|
services.exe with high cpu utilization |
Post Reply 
|
Page 123 4> |
| Author | |
ErricZ123 
Newbie 
Joined: 16 May 2008 Online Status: Offline Posts: 17 |
 Quote Reply
 Topic: services.exe with high cpu utilizationPosted: 16 May 2008 at 12:10pm |
|
I've been reading through some of the other topics on this crazy services.exe problem and none of the solutions seemed to apply to me.
I have some Process Explorer logs and I have the kernel32.dll!BaseThreadStartThunk. When I run REGMON I see a ton of hits on the registry by the same services.exe process - EnumerateKey, OpenKey, CloseKey over and over. What kind of info would be needed to help me troubleshoot this annoyance? Stack for the thread that had the highest CPU usage: 0 ntoskrnl.exe!KiUnlockDispatcherDatabase+0x77 1 ntoskrnl.exe!KiDeliverApc+0x124 2 ntoskrnl.exe!KiSwapThread+0x64 3 ntoskrnl.exe!KeWaitForSingleObject+0x1c2 4 ntoskrnl.exe!NtReplyWaitReceivePortEx+0x3dc 5 ntoskrnl.exe!KiFastCallEntry+0xf8 6 ntdll.dll!KiFastSystemCallRet 7 ntdll.dll!NtReplyWaitReceivePortEx+0xc 8 RPCRT4.dll!LRPC_ADDRESS::ReceiveLotsaCalls+0xf4 9 RPCRT4.dll!RecvLotsaCallsWrapper+0xd 10 RPCRT4.dll!BaseCachedThreadRoutine+0x79 11 RPCRT4.dll!ThreadStartRoutine+0x1a 12 kernel32.dll!BaseThreadStart+0x37 Edited by ErricZ123 - 16 May 2008 at 12:12pm |
|
 |
|
|
ErricZ123
Newbie
Joined: 16 May 2008 Online Status: Offline Posts: 17 |
Quote Reply
Posted: 18 May 2008 at 2:55pm |
|
More details ... my system will run for a little bit without an issue and then it starts to run slowly. If I look at task manager, services.exe is running anywhere from 10% to 95% CPU utilization. Filemon doesn't show much activity from it but regmon is showing a ton of hits on the registry, all reads and opens and the like.
I have run almost every virus/spyware/trojan scanner out there and I'm almost ready to re-install at this point. Everything has been fine for ages and this started for no apparent reason early last week. This Windows junk is so fickle. |
|
|
|
|
molotov
Moderator Group 
Joined: 04 October 2006 Online Status: Offline Posts: 17287 |
Quote Reply
Posted: 18 May 2008 at 7:13pm |
|
Hi ErricZ123,
You don't say what operating system you are using, so we will consider from BaseThreadStart that you are likely using XP.
What services does Process Explorer indicate are running in Services.exe (Services.exe properties, Services tab)? Are you able to stop any of the services and if so does the behavior in question stop?
Are there any relevant entries in the event logs? Are the event logs full? If you save the event logs and then clear them, does it have an affect on the behavior?
What are the specific keys that are being accessed? Can you use Process Monitor rather than Regmon, to inspect the stack of the registry activities in question, after configuring symbols (as you seem to have done for Process Explorer)?
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
ErricZ123
Newbie
Joined: 16 May 2008 Online Status: Offline Posts: 17 |
Quote Reply
Posted: 19 May 2008 at 12:00pm |
|
Sorry, I am running XP Pro SP2 with most of the pre-sp3 updates done along the way.
Event Log and Plug and plug are the only two services attached to services.exe and I can't stop either one of them. There are no pertinent events in any of the logs and clearing them the other day didn't help at all. I'm not sure if I know what data you want when you say to "inspect the stack of the registry activities". this? ntoskrnl.exe!KiUnlockDispatcherDatabase+0x77 ntoskrnl.exe!KeSetEvent+0x74 ntoskrnl.exe!PspGetSetContextSpecialApc+0x4e ntoskrnl.exe!KiDeliverApc+0xb3 ntoskrnl.exe!KiSwapThread+0x64 ntoskrnl.exe!KeDelayExecutionThread+0x1c9 ntoskrnl.exe!NtDelayExecution+0x87 ntoskrnl.exe!KiFastCallEntry+0xf8 ntdll.dll!KiFastSystemCallRet ntdll.dll!NtDelayExecution+0xc RPCRT4.dll!TIMER::Wait+0x2b RPCRT4.dll!BaseCachedThreadRoutine+0xc4 RPCRT4.dll!ThreadStartRoutine+0x1a kernel32.dll!BaseThreadStart+0x37 THANK YOU VERY MUCH!!!!! |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17287 |
Quote Reply
Posted: 19 May 2008 at 3:27pm |
|
I'm guessing you're getting the stack from Process Explorer; please note that the previous post mentioned Process Monitor.
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
ErricZ123
Newbie
Joined: 16 May 2008 Online Status: Offline Posts: 17 |
Quote Reply
Posted: 19 May 2008 at 4:05pm |
|
HAHAHA, whoops, brain fried, will update shortly.
|
|
|
|
|
ErricZ123
Newbie
Joined: 16 May 2008 Online Status: Offline Posts: 17 |
Quote Reply
Posted: 19 May 2008 at 6:43pm |
|
http://countrykennelsmd.com/f1les/Logfile2.zip
How does this look ... I let it run for a long while, saved it to a CSV and then checked where it started the loop over again. Edited by ErricZ123 - 19 May 2008 at 7:03pm |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17287 |
Quote Reply
Posted: 19 May 2008 at 6:52pm |
|
It seems that the accesses may be related to PnP. But that log doesn't include the stack of the events...
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
ErricZ123
Newbie
Joined: 16 May 2008 Online Status: Offline Posts: 17 |
Quote Reply
Posted: 19 May 2008 at 7:17pm |
|
Ok, let's try again ...
Edited by ErricZ123 - 19 May 2008 at 7:55pm |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17287 |
Quote Reply
Posted: 19 May 2008 at 7:22pm |
|
Looking for the stack of the events. Right-click an event and choose "StacK".
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
Post Reply
|
Page 123 4> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options