G
Guest
I first had a similar issue with SVCHOST running at 100% for prolonged
periods of time. I installed the hotfix and WSUS 3.1 updates, and my problem
got a little better, but not totally. I narrowed my issue down to the
Firewall/ICS service. If I turn it off, my CPU usage drops to 3%. As soon as
I start it, it jumps and hovers between 40 and 60%. Using Process explorer I
was able to narrow the offending thread down to the wbemcore.dll. The
following dumps are from 3 different stack captures I did:
Thread: wbemcore.dll+0xf010
1)
ntoskrnl.exe!ZwAssignProcessToJobObject+0x15
ntoskrnl.exe!KeQueryRuntimeThread+0x5e8
hal.dll!HalClearSoftwareInterrupt+0x342
hal.dll!ExReleaseFastMutex+0x26
ntoskrnl.exe!ZwSetSystemInformation+0x23
ntdll.dll!KiFastSystemCallRet
kernel32.dll!VirtualAlloc+0x18
esscli.dll!CTempMemoryManager::Allocate+0xb4
repdrvfs.dll+0x145a4
wbemcore.dll+0x10d3b
wbemcore.dll+0x11884
wbemcore.dll+0x3e8e4
wbemcore.dll+0x3f899
wbemcore.dll+0x40d86
wbemcore.dll+0x414b1
wbemcore.dll+0x348d9
wbemcore.dll+0x3d755
wbemcore.dll+0x34d09
wbemcore.dll+0x4edcc
wbemcore.dll+0x11273
wbemcore.dll+0x11a19
wbemcore.dll+0x40f2a
wbemcore.dll+0x51c57
wbemcore.dll+0xef24
wbemcore.dll+0xed4e
wbemcore.dll+0x325cb
wbemcore.dll+0xdecc
wbemcore.dll+0x4d438
wbemcore.dll+0x4d624
wbemcore.dll+0x42fd1
wbemcore.dll+0x432bd
wbemcore.dll+0x3c769
wbemcore.dll+0xed4e
wbemcore.dll+0x325cb
wbemcore.dll+0xee89
wbemcore.dll+0xf055
kernel32.dll!GetModuleFileNameA+0x1b4
2)
ntoskrnl.exe!ZwAssignProcessToJobObject+0x15
ntoskrnl.exe!KeQueryRuntimeThread+0x5e8
ntoskrnl.exe!CcPurgeCacheSection+0x240
ntoskrnl.exe!NtQueryInformationToken+0x16c6
ntoskrnl.exe!ZwSetSystemInformation+0x23
ntdll.dll!KiFastSystemCallRet
USER32.dll!GetLastInputInfo+0x105
USER32.dll!MsgWaitForMultipleObjects+0x1f
wbemcore.dll+0x52791
wbemcore.dll+0x527ea
wbemcore.dll+0xedfd
wbemcore.dll+0xf055
kernel32.dll!GetModuleFileNameA+0x1b4
3)
ntoskrnl.exe!ZwAssignProcessToJobObject+0x15
ntoskrnl.exe!KeQueryRuntimeThread+0x5e8
hal.dll!HalClearSoftwareInterrupt+0x342
kernel32.dll!InterlockedDecrement+0xd
FastProx.dll!CQualifierSet::~CQualifierSet+0x2b
FastProx.dll!CClassQualifierSet::~CClassQualifierSet+0x17
FastProx.dll!CClassPart::~CClassPart+0x1a
FastProx.dll!CClassAndMethods::~CClassAndMethods+0x1a
FastProx.dll!CWbemClass::~CWbemClass+0x5a
FastProx.dll!CWbemClass::MergeClassPart+0x4a
FastProx.dll!CWbemObject::Release+0x2a
wbemcore.dll+0xf414
wbemcore.dll+0x3f899
wbemcore.dll+0x40d86
wbemcore.dll+0x414b1
wbemcore.dll+0x348d9
wbemcore.dll+0x3d755
wbemcore.dll+0x34d09
wbemcore.dll+0x4edcc
wbemcore.dll+0x11273
wbemcore.dll+0x11a19
wbemcore.dll+0x40f2a
wbemcore.dll+0x51c57
wbemcore.dll+0xef24
wbemcore.dll+0xed4e
wbemcore.dll+0x325cb
wbemcore.dll+0xdecc
wbemcore.dll+0x4d438
wbemcore.dll+0x4d624
wbemcore.dll+0x42fd1
wbemcore.dll+0x432bd
wbemcore.dll+0x3c769
wbemcore.dll+0xed4e
wbemcore.dll+0x325cb
wbemcore.dll+0xee89
wbemcore.dll+0xf055
kernel32.dll!GetModuleFileNameA+0x1b4
Can any MS or other experienced person try to figure why this is occurring?
I don't mind having my firewall off at home (since I have a hardware firewall
in place), but when I go out, I would really like to have it on. If you need
more info, please contact me. Thanks!
Derek Wade
periods of time. I installed the hotfix and WSUS 3.1 updates, and my problem
got a little better, but not totally. I narrowed my issue down to the
Firewall/ICS service. If I turn it off, my CPU usage drops to 3%. As soon as
I start it, it jumps and hovers between 40 and 60%. Using Process explorer I
was able to narrow the offending thread down to the wbemcore.dll. The
following dumps are from 3 different stack captures I did:
Thread: wbemcore.dll+0xf010
1)
ntoskrnl.exe!ZwAssignProcessToJobObject+0x15
ntoskrnl.exe!KeQueryRuntimeThread+0x5e8
hal.dll!HalClearSoftwareInterrupt+0x342
hal.dll!ExReleaseFastMutex+0x26
ntoskrnl.exe!ZwSetSystemInformation+0x23
ntdll.dll!KiFastSystemCallRet
kernel32.dll!VirtualAlloc+0x18
esscli.dll!CTempMemoryManager::Allocate+0xb4
repdrvfs.dll+0x145a4
wbemcore.dll+0x10d3b
wbemcore.dll+0x11884
wbemcore.dll+0x3e8e4
wbemcore.dll+0x3f899
wbemcore.dll+0x40d86
wbemcore.dll+0x414b1
wbemcore.dll+0x348d9
wbemcore.dll+0x3d755
wbemcore.dll+0x34d09
wbemcore.dll+0x4edcc
wbemcore.dll+0x11273
wbemcore.dll+0x11a19
wbemcore.dll+0x40f2a
wbemcore.dll+0x51c57
wbemcore.dll+0xef24
wbemcore.dll+0xed4e
wbemcore.dll+0x325cb
wbemcore.dll+0xdecc
wbemcore.dll+0x4d438
wbemcore.dll+0x4d624
wbemcore.dll+0x42fd1
wbemcore.dll+0x432bd
wbemcore.dll+0x3c769
wbemcore.dll+0xed4e
wbemcore.dll+0x325cb
wbemcore.dll+0xee89
wbemcore.dll+0xf055
kernel32.dll!GetModuleFileNameA+0x1b4
2)
ntoskrnl.exe!ZwAssignProcessToJobObject+0x15
ntoskrnl.exe!KeQueryRuntimeThread+0x5e8
ntoskrnl.exe!CcPurgeCacheSection+0x240
ntoskrnl.exe!NtQueryInformationToken+0x16c6
ntoskrnl.exe!ZwSetSystemInformation+0x23
ntdll.dll!KiFastSystemCallRet
USER32.dll!GetLastInputInfo+0x105
USER32.dll!MsgWaitForMultipleObjects+0x1f
wbemcore.dll+0x52791
wbemcore.dll+0x527ea
wbemcore.dll+0xedfd
wbemcore.dll+0xf055
kernel32.dll!GetModuleFileNameA+0x1b4
3)
ntoskrnl.exe!ZwAssignProcessToJobObject+0x15
ntoskrnl.exe!KeQueryRuntimeThread+0x5e8
hal.dll!HalClearSoftwareInterrupt+0x342
kernel32.dll!InterlockedDecrement+0xd
FastProx.dll!CQualifierSet::~CQualifierSet+0x2b
FastProx.dll!CClassQualifierSet::~CClassQualifierSet+0x17
FastProx.dll!CClassPart::~CClassPart+0x1a
FastProx.dll!CClassAndMethods::~CClassAndMethods+0x1a
FastProx.dll!CWbemClass::~CWbemClass+0x5a
FastProx.dll!CWbemClass::MergeClassPart+0x4a
FastProx.dll!CWbemObject::Release+0x2a
wbemcore.dll+0xf414
wbemcore.dll+0x3f899
wbemcore.dll+0x40d86
wbemcore.dll+0x414b1
wbemcore.dll+0x348d9
wbemcore.dll+0x3d755
wbemcore.dll+0x34d09
wbemcore.dll+0x4edcc
wbemcore.dll+0x11273
wbemcore.dll+0x11a19
wbemcore.dll+0x40f2a
wbemcore.dll+0x51c57
wbemcore.dll+0xef24
wbemcore.dll+0xed4e
wbemcore.dll+0x325cb
wbemcore.dll+0xdecc
wbemcore.dll+0x4d438
wbemcore.dll+0x4d624
wbemcore.dll+0x42fd1
wbemcore.dll+0x432bd
wbemcore.dll+0x3c769
wbemcore.dll+0xed4e
wbemcore.dll+0x325cb
wbemcore.dll+0xee89
wbemcore.dll+0xf055
kernel32.dll!GetModuleFileNameA+0x1b4
Can any MS or other experienced person try to figure why this is occurring?
I don't mind having my firewall off at home (since I have a hardware firewall
in place), but when I go out, I would really like to have it on. If you need
more info, please contact me. Thanks!
Derek Wade