Enormeous system process kernel time after booting

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hello everyone.

My computer configuration is as follows:
------------------
System Information
------------------
   Operating System: Windows 7 Ultimate 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.120503-2030)
System Manufacturer: Gigabyte Technology Co., Ltd.
       System Model: 965P-DS3
               BIOS: Award Modular BIOS v6.00PG
          Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz (4 CPUs), ~2.4GHz
             Memory: 4096MB RAM

I have installed KIS 2013.

My computer freezes a lot on boot time so i tried finding the root cause. I think it is related either to avp.exe (KIS 2013 service) or ntoskrnl.exe.

After about 15-30 seconds from logon System process and avp for about 2+ minutes start using ~55% of CPU. At the end the System process kernel time is 2 minutes and avp process kernel time is 1+ minute. I tried localizing what threads are using so much time and what are they actually doing. Using Process explorer i found out that responsible thread from System process is in Wait:WrFreePage state with start address ntoskrnl.exe!WheaAttemptPhysicalPageOffline+0x350. Also i provide a screenshot of my problem with data from Process hacker.

http://img46.imageshack.us/img46/52/cpuv.png

Please note that I don't have too advanced knowledge about Windows, but I am rather trying to investigate and solve problem. Since this problem, and associated data I am posting, is mostly out of my domain of knowledge I would gladly provide more info and appreciate any help offered.

Thanks in advance. :)

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
vilaemail Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 03 February 2013 Status: Offline Points: 6	Post Options Post Reply Quote vilaemail Report Post Thanks(0) Quote Reply Topic: Enormeous system process kernel time after booting Posted: 03 February 2013 at 10:59pm
	Hello everyone. My computer configuration is as follows: ------------------ System Information ------------------ Operating System: Windows 7 Ultimate 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.120503-2030) System Manufacturer: Gigabyte Technology Co., Ltd. System Model: 965P-DS3 BIOS: Award Modular BIOS v6.00PG Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz (4 CPUs), ~2.4GHz Memory: 4096MB RAM I have installed KIS 2013. My computer freezes a lot on boot time so i tried finding the root cause. I think it is related either to avp.exe (KIS 2013 service) or ntoskrnl.exe. After about 15-30 seconds from logon System process and avp for about 2+ minutes start using ~55% of CPU. At the end the System process kernel time is 2 minutes and avp process kernel time is 1+ minute. I tried localizing what threads are using so much time and what are they actually doing. Using Process explorer i found out that responsible thread from System process is in Wait:WrFreePage state with start address ntoskrnl.exe!WheaAttemptPhysicalPageOffline+0x350. Also i provide a screenshot of my problem with data from Process hacker. http://img46.imageshack.us/img46/52/cpuv.png Please note that I don't have too advanced knowledge about Windows, but I am rather trying to investigate and solve problem. Since this problem, and associated data I am posting, is mostly out of my domain of knowledge I would gladly provide more info and appreciate any help offered. Thanks in advance. :)

WindowsStar Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 30 June 2010 Status: Offline Points: 508	Post Options Post Reply Quote WindowsStar Report Post Thanks(0) Quote Reply Posted: 04 February 2013 at 6:46am
	I would remove KIS 2013 and see if the problem goes away. If it does you found the problem. If not use your restore points to go back to just before you installed KIS 2013 (I think KIS creates one before installing). If that fixes your problem then again KIS is the problem. -WS

dirbase Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 26 March 2008 Status: Offline Points: 496	Post Options Post Reply Quote dirbase Report Post Thanks(0) Quote Reply Posted: 04 February 2013 at 8:15am
	Your symbols are not resolving right

MagicAndre1981 Members Profile Send Private Message Find Members Posts Add to Buddy List Moderator Group Joined: 08 January 2007 Location: Germany Status: Offline Points: 1505	Post Options Post Reply Quote MagicAndre1981 Report Post Thanks(0) Quote Reply Posted: 04 February 2013 at 7:34pm
	run xperf: http://forum.sysinternals.com/windows-7-ntoskrnlexe-spiking-problem_topic28929_post138124.html#138124 and upload the trace file.

vilaemail Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 03 February 2013 Status: Offline Points: 6	Post Options Post Reply Quote vilaemail Report Post Thanks(0) Quote Reply Posted: 04 February 2013 at 9:49pm
	Hi guys, I have run xpref yesterday since i saw a lot of references to it in other threads. I will upload and send you the trace via PM. Also, I have miss expressed myself. I am using KIS 2013 for about 1 month (I used KIS 2012 before). But I can't quite pinpoint the exact moment this problem started occurring. Anyway I can't use system restore since a lot has changed in the mean time. I will now try to uninstall KIS and see if the problem persists.

vilaemail Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 03 February 2013 Status: Offline Points: 6	Post Options Post Reply Quote vilaemail Report Post Thanks(0) Quote Reply Posted: 04 February 2013 at 9:52pm
	OK I have sent the trace to MagicAndre. Dirbase what are you exactly referring to with symbols not loading right? How can I dig deeper into this, find out what is the problem and resolve it? Thanks in advance.

MagicAndre1981 Members Profile Send Private Message Find Members Posts Add to Buddy List Moderator Group Joined: 08 January 2007 Location: Germany Status: Offline Points: 1505	Post Options Post Reply Quote MagicAndre1981 Report Post Thanks(0) Quote Reply Posted: 05 February 2013 at 5:28am
	ntkrnlmp.exe!KeZeroPages is the cause of the high CPU usage by the kernel. Before using memory again, the data must be zeroed and this is what this does. The kaspersky CPU usage come from the file klavasyswatch.dll.ada3b055411dce56062b97586745b394. You should really remove KIS and try a different tool.