Meetloaf13
New Member
- Joined
- Sep 21, 2009
Hello all,
Receiving very little help on this on other forums I frequent, I thought I'd try here. I hope all of this information does not overwhelm.
Here it goes:
Hello,
The past couple days I've noticed SVCHOST.EXE start going +50 CPU. For the most part it is sustained. I have linked a screenshot of the services that are running under this instance. I am running Win 7 RC. Right now it's not at a 'sustained' 50 CPU like it was last night, but every 3 or 4 seconds, it pops back up to 50 and then down again a few second later, and iterates like that.
I just did a full Avira AntiVir scan with updated signatures, nothing found. I also run Comodo Firewall with Defense+.
I am looking at the "threads" of the svhost.exe, and it appears that the culprit is ntdll.dll!RtlValidateHeap+0x110 (there are 12 instances, each of which well have over 200,000,000,000 cycles after about 10 minutes of booting up; SCREENIE BELOW).
The stack for one of these threads is this:
ntoskrnl.exe!KeRemoveQueueEx+0x9da
ntoskrnl.exe!KeWaitForMutexObject+0x7c9
ntoskrnl.exe!KeWaitForMutexObject+0x19f
ntoskrnl.exe!PoStartNextPowerIrp+0x3a4
ntoskrnl.exe!IoGetSfioStreamIdentifier+0x7ad
ntoskrnl.exe!KiCheckForKernelApcDelivery+0x25
ntoskrnl.exe!IoGetConfigurationInformation+0x32b57
Here's the stack of another of the threads:
ntoskrnl.exe!KeRemoveQueueEx+0x9da
ntoskrnl.exe!memset+0x60e
ntoskrnl.exe!CcScheduleReadAhead+0x710
ntoskrnl.exe!RtlEnumerateEntryHashTable+0x311
ntdll.dll!NtOpenKeyEx+0xa
kernel32.dll!LocalAlloc+0x222
kernel32.dll!RegOpenKeyExW+0x153
kernel32.dll!RegOpenKeyExW+0x1d
ADVAPI32.dll!RegOpenKeyExW+0x13
I've tried a Google, but couldn't find anything conclusive. Curious if anyone may know what's up off the top of their head.
Thanks!
Receiving very little help on this on other forums I frequent, I thought I'd try here. I hope all of this information does not overwhelm.
Here it goes:
Hello,
The past couple days I've noticed SVCHOST.EXE start going +50 CPU. For the most part it is sustained. I have linked a screenshot of the services that are running under this instance. I am running Win 7 RC. Right now it's not at a 'sustained' 50 CPU like it was last night, but every 3 or 4 seconds, it pops back up to 50 and then down again a few second later, and iterates like that.
I just did a full Avira AntiVir scan with updated signatures, nothing found. I also run Comodo Firewall with Defense+.
I am looking at the "threads" of the svhost.exe, and it appears that the culprit is ntdll.dll!RtlValidateHeap+0x110 (there are 12 instances, each of which well have over 200,000,000,000 cycles after about 10 minutes of booting up; SCREENIE BELOW).
The stack for one of these threads is this:
ntoskrnl.exe!KeRemoveQueueEx+0x9da
ntoskrnl.exe!KeWaitForMutexObject+0x7c9
ntoskrnl.exe!KeWaitForMutexObject+0x19f
ntoskrnl.exe!PoStartNextPowerIrp+0x3a4
ntoskrnl.exe!IoGetSfioStreamIdentifier+0x7ad
ntoskrnl.exe!KiCheckForKernelApcDelivery+0x25
ntoskrnl.exe!IoGetConfigurationInformation+0x32b57
Here's the stack of another of the threads:
ntoskrnl.exe!KeRemoveQueueEx+0x9da
ntoskrnl.exe!memset+0x60e
ntoskrnl.exe!CcScheduleReadAhead+0x710
ntoskrnl.exe!RtlEnumerateEntryHashTable+0x311
ntdll.dll!NtOpenKeyEx+0xa
kernel32.dll!LocalAlloc+0x222
kernel32.dll!RegOpenKeyExW+0x153
kernel32.dll!RegOpenKeyExW+0x1d
ADVAPI32.dll!RegOpenKeyExW+0x13
I've tried a Google, but couldn't find anything conclusive. Curious if anyone may know what's up off the top of their head.
Thanks!