shwalp
Is obviously integrated in Vista Home Basic.

handles ony error messages, caused by ntdll.dll. In my case, ntdll.dll causes no error message, it will be called (or activated) by an unknown process continuously.

And my question was: How can I find this process and the parents (the applikation) of this process ?

Albert
 
Last edited:

My Computer

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Re: Vista, Process Monitor: How can I find the reason of a steady CreateFile/CloseFil

Hi Richard!

It is the laptop of a friend, not mine.

It seems the problem (100% CPU because of a crazy explorer.exe) appears very often. I found in different foren many different suggestions and I tried some of them (but of course not a new installation).
This one worked: Explorer.exe using 100% of my Windows Vista PC

and this discussion led me to process explorer and process monitor:

100 % CPU load in Explorer.Exe - SHLWAPI.dll!Ordinal629+0x161

I understand the difference between removing a symptom and real solution. My method removed the symptom and you tried obviously to go to the basics of the problem.
But after 3 days (unpaid) work I was pleased to get this laptop running again, anyhow.

I looked at autoruns and found that it is a powerful tool which could have helped us to find my actual problem. However, I have put it in my toolbox.

Many thanks for your help

Albert
 

My Computer

Back
Top