single process mostly running at 50% cpu

[Woomera]

nmctxth.exe hugs 50% of cpu most of the times and i cant understand why. i tried disabling my AV (avast free) but no change.i know the process is part of Network Magic package which installed when i installed Linksys Easylink Advisor.

how can i trace the root to this issue and fix it?

[gosh]

I dont understand. Youve narrowed down the problem - a process using 50% cpu, and youve found out what this program is from - its part of your linksys software. The solution would be to look for updated linksys software or uninstall the linksys software.

[Woomera]

the issue is that i didnt find anything in google about anyone else with this issue. so its more likely that one of the other process's is causing the issue which is what im trying to find out. plus deleting the software is not a solution since i guess some settings on the router can only be forced via the software.

and the software is up-to-date and so is the router firmware since i thought it could be the source.

[cluberti]

If you have a multi-core (or even a hyper-threaded) system, 50% CPU is really technically 100% of one core, meaning some thread in the process has gone into some sort of tight loop and is likely stuck. It's hard to say given that it's a Network Magic process (and not something we'd have symbols for, like Microsoft products or Firefox), but getting a hang dump of the process while it's chewing up your CPU time is probably the best way to look into it.

[Woomera]

yes i have a core 2 duo, the dump file:

http://rapidshare.com/files/378772701/Hang_Mode__Date_04-22-2010__Time_14-49-57PM.7z

Edited April 22, 2010 by Woomera

[cluberti]

It looks like the app has gone into some sort of loop trying to create a file or WMI object that already exists, and isn't handling the error:

0:006:x86> kb
ChildEBP RetAddr  Args to Child              
02d3e6a0 76eab616 02d3e73c 80100080 02d3e6e0 ntdll_77990000!NtCreateFile+0x12
02d3e744 76ea519c 00000060 80100080 00000000 KERNELBASE!CreateFileW+0x35e
02d3e7a0 771bab6f 006fe1d8 00705af8 00000000 KERNELBASE!GetTempFileNameW+0x1ef
02d3e7e0 03480ee4 02d3e7f8 034c7b34 00000000 kernel32!GetTempFileNameA+0x9e
WARNING: Stack unwind information not available. Following frames may be wrong.
02d3ea10 0349c3d5 02d3eaf0 a8bf00b2 02d3ea3c FWManager!GetSdkVersion+0x2f276
02d3ec30 0349c836 034bb4a8 00000faa 03908aa8 FWManager!GetSdkVersion+0x4a767
02d3f05c 0345af33 034bb4a8 00000faa 03908aa8 FWManager!GetSdkVersion+0x4abc8
02d3f0c8 0345b6fa a8bf1c72 00000003 03908a88 FWManager!GetSdkVersion+0x92c5
02d3f0f0 03456ab2 000000e4 03457016 a8bf1de6 FWManager!GetSdkVersion+0x9a8c
02d3f164 0345327e 02d3f2f4 a8bf1d6a 77191202 FWManager!GetSdkVersion+0x4e44
02d3f208 73bc59be 0381d1f0 0000002f 02d3f348 FWManager!GetSdkVersion+0x1610
02d3f294 03810000 00000000 73cb38da 7048c175 msvcp90!std::_Traits_helper::copy_s<std::char_traits<char> >+0x1a [f:\dd\vctools\crt_bld\self_x86\crt\src\iosfwd @ 706]
02d3f2f8 03850fb5 038268fe 77db4d3a 00000020 0x3810000
02d3f2fc 038268fe 77db4d3a 00000020 0000002f CFireWallCOM!DllUnregisterServer+0x2c65f
02d3f314 03824991 77db4d12 03817f2c 00000011 CFireWallCOM!DllUnregisterServer+0x1fa8
02d3f330 038231e0 03817f18 00000000 0000004f CFireWallCOM!DllUnregisterServer+0x3b
02d3f368 0382578d 77db4dca 686123a0 02d3f418 CFireWallCOM!DllCanUnloadNow+0x16da
02d3f37c 76cd43cd 00000040 00000015 00000040 CFireWallCOM!DllUnregisterServer+0xe37
02d3f394 76cd4628 006f2184 685eecd8 00000040 oleaut32!CbSysStringSize+0x48
02d3f3b4 76cd4677 685eecd8 00655c68 02d3f424 oleaut32!SysAllocStringLen+0x5a


0:006:x86> r
eax=c0000035 ebx=00000000 ecx=00000000 edx=00000000 esi=779b0054 edi=00000000
eip=779b0066 esp=02d3e6a0 ebp=02d3e744 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
ntdll_77990000!NtCreateFile+0x12:
779b0066 83c404          add     esp,4

0:006:x86> !error c0000035
Error code: (NTSTATUS) 0xc0000035 (3221225525) - Object Name already exists.

0:006:x86> dc 006fe1d8 006fe1d8 +255
006fe1d8  003a0043 0055005c 00650073 00730072  C.:.\.U.s.e.r.s.
006fe1e8  0041005c 004d0044 004e0049 007e0049  \.A.D.M.I.N.I.~.
006fe1f8  005c0031 00700041 00440070 00740061  1.\.A.p.p.D.a.t.
006fe208  005c0061 006f004c 00610063 005c006c  a.\.L.o.c.a.l.\.
006fe218  00650054 0070006d 0000005c 005a005a  T.e.m.p.\...Z.Z.
006fe228  1171efd4 80000000 005300f4 00720074  ..q.......S.t.r.
006fe238  006e0069 00460067 006c0069 00490065  i.n.g.F.i.l.e.I.
006fe248  0066006e 005c006f 00340030 00390030  n.f.o.\.0.4.0.9.
006fe258  00340030 00300042 0046005c 006c0069  0.4.B.0.\.F.i.l.
006fe268  00560065 00720065 00690073 006e006f  e.V.e.r.s.i.o.n.
006fe278  00000000 0000006c 1171efc1 88000000  ....l.....q.....
006fe288  003a0043 0057005c 006e0069 006f0064  C.:.\.W.i.n.d.o.
006fe298  00730077 0073005c 00730079 00650074  w.s.\.s.y.s.t.e.
006fe2a8  0033006d 005c0032 00620077 006d0065  m.3.2.\.w.b.e.m.
006fe2b8  0066005c 00730061 00700074 006f0072  \.f.a.s.t.p.r.o.
006fe2c8  002e0078 006c0064 0000006c 0000006c  x...d.l.l...l...
006fe2d8  1171efca 80000000 000000ff 00000000  ..q.............
006fe2e8  00000000 00000000 1171efcf 80000000  ..........q.....
006fe2f8  000000fc 00000000 00000000 00000000  ................
006fe308  00000000 00000000 00000000 00000000  ................
006fe318  1171eff2 80000000 00000101 00000000  ..q.............
006fe328  00000000 00000000 1171eff7 80000000  ..........q.....
006fe338  0000010a 00000000 1171eff9 80000000  ..........q.....
006fe348  00000106 00000000 00000000 00000000  ................
006fe358  00000000 00000000 00000000 00000000  ................
006fe368  1171effc 80000000 0000010b 00000000  ..q.............
006fe378  00000000 00000000 00000000 00000000  ................
006fe388  1171efe0 80000000 11710115 80000000  ..q.......q.....
006fe398  00000110 00000000 00000000 00000000  ................
006fe3a8  00000000 00000000 00000000 00000000  ................
006fe3b8  1171efe6 80000000 00000115 00000000  ..q.............
006fe3c8  00000000 00000000 00000000 00000000  ................
006fe3d8  00000000 00000000 1171efed 80000000  ..........q.....
006fe3e8  00000120 00000000 00000000 00000000   ...............
006fe3f8  00000000 00000000 00000000 00000000  ................
006fe408  1171ef10 80000000 0000011f 00000000  ..q.............
006fe418  00000000 00000000 00000000 00000000  ................
006fe428  00000000 00000000                    ........


0:006:x86> dc 02d3e6e0 
02d3e6e0  00000018 00000000 02d3e71c 00000040  ............@...
02d3e6f0  00000000 02d3e708 00000000 00000000  ................
02d3e700  00000000 00000000 0000000c 00000002  ................
02d3e710  00700101 38185478 01ca767f 021a0068  ..p.xT.8.v..h...
02d3e720  00707c60 00000020 00000002 02d3e748  `|p. .......H...
02d3e730  00000000 00707c60 00000000 00620060  ....`|p.....`.b.
02d3e740  00000002 02d3e7a0 76ea519c 00000060  .........Q.v`...
02d3e750  80100080 00000000 00000000 00000001  ................

0:006:x86> !handle 18 7
Handle 0000000000000018
  Type         	Key
  Attributes   	0
  GrantedAccess	0x20019:
         ReadControl
         QueryValue,EnumSubKey,Notify
  HandleCount  	2
  PointerCount 	3
  Name         	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions


0:006:x86> dc 034c7b34 
034c7b34  5753504f 00005441 00005c2f 00005c2f  OPSWAT../\../\..
034c7b44  54535953 435c4d45 65727275 6f43746e  SYSTEM\CurrentCo
034c7b54  6f72746e 7465536c 7265535c 65636976  ntrolSet\Service
034c7b64  00005c73 5c3f3f5c 00000000 74737953  s\..\??\....Syst
034c7b74  32336d65 0000005c 54535953 32334d45  em32\...SYSTEM32
034c7b84  0000005c 74737973 32336d65 0000005c  \...system32\...
034c7b94  0000005c 7379535c 526d6574 5c746f6f  \...\SystemRoot\
034c7ba4  00000000 6578652e 00000000 4558452e  .....exe.....EXE


0:006:x86> lmvm FWManager
start             end                 module name
03450000 03502000   FWManager C (export symbols)       FWManager.dll
    Loaded symbol image file: FWManager.dll
    Image path: C:\PROGRAM FILES (X86)\COMMON FILES\PURE NETWORKS SHARED\Platform\FWManager.dll
    Image name: FWManager.dll
    Timestamp:        Tue Dec 02 19:08:19 2008 (4935CDF3)
    CheckSum:         00000000
    ImageSize:        000B2000
    File version:     2.5.14.1
    Product version:  2.5.14.1
    File flags:       0 (Mask 17)
    File OS:          4 Unknown Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      OPSWAT, Inc.
    InternalName:     FWManager
    OriginalFilename: FWManager.dll
    ProductVersion:   2, 5, 14, 1
    FileVersion:      2, 5, 14, 1
    LegalCopyright:   Copyright (C) 2004


0:006:x86> lmvm CFireWallCOM
start             end                 module name
03820000 03873000   CFireWallCOM C (export symbols)       CFireWallCOM.dll
    Loaded symbol image file: CFireWallCOM.dll
    Image path: C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
    Image name: CFireWallCOM.dll
    Timestamp:        Tue Dec 02 19:08:45 2008 (4935CE0D)
    CheckSum:         00000000
    ImageSize:        00053000
    File version:     2.5.14.1
    Product version:  2.5.14.1
    File flags:       0 (Mask 3F)
    File OS:          4 Unknown Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    ProductName:      CFireWallCOM Module
    InternalName:     CFireWallCOM
    OriginalFilename: CFireWallCOM.DLL
    ProductVersion:   2, 5, 14, 1
    FileVersion:      2, 5, 14, 1
    FileDescription:  CFireWallCOM Module
    LegalCopyright:   Copyright 2004

Given that both of these files pre-date Windows 7 by some time, I'm wondering if they're really Windows 7 compatible. It might be worth taking this data to the vendor (I guess in this case, Cisco) and seeing if they can make any more of this. I don't have time to disassemble and figure out what they're doing, honestly, and Cisco/Linksys should have symbols to do this anyway.

[Woomera]

thanks alot cluberti for looking into this. ill contact them via email and see what more info i can get.