svchost.exe + NTDLL.DLL Causing high CPU Usage

Page 3 of 6 FirstFirst 12345 ... LastLast

  1. H2SO4
    Posts : 1,377
    Win7x64
       New #21

    Satanical Eve said:
    Threads for it...
    That's all one thread, and it's relatively strange, as if the kernel is trying to map info into the user-mode address space of a process whose threads are themselves not running for some reason, as if they've been suspended.

    The svchost to which this thread belongs is the "DcomLaunch" instance - that's visible from your first screenshot. There are multiple services in there by default:

    svchost.exe 708 DcomLaunch, PlugPlay, Power

    Your own machine may well be different (check by running TASKLIST /SVC).

    If you temporarily split up those services into their own svchost instances, it'll become easier to gauge which service spawns the CPU chewing thread, and hence where to focus the troubleshooting. To split off the services into their own svchost instances, on an elevated (run as admin) CMD prompt:

    SC CONFIG Power TYPE= OWN
    SC CONFIG PlugPlay TYPE= OWN

    Reboot, and then check which of the services is blasting the processor.
      My Computer
    Quote Quote

  3. Satanical Eve
    Posts : 45
    Windows 7 Professional 64 BIT
    Thread Starter
       New #22

    H2SO4 said:
    Satanical Eve said:
    Threads for it...
    That's all one thread, and it's relatively strange, as if the kernel is trying to map info into the user-mode address space of a process whose threads are themselves not running for some reason, as if they've been suspended.

    The svchost to which this thread belongs is the "DcomLaunch" instance - that's visible from your first screenshot. There are multiple services in there by default:

    svchost.exe 708 DcomLaunch, PlugPlay, Power

    Your own machine may well be different (check by running TASKLIST /SVC).

    If you temporarily split up those services into their own svchost instances, it'll become easier to gauge which service spawns the CPU chewing thread, and hence where to focus the troubleshooting. To split off the services into their own svchost instances, on an elevated (run as admin) CMD prompt:

    SC CONFIG Power TYPE= OWN
    SC CONFIG PlugPlay TYPE= OWN

    Reboot, and then check which of the services is blasting the processor.
    I did this earlier. Im going to leave this PC on though. The issue MIGHT be resolved but if the high cpu usage comes back Im gonna restart and check out whats going on with the services.
      My Computer
    Quote Quote

  4. Satanical Eve
    Posts : 45
    Windows 7 Professional 64 BIT
    Thread Starter
       New #23

    I restarted the pc last night and now Its starting that issue again 49%. Its the Plug And Play thats causing it. umpnpmgr.dll with ntdll.dll!tppwaiterp thread that makes the CPU spike. If I suspend the ntdll.dll thread thats causing it. the cpu goes back to normal BUT it comes back within a few hours. Now thats a work around right now but I do not want to continue doing that
    Last edited by Satanical Eve; 11 Nov 2009 at 15:07.
      My Computer
    Quote Quote

  6. seekermeister
    Posts : 6,618
    W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
       New #24

    Google listed over 100,000 returns on that file, but I didn't quickly see anything directly related to your problem. Not sure, but I would consider downloading another copy of it, to see if the original is corrupted.
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #25

    Satanical Eve, download Malwarebytes' Anti-Malware to your desktop
    |MG| Malwarebytes Anti-Malware 1.41 Download
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
      My Computer
    Quote Quote

  8. H2SO4
    Posts : 1,377
    Win7x64
       New #26

    Satanical Eve said:
    I restarted the pc last night and now Its starting that issue again 49%. Its the Plug And Play thats causing it. umpnpmgr.dll with ntdll.dll!tppwaiterp thread that makes the CPU spike. If I suspend the ntdll.dll thread thats causing it. the cpu goes back to normal BUT it comes back within a few hours. Now thats a work around right now but I do not want to continue doing that
    Can you post the stacks of the threads in the PnP svchost at the point where the problem occurs again? I gather that you're observing involvement from multiple threads in that process, even if suspending one of them temporarily does the trick.

    If you haven't already done so, I'd suggest testing what happens with your anti-virus completely uninstalled, not just disabled. The previous thread stack you posted is indicative of retry behaviour which may be caused by some type of interference from another component - possibly the AV.
      My Computer
    Quote Quote

  10. Satanical Eve
    Posts : 45
    Windows 7 Professional 64 BIT
    Thread Starter
       New #27

    H2SO4 said:
    Satanical Eve said:
    I restarted the pc last night and now Its starting that issue again 49%. Its the Plug And Play thats causing it. umpnpmgr.dll with ntdll.dll!tppwaiterp thread that makes the CPU spike. If I suspend the ntdll.dll thread thats causing it. the cpu goes back to normal BUT it comes back within a few hours. Now thats a work around right now but I do not want to continue doing that
    Can you post the stacks of the threads in the PnP svchost at the point where the problem occurs again? I gather that you're observing involvement from multiple threads in that process, even if suspending one of them temporarily does the trick.

    If you haven't already done so, I'd suggest testing what happens with your anti-virus completely uninstalled, not just disabled. The previous thread stack you posted is indicative of retry behaviour which may be caused by some type of interference from another component - possibly the AV.
    I'll definitely do that. Well Kaspersky I never had issues with it when I got it installed with Windows 7 BUT Ill take the risk without the antivirus. If indeed it happens again. Ill post the stacks as well

    Also did mailware bytes from the other poster.

    Malwarebytes' Anti-Malware 1.41
    Database version: 3149
    Windows 6.1.7600

    11/11/2009 5:17:16 PM
    mbam-log-2009-11-11 (17-17-16).txt

    Scan type: Quick Scan
    Objects scanned: 89895
    Time elapsed: 3 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Brian\downloads\sopfilter.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Users\Brian\Desktop\Download 100,000 Emoticons!.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Users\Brian\Desktop\Sherv.NET - Animated Emoticons, Winks, Display Pics, plus more!.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Users\Brian\Local Settings\Temporary Internet Files\udRemove.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Found five instances. of errors and removed them
      My Computer
    Quote Quote

  11. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #28

    Looks good! :)
    http://www.siteadvisor.com/sites/Sherv.net/
    http://www.prevx.com/filenames/28290...ILTER.EXE.html
    http://www.prevx.com/filenames/15208...T-2-4.EXE.html

    Before you disable Kaspersky, reboot and run your machine for a bit. Tell us if it's still spiking.
      My Computer
    Quote Quote

  12. Satanical Eve
    Posts : 45
    Windows 7 Professional 64 BIT
    Thread Starter
       New #29

    Jacee said:
    Looks good! :)
    sherv.net | McAfee SiteAdvisor Software ? Website Safety Ratings and Secure Search
    SOPFILTER.EXE, Prevx
    UD_HJSPLIT-2-4.EXE, Prevx

    Before you disable Kaspersky, reboot and run your machine for a bit. Tell us if it's still spiking.
    The weird thing is there is two sopfilter.exe, One of them i used for streaming video using the sop format and the other is an actual worm. Hopefully it wasn't the worm that got downloaded
      My Computer
    Quote Quote

  13. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #30

    I would advise you to keep MalwareBytes' Antimalware. Update this free version often.
    Also download Spyware Blaster and Spyware Guard (free by javacool)
    The download and tutorial for both are here:
    Javacool Software

    Update and click on Enable all Protection
      My Computer
    Quote Quote

 
Page 3 of 6 FirstFirst 12345 ... LastLast

  Related Discussions
High CPU Usage Due to svchost.exe
in Performance & Maintenance

So this problem just happened out of the blue today. I was just browsing with my desktop and it just so happens that I noticed the jittery/laggy movement of my cursor occasionally. So I checked the Task Manager and noticed that svchost is putting my CPU usage at 50%~75% constantly. The high CPU...
I have had that message a couple of times whilst on the Forum. Haven't noticed it when I am doing anything else. Here's the info I get when I click on more details; Here's a screenshot of Process Explorer which I think indentifies the problem. I'm just not sure what to do to rectify this. ...
To be honest, I started out investigating the wrong thing. This all started because I would have errors in Chrome. The Aww, Snap or It's Dead Jim errors, etc. Or Chrome would just crash and I would relaunch and restore. I did normal Chrome things like check the shockwave and flash files, disable...
i saw this process in task manager svchost.exe causing my system to have 50% cpu load at idle, after i end task it the windows gui desktop turns to classic and returns back to normal. how to fix this btw i have windows xp but i know you encounter or read some of this problems please help me fix...
This problem began yesterday. I noticed my CPU was at 90C constantly with very high CPU usage (>50%). I had no major programs running. I rebooted several times and the program persisted. 1. I went into safe mode and everything was normal. So this rules out hardware issues. 2. I reformatted and...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 19:59.
Find Us