Explorer is leaking memory and eating CPU

G

George Valkov

SYSTEM details: latest windows updates installed. Athlon XP 1700+, 1GB RAM.

I just ran out of Memory on my home PC, while compressing a two hour long
WAV file to MP3 in SoundForge 8.0d. Don't blame SoundForge, it's using
only 28MB RAM.
I received the Low Memmory error, and noticed that Explorer is eating 50% of
CPU (the other 50% were for compressing audio in SoundForge). I killed the
Explorer process and noticed that about 400MB of RAM were freed.

1. What should I do the next time? Choose debug in TaskManager to open
VisualStudio 2005 and see what code is running inside Explorer?

2. I noticed that if I kill Explorer, and work without it, the disk
performance in VirtualDubMod will be significantly better, when extracting
audio. Can you tell me of another shell?

3. I'm bored from not being able to delete or move a video file on this and
any other computer running XP. How do I prevent thumbnail preview for video
files?
 
K

Ken Zhao [MSFT]

Hello George,

Thank you for using newsgroup!

From your post, does the issue also occur in Safe Mode?

I suggest we first restart the computer in Safe Mode to see if explorer.exe
is taking up more CPU usage. Safe Mode loads a minimally protected-mode
configuration, disabling Windows device drivers and using the standard VGA
display adapter.

1. Restart the computer.
2. Keep pressing F8 key until the Windows Startup menu appears.
3. Choose the Safe Mode, and press Enter.

Note: Some third party applications and hardware devices cannot be used
during Safe Mode. You will temporarily be unable to connect to the Internet
while in Safe Mode.

Thanks & Regards,

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| From: "George Valkov" <[email protected]>
| Subject: Explorer is leaking memory and eating CPU
| Date: Sun, 24 Sep 2006 21:15:14 +0300
| Lines: 23
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| X-RFC2646: Format=Flowed; Original
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.windowsxp.general
| NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:1574564
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| SYSTEM details: latest windows updates installed. Athlon XP 1700+, 1GB
RAM.
|
| I just ran out of Memory on my home PC, while compressing a two hour long
| WAV file to MP3 in SoundForge 8.0d. Don't blame SoundForge, it's using
| only 28MB RAM.
| I received the Low Memmory error, and noticed that Explorer is eating 50%
of
| CPU (the other 50% were for compressing audio in SoundForge). I killed the
| Explorer process and noticed that about 400MB of RAM were freed.
|
| 1. What should I do the next time? Choose debug in TaskManager to open
| VisualStudio 2005 and see what code is running inside Explorer?
|
| 2. I noticed that if I kill Explorer, and work without it, the disk
| performance in VirtualDubMod will be significantly better, when extracting
| audio. Can you tell me of another shell?
|
| 3. I'm bored from not being able to delete or move a video file on this
and
| any other computer running XP. How do I prevent thumbnail preview for
video
| files?
|
|
|
|
|
 
G

George Valkov

The problem will only occure some rare times, and I assosiate it with
audio-video edditing tools or codecs. The last time only SoundForge and
VirtualDubMod was running. MPEG2 codecs are the ATI build of Cyberlink. and
AVI codec (for both video and audio) is ffdshow. It's most likely that
explorer and ffdshow don't like each other, so I'd like to disable thumbnail
preview and any other code that is trying to open AVI files in explorer,
when I select or drag them. I guess that explorer will not dispose and clean
the memory of AX controls after using them and this causes my problems.
Sooner or later, a thread may stuck infinite looping and eating memory.


"Ken Zhao [MSFT]" said:
Hello George,

Thank you for using newsgroup!

From your post, does the issue also occur in Safe Mode?

I suggest we first restart the computer in Safe Mode to see if
explorer.exe
is taking up more CPU usage. Safe Mode loads a minimally protected-mode
configuration, disabling Windows device drivers and using the standard VGA
display adapter.

1. Restart the computer.
2. Keep pressing F8 key until the Windows Startup menu appears.
3. Choose the Safe Mode, and press Enter.

Note: Some third party applications and hardware devices cannot be used
during Safe Mode. You will temporarily be unable to connect to the
Internet
while in Safe Mode.

Thanks & Regards,

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.





--------------------
| From: "George Valkov" <[email protected]>
| Subject: Explorer is leaking memory and eating CPU
| Date: Sun, 24 Sep 2006 21:15:14 +0300
| Lines: 23
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| X-RFC2646: Format=Flowed; Original
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.windowsxp.general
| NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:1574564
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| SYSTEM details: latest windows updates installed. Athlon XP 1700+, 1GB
RAM.
|
| I just ran out of Memory on my home PC, while compressing a two hour
long
| WAV file to MP3 in SoundForge 8.0d. Don't blame SoundForge, it's using
| only 28MB RAM.
| I received the Low Memmory error, and noticed that Explorer is eating
50%
of
| CPU (the other 50% were for compressing audio in SoundForge). I killed
the
| Explorer process and noticed that about 400MB of RAM were freed.
|
| 1. What should I do the next time? Choose debug in TaskManager to open
| VisualStudio 2005 and see what code is running inside Explorer?
|
| 2. I noticed that if I kill Explorer, and work without it, the disk
| performance in VirtualDubMod will be significantly better, when
extracting
| audio. Can you tell me of another shell?
|
| 3. I'm bored from not being able to delete or move a video file on this
and
| any other computer running XP. How do I prevent thumbnail preview for
video
| files?
|
|
|
|
|
Click to expand...
 
K

Ken Zhao [MSFT]

Hello George,

Thanks for your response.

Do you mean the issue only occurs when you use audio-video editing tools or
codecs?

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
| From: "George Valkov" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: Explorer is leaking memory and eating CPU
| Date: Mon, 25 Sep 2006 11:54:42 +0300
| Lines: 104
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| X-RFC2646: Format=Flowed; Original
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.windowsxp.general
| NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:1574825
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| The problem will only occure some rare times, and I assosiate it with
| audio-video edditing tools or codecs. The last time only SoundForge and
| VirtualDubMod was running. MPEG2 codecs are the ATI build of Cyberlink.
and
| AVI codec (for both video and audio) is ffdshow. It's most likely that
| explorer and ffdshow don't like each other, so I'd like to disable
thumbnail
| preview and any other code that is trying to open AVI files in explorer,
| when I select or drag them. I guess that explorer will not dispose and
clean
| the memory of AX controls after using them and this causes my problems.
| Sooner or later, a thread may stuck infinite looping and eating memory.
|
|
| | > Hello George,
| >
| > Thank you for using newsgroup!
| >
| > From your post, does the issue also occur in Safe Mode?
| >
| > I suggest we first restart the computer in Safe Mode to see if
| > explorer.exe
| > is taking up more CPU usage. Safe Mode loads a minimally protected-mode
| > configuration, disabling Windows device drivers and using the standard
VGA
| > display adapter.
| >
| > 1. Restart the computer.
| > 2. Keep pressing F8 key until the Windows Startup menu appears.
| > 3. Choose the Safe Mode, and press Enter.
| >
| > Note: Some third party applications and hardware devices cannot be used
| > during Safe Mode. You will temporarily be unable to connect to the
| > Internet
| > while in Safe Mode.
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| >
| >
| >
| > --------------------
| > | From: "George Valkov" <[email protected]>
| > | Subject: Explorer is leaking memory and eating CPU
| > | Date: Sun, 24 Sep 2006 21:15:14 +0300
| > | Lines: 23
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <[email protected]>
| > | Newsgroups: microsoft.public.windowsxp.general
| > | NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:1574564
| > | X-Tomcat-NG: microsoft.public.windowsxp.general
| > |
| > | SYSTEM details: latest windows updates installed. Athlon XP 1700+, 1GB
| > RAM.
| > |
| > | I just ran out of Memory on my home PC, while compressing a two hour
| > long
| > | WAV file to MP3 in SoundForge 8.0d. Don't blame SoundForge, it's using
| > | only 28MB RAM.
| > | I received the Low Memmory error, and noticed that Explorer is eating
| > 50%
| > of
| > | CPU (the other 50% were for compressing audio in SoundForge). I
killed
| > the
| > | Explorer process and noticed that about 400MB of RAM were freed.
| > |
| > | 1. What should I do the next time? Choose debug in TaskManager to open
| > | VisualStudio 2005 and see what code is running inside Explorer?
| > |
| > | 2. I noticed that if I kill Explorer, and work without it, the disk
| > | performance in VirtualDubMod will be significantly better, when
| > extracting
| > | audio. Can you tell me of another shell?
| > |
| > | 3. I'm bored from not being able to delete or move a video file on
this
| > and
| > | any other computer running XP. How do I prevent thumbnail preview for
| > video
| > | files?
| > |
| > |
| > |
| > |
| > |
| >
|
|
|
 
G

George Valkov

Well, I can`t think of a better reason. It is also possible that opening
media files while CPU is overloaded with other tasks like audio/video
compression causes the problem. That`s why I wanted to prevent Explorer from
opening multimedia files. I`ve set all folders` view to 'Details', so
explorer will open all multimedia files to display dimentions and duration.
This is usefull with audio-files, but consumes a lot of resources so I want
it disabled for video-files.
Tracking the exact source of a problem that will not occure every time is
not easy and takes a long time. I`d like to try if it will occure with video
preview disabled. But how do I disable it? I know that I have to erase a
handler for the AVI file type from the registry - something that points to a
CLSID key, but I don't know witch exactly. I play with regedit frequently
and I always have a fresh backup :)


"Ken Zhao [MSFT]" said:
Hello George,

Thanks for your response.

Do you mean the issue only occurs when you use audio-video editing tools
or
codecs?

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.




--------------------
| From: "George Valkov" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: Explorer is leaking memory and eating CPU
| Date: Mon, 25 Sep 2006 11:54:42 +0300
| Lines: 104
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| X-RFC2646: Format=Flowed; Original
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.windowsxp.general
| NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:1574825
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| The problem will only occure some rare times, and I assosiate it with
| audio-video edditing tools or codecs. The last time only SoundForge and
| VirtualDubMod was running. MPEG2 codecs are the ATI build of Cyberlink.
and
| AVI codec (for both video and audio) is ffdshow. It's most likely that
| explorer and ffdshow don't like each other, so I'd like to disable
thumbnail
| preview and any other code that is trying to open AVI files in explorer,
| when I select or drag them. I guess that explorer will not dispose and
clean
| the memory of AX controls after using them and this causes my problems.
| Sooner or later, a thread may stuck infinite looping and eating memory.
|
|
| | > Hello George,
| >
| > Thank you for using newsgroup!
| >
| > From your post, does the issue also occur in Safe Mode?
| >
| > I suggest we first restart the computer in Safe Mode to see if
| > explorer.exe
| > is taking up more CPU usage. Safe Mode loads a minimally
protected-mode
| > configuration, disabling Windows device drivers and using the standard
VGA
| > display adapter.
| >
| > 1. Restart the computer.
| > 2. Keep pressing F8 key until the Windows Startup menu appears.
| > 3. Choose the Safe Mode, and press Enter.
| >
| > Note: Some third party applications and hardware devices cannot be
used
| > during Safe Mode. You will temporarily be unable to connect to the
| > Internet
| > while in Safe Mode.
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| >
| >
| >
| > --------------------
| > | From: "George Valkov" <[email protected]>
| > | Subject: Explorer is leaking memory and eating CPU
| > | Date: Sun, 24 Sep 2006 21:15:14 +0300
| > | Lines: 23
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <[email protected]>
| > | Newsgroups: microsoft.public.windowsxp.general
| > | NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| > | Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windowsxp.general:1574564
| > | X-Tomcat-NG: microsoft.public.windowsxp.general
| > |
| > | SYSTEM details: latest windows updates installed. Athlon XP 1700+,
1GB
| > RAM.
| > |
| > | I just ran out of Memory on my home PC, while compressing a two hour
| > long
| > | WAV file to MP3 in SoundForge 8.0d. Don't blame SoundForge, it's
using
| > | only 28MB RAM.
| > | I received the Low Memmory error, and noticed that Explorer is
eating
| > 50%
| > of
| > | CPU (the other 50% were for compressing audio in SoundForge). I
killed
| > the
| > | Explorer process and noticed that about 400MB of RAM were freed.
| > |
| > | 1. What should I do the next time? Choose debug in TaskManager to
open
| > | VisualStudio 2005 and see what code is running inside Explorer?
| > |
| > | 2. I noticed that if I kill Explorer, and work without it, the disk
| > | performance in VirtualDubMod will be significantly better, when
| > extracting
| > | audio. Can you tell me of another shell?
| > |
| > | 3. I'm bored from not being able to delete or move a video file on
this
| > and
| > | any other computer running XP. How do I prevent thumbnail preview
for
| > video
| > | files?
| > |
| > |
| > |
| > |
| > |
| >
|
|
|
Click to expand...
 
G

George Valkov

I found an interesting settings for Explorer in the registry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SeparateProcess"=dword:00000001

Now all explorer (browser) windows will use a second process - separate from
the shell process.
Whe I close all explorer windows, the seconds process will exit and free its
memory and resources, so it won`t keep working for a long time. And if it
doesn`t exit, I`ll kill it (-: without stopping the shell. There will be no
killing mistake, because the second process uses hight priority class, so I
know which one to kill. Yikes! High priority could be a problem if it stucks
looping...
 
C

cquirke (MVP Windows shell/user)

The problem will only occure some rare times, and I assosiate it with
audio-video edditing tools or codecs. The last time only SoundForge and
VirtualDubMod was running. MPEG2 codecs are the ATI build of Cyberlink. and
AVI codec (for both video and audio) is ffdshow. It's most likely that
explorer and ffdshow don't like each other, so I'd like to disable thumbnail
preview and any other code that is trying to open AVI files in explorer,
when I select or drag them. I guess that explorer will not dispose and clean
the memory of AX controls after using them and this causes my problems.
Sooner or later, a thread may stuck infinite looping and eating memory.
Click to expand...

By design, 3rd-party integrations into Explorer are permitted, and may
show up as "Explorer" rather than their own names in Task Manager,
firewalls, etc. These integrations can run whenever you list files,
and can dig into contents of such files when they are listed (even
though you had no intention to "open" them).

Malware authors have noted this and make use of it, though not as
often as the more traditional startup integration points.

See www.nirsoft.net (not the .com site!!) for suitable tools to manage
codecs and shell integrations (Shell Extension Viewer), as MSConfig
and HiJackThis don't patrol this part of the perimiter fence :)

Malware codecs are around, and formal malware scans (e.g. from a Bart
CDR boot) is the best way to approach that. If used with the
RunScanner plugin, you can use most registry-orientated NirSoft tools
including Shell Extension Viewer, but listers of drivers and services
may give misleading results based on runtime observations that will
reflect the Bart rather than the HD OS environment.


------------ ----- --- -- - - - -
Click to expand...
Drugs are usually safe. Inject? (Y/n)
 
K

Ken Zhao [MSFT]

Hi George,

Thanks for your efforts and response!

I have performed some research, but I cannot find a solution to disable
video preview feature in Windows XP.

For the registry key, I think this is addressed the following setting in
Windows Explorer:

Windows Explorer\Tools\Folder Options\View\Launch folder windows in a
separate process

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| From: "George Valkov" <[email protected]>
| References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
| Subject: Re: Explorer is leaking memory and eating CPU
| Date: Tue, 26 Sep 2006 15:12:36 +0300
| Lines: 14
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.windowsxp.general
| NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:1575412
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| I found an interesting settings for Explorer in the registry:
|
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanc
ed]
| "SeparateProcess"=dword:00000001
|
| Now all explorer (browser) windows will use a second process - separate
from
| the shell process.
| Whe I close all explorer windows, the seconds process will exit and free
its
| memory and resources, so it won`t keep working for a long time. And if it
| doesn`t exit, I`ll kill it (-: without stopping the shell. There will be
no
| killing mistake, because the second process uses hight priority class, so
I
| know which one to kill. Yikes! High priority could be a problem if it
stucks
| looping...
|
|
|
 
G

George Valkov

"Ken Zhao [MSFT]" said:
Hi George,

Thanks for your efforts and response!

I have performed some research, but I cannot find a solution to disable
video preview feature in Windows XP.
Click to expand...
You didn`t find, but I did. Thanks to 'cquirke (MVP Windows shell/user)'`s
idea to use NirSoft tools. And your keyword 'research', it means Google for
(disable thumbnail preview in explorer) that lead me here:
http://www.moviecodec.com/topics/3588p7.html

ShellExView // Then I used my favourite tool from NirSoft
[Avi Properties Handler] // to disable this extention
C:\WINDOWS\system32\shmedia.dll

Positive effect:
Folders with AVI files are opened instantly.

Negative effect: AVI.properties tab:
Summary properties are unavailable for the selected source(s).
This is a minor problem (I don`t care).

By the way there are many 3rd party extections that cause problems with
explorer. Mostly crushes and infinite loops. And yet another problem was
fixed with the ShellExView from NirSoft. There are a lot of great tools out
there and all they are free!
http://www.nirsoft.net/

For the registry key, I think this is addressed the following setting in
Windows Explorer:

Windows Explorer\Tools\Folder Options\View\Launch folder windows in a
separate process
Click to expand...
Correct! I didn`t know that this checkbox is related to this function, but
now I`ve noticed it`s checked. Seems like I always do things the hard way.
Well, on the other hand it`s pretty easy to export selected registry keys,
and merge it into a single .REG file that can be used later as a template to
rebuild all user settings or copy it to another computer.

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.





--------------------
| From: "George Valkov" <[email protected]>
| References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
| Subject: Re: Explorer is leaking memory and eating CPU
| Date: Tue, 26 Sep 2006 15:12:36 +0300
| Lines: 14
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.windowsxp.general
| NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:1575412
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| I found an interesting settings for Explorer in the registry:
|
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanc
ed]
| "SeparateProcess"=dword:00000001
|
| Now all explorer (browser) windows will use a second process - separate
from
| the shell process.
| Whe I close all explorer windows, the seconds process will exit and free
its
| memory and resources, so it won`t keep working for a long time. And if
it
| doesn`t exit, I`ll kill it (-: without stopping the shell. There will be
no
| killing mistake, because the second process uses hight priority class,
so
I
| know which one to kill. Yikes! High priority could be a problem if it
stucks
| looping...
|
|
|
Click to expand...
 
G

George Valkov

cquirke (MVP Windows shell/user) said:
By design, 3rd-party integrations into Explorer are permitted, and may
show up as "Explorer" rather than their own names in Task Manager,
firewalls, etc. These integrations can run whenever you list files,
and can dig into contents of such files when they are listed (even
though you had no intention to "open" them).
Click to expand...
They also create context menus and other tasks. There`re the extentions
installed in the registry as handlers, explorer calls the appropriate method
from some DLL library and so on. As long as one knows how to, he/she can do
a lot of things with this technology - for either good or bad reasons.
Malware authors have noted this and make use of it, though not as
often as the more traditional startup integration points.
Click to expand...
And the bad news here is that these malare are harder to track and clean
manually (if you only check the Run locations in the registry). Handlers are
a powerfull tool, so let's hope most bad guys won`t notice ;-)
See www.nirsoft.net (not the .com site!!) for suitable tools to manage
codecs and shell integrations (Shell Extension Viewer), as MSConfig
and HiJackThis don't patrol this part of the perimiter fence :)
Click to expand...
I`ve been using NirSoft`s tools for a few years. As I just replayed to Ken
Zhao, Your idea to use the Shell Extension Viewer, just pointed me to the
right place:
Avi Properties Handler ::disable(). Thank You!
Malware codecs are around, and formal malware scans (e.g. from a Bart
CDR boot) is the best way to approach that. If used with the
RunScanner plugin, you can use most registry-orientated NirSoft tools
including Shell Extension Viewer, but listers of drivers and services
may give misleading results based on runtime observations that will
reflect the Bart rather than the HD OS environment.
Click to expand...
I like BartPE. By the way do You know of a way to enable UDF read/write
support while in BartPE?
Drugs are usually safe. Inject? (Y/n)
Click to expand...
[¡N!] Auf keine fall!
There's only one thing I know to be more expensive than Drugs, and it is
called Life.
 
K

Ken Zhao [MSFT]

Hello George,

Thanks a lot for our MVP's great information and suggestions and thanks for
your experience sharing. I believe your solution and information will
benefit many other users, and we really value having you as a Microsoft
customer.

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.







--------------------
| From: "George Valkov" <[email protected]>
| References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<#[email protected]>
<[email protected]>
| Subject: Re: Explorer is leaking memory and eating CPU
| Date: Wed, 27 Sep 2006 18:27:50 +0300
| Lines: 109
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.windowsxp.general
| NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:1576021
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| | > Hi George,
| >
| > Thanks for your efforts and response!
| >
| > I have performed some research, but I cannot find a solution to disable
| > video preview feature in Windows XP.
| You didn`t find, but I did. Thanks to 'cquirke (MVP Windows
shell/user)'`s
| idea to use NirSoft tools. And your keyword 'research', it means Google
for
| (disable thumbnail preview in explorer) that lead me here:
| http://www.moviecodec.com/topics/3588p7.html
|
| ShellExView // Then I used my favourite tool from NirSoft
| [Avi Properties Handler] // to disable this extention
| C:\WINDOWS\system32\shmedia.dll
|
| Positive effect:
| Folders with AVI files are opened instantly.
|
| Negative effect: AVI.properties tab:
| Summary properties are unavailable for the selected source(s).
| This is a minor problem (I don`t care).
|
| By the way there are many 3rd party extections that cause problems with
| explorer. Mostly crushes and infinite loops. And yet another problem was
| fixed with the ShellExView from NirSoft. There are a lot of great tools
out
| there and all they are free!
| http://www.nirsoft.net/
|
|
| >
| > For the registry key, I think this is addressed the following setting in
| > Windows Explorer:
| >
| > Windows Explorer\Tools\Folder Options\View\Launch folder windows in a
| > separate process
| Correct! I didn`t know that this checkbox is related to this function,
but
| now I`ve noticed it`s checked. Seems like I always do things the hard
way.
| Well, on the other hand it`s pretty easy to export selected registry
keys,
| and merge it into a single .REG file that can be used later as a template
to
| rebuild all user settings or copy it to another computer.
|
|
| >
| > Ken Zhao
| >
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > =====================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| >
| >
| >
| > --------------------
| > | From: "George Valkov" <[email protected]>
| > | References: <[email protected]>
| > <[email protected]>
| > <[email protected]>
| > <[email protected]>
| > | Subject: Re: Explorer is leaking memory and eating CPU
| > | Date: Tue, 26 Sep 2006 15:12:36 +0300
| > | Lines: 14
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.3790.2663
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| > | Message-ID: <#[email protected]>
| > | Newsgroups: microsoft.public.windowsxp.general
| > | NNTP-Posting-Host: 87-126-145-8.btc-net.bg 87.126.145.8
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:1575412
| > | X-Tomcat-NG: microsoft.public.windowsxp.general
| > |
| > | I found an interesting settings for Explorer in the registry:
| > |
| >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanc
| > ed]
| > | "SeparateProcess"=dword:00000001
| > |
| > | Now all explorer (browser) windows will use a second process -
separate
| > from
| > | the shell process.
| > | Whe I close all explorer windows, the seconds process will exit and
free
| > its
| > | memory and resources, so it won`t keep working for a long time. And
if
| > it
| > | doesn`t exit, I`ll kill it (-: without stopping the shell. There will
be
| > no
| > | killing mistake, because the second process uses hight priority
class,
| > so
| > I
| > | know which one to kill. Yikes! High priority could be a problem if it
| > stucks
| > | looping...
| > |
| > |
| > |
| >
|
|
|
 
C

cquirke (MVP Windows shell/user)

"cquirke (MVP Windows shell/user)" wrote in
Click to expand...

Or even list them...
They also create context menus and other tasks. There`re the extentions
installed in the registry as handlers, explorer calls the appropriate method
from some DLL library and so on. As long as one knows how to, he/she can do
a lot of things with this technology - for either good or bad reasons.
Click to expand...

The problem with them is that they exceed the user's intentions. A
user may list and select a file intending to delete it, knowing that
it's suspicious, and here we have the shell groping around inside the
file's contents on the ASSumption the user wants to "open" it.

In an age where we still expected code to do only what it was written
to do, this might be safe - i.e. you could say with a straight face
that "we're only looking at some data fields, it's not as if we're
going to run any code from the file".

But today, we should be aware that any code may turn out to be
exploitable, and once that hapens, what we designed the code to do is
completely irrelevant to what it can be exploited to do.

The other more mundane objection is one of performance, especially
when the file isn't structured as it should be. We saw this ages ago
with large corrupted .AVI files, where the shell would wade through
the entire file from one end to the other, looking for some metadata
tags that we prolly couldn't be bothered with anyway.

A single file like that may drastically slow down any listing on the
folder that contains it.
And the bad news here is that these malare are harder to track and clean
manually (if you only check the Run locations in the registry). Handlers are
a powerfull tool, so let's hope most bad guys won`t notice ;-)
Click to expand...

I'd rather see us equipped with management tools before then... the
Nirsoft functionality should be built into MSConfig, really.
I`ve been using NirSoft`s tools for a few years. As I just replayed to Ken
Zhao, Your idea to use the Shell Extension Viewer, just pointed me to the
right place: Avi Properties Handler ::disable(). Thank You!
Cool!
Click to expand...
I like BartPE. By the way do You know of a way to enable UDF read/write
support while in BartPE?
Click to expand...

No I don't... I don't use CD writing from Bart because Bart dies if I
eject the disk it's running from. There are two ways around that:
- add a second CD or DVD writer drive
- boot Bart off USB or RAMdisk instead of CDR or DVDR

The latter is something of a "holy grail" in the Bart world. A core
issue is that when NT versions older than Server 2003 (or perhaps it
is Server 2003 SP1) will reset the USB during the OS startup process,
which basically amputates the OS's head at that point.

The solutions I've read about, involve either using Server 2003 or
later code base (alas, XP SP2 is too old) as this doesn't reset the
USB, and/or throwing the whole OS into a RAM disk and then actually
booting it from there (which will need a fair bit of RAM).

I haven't tested MS WinPE older than the 2.0 version that is built
into Vista, but the Vista one works quite well in this respect - the
OS has a different drive letter to the DVD drive it booted from, and
you can eject the Vista installation DVD without crashing it. I know
that Vista is built from post-2003 code base, so there's one less
obstacle to booting it in nOS form from a USB stick.


------------ ----- --- -- - - - -
Click to expand...
Drugs are usually safe. Inject? (Y/n)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Help: Explorer eating up processes 2
audiodg.exe eating memory? 3
Memory conflict in XP Pro SP2 4
CPU and Memory Allocation 3
Windows Explorer resources question 4
High CPU and Memory Usage 9
Windows Explorer consumes all memory and cpu usage 10
CPU or RAM 6

Top