Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: System Idle Process CPU won't go down  (Read 16872 times)

0 Members and 1 Guest are viewing this topic.

F4llschirmjager

    Topic Starter


    Rookie

  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows XP
System Idle Process CPU won't go down
« on: October 26, 2011, 07:20:47 AM »
Okay, So I am quite stuck with this issue. I know that the System Idle Process is used when there's nothing to do and it will always be 99 around that. But the problem is that when I run a busy program or games which normally would instantly replace the CPU usage from System Idle Process. It doesn't now or it does only 50%, which makes my games lag and barely unplayable.

My computer spec isn't that stone and I think spec isn't the problem because the game I always run are just Warcraft III, Starcraft, Civilization etc..

I'm using WINXP SP3 with Intel Core 2 Duo 2.80 Ghz / 4 GB of RAM / Nvidia GeForce 9800GT

I have tried scanning with Malwarebytes(the first time I ever used antivirus since I formatted it) and it detected 9 infected files, mostly are the keygen and stuff, so I removed them and restarted, hoping my comp will be back just like normal but still bad luck. :/

Could it be my hardware problem ? Graphic card ? Fans ? getting old and dusty ?
or could it be any malware or virus ?

It just happened today for no reason. I am now can't get a decent Warcraft III game going because all the CPU goes to System Idle Process instead of the game. I'm currently so desperate right now and my school break is almost over. Any helps would be apreciated. Thx D:

If nothing could solve this then I think I will have to try my last trick, formatting my C: once again. D: D:

Edited. I have checked inside my case if all the fans are working properly and all the fans seem to work just fine
I used to face with this virus called KZipShell.dll, I got it from Chinese Online game called Dragonnest. The software was fake to be something similiar to WinRAR called KZip but the actual threat files is KZipShell.dll. It disabled my right clicking and deleting option until I can removed it manually by someway but I cannot remove the .dll file. I'm not sure if this got something to do with this issue because after I left the .dll  there everything works just fine ( it was about 2 months ago btw) until now.
« Last Edit: October 26, 2011, 07:40:36 AM by F4llschirmjager »

Dr Jay

  • Malware Removal Specialist


  • Specialist
  • Moderator emeritus
  • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: System Idle Process CPU won't go down
« Reply #1 on: October 26, 2011, 07:21:42 AM »
Hello.

Would you post the MBAM log please?

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results. Post only the contents of both logs. There is no way to attach.
  • Close the program window, and delete the program from your Desktop.
~Dr Jay

F4llschirmjager

    Topic Starter


    Rookie

  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows XP
Re: System Idle Process CPU won't go down
« Reply #2 on: October 26, 2011, 07:33:44 AM »
MBAM Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8021

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/26/2011 5:47:37 PM
mbam-log-2011-10-26 (17-47-37).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 373381
Time elapsed: 1 hour(s), 12 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Nookia\my documents\cdkeybuddy v1.04\cdkeybuddy.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
d:\downloads\guitar pro 6.0.8 r9626 multilingual\Keymaker\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\downloads\CS5\adobe photoshop cs5 extended\adobe cs5 all products keygens + individual product keygen\adobe creative suite 5 master collection keymaker\adobe_keygen_mc_cs5.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\downloads\CS5\adobe photoshop cs5 extended\adobe cs5 all products keygens + individual product keygen\adobe dreamweaver cs5 v11.0.4909 keygen\adobe_dw_cs5_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\downloads\CS5\adobe photoshop cs5 extended\adobe cs5 all products keygens + individual product keygen\adobe flash professional cs5 v11.0.0.485 keygen\adobe_fp_cs5_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\downloads\CS5\adobe photoshop cs5 extended\adobe cs5 all products keygens + individual product keygen\adobe illustrator cs5 v15.0 keygen\adobe_il_cs5_keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\downloads\CS5\adobe photoshop cs5 extended\adobe cs5 all products keygens + individual product keygen\adobe indesign cs5 premium v7.0 keygen\adobe_idp_cs5_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\downloads\CS5\adobe photoshop cs5 extended\adobe cs5 all products keygens + individual product keygen\adobe photoshop cs5 extended v12.0 keygen\adobe_ps_cs5_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\downloads\CS5\adobe photoshop cs5 extended\adobe cs5 all products keygens + individual product keygen\core adobe master collection cs5\adobe_keygen_mc_cs5.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\Games\rhythm zone\uninstall.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
d:\system volume information\_restore{65cd1720-a71e-43e1-a698-25902bb3649f}\RP11\A0014272.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

F4llschirmjager

    Topic Starter


    Rookie

  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows XP
Re: System Idle Process CPU won't go down
« Reply #3 on: October 26, 2011, 07:34:33 AM »
DDS Log [Both]

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_27
Run by Nookia at 20:34:10 on 2011-10-26
Microsoft Windows XP Professional  5.1.2600.3.874.66.1033.18.3327.2663 [GMT 7:00]
.
.
============== Running Processes ===============
.
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\RUNDLL32.EXE
C:\WINXP\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
svchost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\SddSUpdate\SddSUpdate.exe
C:\WINXP\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINXP\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.th/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\nookia\application data\flashgetbho\FlashGetBHO3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\winxp\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winxp\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup
mRun: [IMJPMIG8.1] "c:\winxp\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\winxp\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\winxp\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\winxp\system32\NeroCheck.exe
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\winxp\system32\CTFMON.EXE
IE: Download all by FlashGet3 - c:\documents and settings\nookia\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\nookia\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: com.cn\*.cga
Trusted Zone: kuaiche.com\software
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{74B61D8C-FD92-4099-9703-D4AD44B5EB4C} : NameServer = 192.168.1.2,192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nookia\application data\mozilla\firefox\profiles\msprhzcg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.th/
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;c:\winxp\system32\drivers\mv61xx.sys [2011-3-2 159024]
R0 mv61xxmm;mv61xxmm;c:\winxp\system32\drivers\mv61xxmm.sys [2011-3-2 13616]
R0 mv64xxmm;mv64xxmm;c:\winxp\system32\drivers\mv64xxmm.sys [2011-3-2 5632]
R0 mvxxmm;mvxxmm;c:\winxp\system32\drivers\mvxxmm.sys [2011-3-2 13616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [2011-5-16 218688]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-26 366152]
R2 SddSUpdate;SddSUpdate;c:\program files\sddsupdate\SddSUpdate.exe [2011-9-27 466440]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2011-10-26 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-30 136176]
S3 1394hub;1394 Enabled Hub;c:\winxp\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Ambfilt;Ambfilt;c:\winxp\system32\drivers\Ambfilt.sys [2011-5-16 1684736]
S3 dump_wmimmc;dump_wmimmc;\??\d:\games\ea sports\fifa online 2\gameguard\dump_wmimmc.sys --> d:\games\ea sports\fifa online 2\gameguard\dump_wmimmc.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\winxp\system32\drivers\eaglexnt.sys --> c:\winxp\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena classic\safedrv.sys --> c:\program files\garena classic\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-30 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\winxp\system32\drivers\mbamswissarmy.sys --> c:\winxp\system32\drivers\mbamswissarmy.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\winxp\system32\gamemon.des -service --> c:\winxp\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva385;XDva385;\??\c:\winxp\system32\xdva385.sys --> c:\winxp\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\winxp\system32\xdva387.sys --> c:\winxp\system32\XDva387.sys [?]
.
=============== Created Last 30 ================
.
2011-10-26 11:35:40   --------   d-----w-   c:\winxp\pss
2011-10-26 09:33:00   --------   d-----w-   c:\documents and settings\nookia\application data\Malwarebytes
2011-10-26 09:32:54   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-10-26 09:32:51   22216   ----a-w-   c:\winxp\system32\drivers\mbam.sys
2011-10-26 09:32:51   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-10-25 12:30:45   --------   d-----w-   C:\Log
2011-10-25 10:19:29   --------   d-----w-   c:\winxp\EA Sports FIFA Online 2
2011-10-25 10:19:29   --------   d-----w-   C:\Joy2Key
2011-10-24 11:10:25   --------   d-----w-   c:\program files\KONAMI
2011-10-18 02:29:14   39424   ----a-w-   c:\winxp\LZService.exe
2011-10-18 02:28:45   132880   ----a-w-   c:\winxp\system32\MSINET.OCX
2011-10-16 17:06:49   74072   ----a-w-   c:\winxp\system32\XAPOFX1_5.dll
2011-10-16 17:06:49   527192   ----a-w-   c:\winxp\system32\XAudio2_7.dll
2011-10-16 17:06:49   239960   ----a-w-   c:\winxp\system32\xactengine3_7.dll
2011-10-16 17:06:49   2106216   ----a-w-   c:\winxp\system32\D3DCompiler_43.dll
2011-10-16 17:06:48   470880   ----a-w-   c:\winxp\system32\d3dx10_43.dll
2011-10-16 17:06:48   248672   ----a-w-   c:\winxp\system32\d3dx11_43.dll
2011-10-16 17:06:48   1868128   ----a-w-   c:\winxp\system32\d3dcsx_43.dll
2011-10-16 17:06:47   1998168   ----a-w-   c:\winxp\system32\D3DX9_43.dll
2011-10-16 16:40:09   --------   d-----w-   c:\documents and settings\nookia\application data\NVIDIA
2011-10-11 15:47:15   74072   ----a-w-   c:\winxp\system32\XAPOFX1_4.dll
2011-10-11 15:47:15   528216   ----a-w-   c:\winxp\system32\XAudio2_6.dll
2011-10-11 15:47:15   238936   ----a-w-   c:\winxp\system32\xactengine3_6.dll
2011-10-11 15:47:14   22360   ----a-w-   c:\winxp\system32\X3DAudio1_7.dll
2011-10-10 04:09:40   4550304   ----a-w-   c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-10-07 05:33:50   --------   d-----w-   c:\program files\HHD Software
2011-10-06 03:54:14   --------   d-----w-   c:\documents and settings\nookia\application data\fretsonfire
2011-10-06 03:53:56   --------   d-----w-   c:\program files\Frets on Fire
2011-10-04 03:14:25   --------   d-----w-   c:\program files\Activision
2011-10-04 02:58:01   --------   d-----w-   c:\documents and settings\nookia\local settings\application data\Activision
2011-10-04 02:41:11   --------   d-sh--w-   c:\winxp\ftpcache
2011-10-02 08:56:03   --------   d-----w-   c:\documents and settings\all users\application data\NexonUS
2011-10-02 04:17:27   --------   d-----w-   c:\program files\Acoustica Shared Effects
2011-10-02 04:08:09   --------   d-----w-   c:\documents and settings\all users\application data\Acoustica
2011-10-02 04:07:33   --------   d-----w-   c:\program files\Acoustica Mixcraft 5
2011-10-01 15:51:06   --------   d-----w-   c:\program files\ASIO4ALL v2
2011-10-01 15:50:50   225280   ----a-w-   c:\winxp\system32\rewire.dll
2011-10-01 15:50:50   --------   d-----w-   c:\program files\VstPlugins
2011-10-01 15:50:43   1554944   ----a-w-   c:\winxp\system32\vorbis.acm
2011-10-01 15:50:39   --------   d-----w-   c:\program files\Outsim
2011-10-01 15:47:09   --------   d-----w-   c:\program files\Image-Line
2011-10-01 15:47:04   1700352   ----a-w-   c:\winxp\system32\gdiplus.dll
2011-10-01 15:44:42   --------   d-----w-   c:\program files\FL Studio
2011-09-30 13:34:35   --------   d-----w-   c:\documents and settings\all users\application data\Electronic Arts
2011-09-30 13:34:35   --------   d-----w-   c:\documents and settings\all users\application data\EA Core
2011-09-30 13:32:51   447752   ----a-r-   c:\winxp\system32\vp6vfw.dll
2011-09-30 13:32:50   --------   d-----w-   c:\program files\Microsoft WSE
2011-09-29 10:46:57   --------   d-----w-   c:\documents and settings\nookia\local settings\application data\Firaxis Games
2011-09-29 09:39:02   --------   d-----w-   c:\winxp\system32\XPSViewer
2011-09-29 01:58:32   89088   ----a-w-   c:\winxp\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-29 01:58:10   89088   -c----w-   c:\winxp\system32\dllcache\filterpipelineprintproc.dll
2011-09-29 01:58:10   117760   ------w-   c:\winxp\system32\prntvpt.dll
2011-09-29 01:58:09   597504   -c----w-   c:\winxp\system32\dllcache\printfilterpipelinesvc.exe
2011-09-29 01:58:09   597504   ------w-   c:\winxp\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-09-29 01:58:09   575488   -c----w-   c:\winxp\system32\dllcache\xpsshhdr.dll
2011-09-29 01:58:09   575488   ------w-   c:\winxp\system32\xpsshhdr.dll
2011-09-29 01:58:09   1676288   -c----w-   c:\winxp\system32\dllcache\xpssvcs.dll
2011-09-29 01:58:09   1676288   ------w-   c:\winxp\system32\xpssvcs.dll
2011-09-29 01:58:09   --------   d-----w-   C:\3f9d14be43711397db9ffd31043f28bc
2011-09-29 01:54:54   --------   d-----w-   C:\cc6b51d250c0cea3656f1fb210
2011-09-29 01:54:37   --------   d-----w-   C:\02798d8739b357d4a4b0e2
2011-09-28 17:31:03   --------   d-----w-   C:\7beff02027e3d28540fca470
2011-09-26 16:11:53   --------   d-----w-   c:\program files\common files\Steam
.
==================== Find3M  ====================
.
2011-10-23 02:12:11   414368   ----a-w-   c:\winxp\system32\FlashPlayerCPLApp.cpl
2011-10-16 18:20:04   444952   ----a-w-   c:\winxp\system32\wrap_oal.dll
2011-10-16 18:20:04   109080   ----a-w-   c:\winxp\system32\OpenAL32.dll
2011-09-10 02:42:04   73728   ----a-w-   c:\winxp\system32\javacpl.cpl
2011-09-10 02:42:03   472808   ----a-w-   c:\winxp\system32\deployJava1.dll
.
============= FINISH: 20:34:17.51 ===============

F4llschirmjager

    Topic Starter


    Rookie

  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows XP
Re: System Idle Process CPU won't go down
« Reply #4 on: October 26, 2011, 07:35:19 AM »
DDS Log [Both]

Attach

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_27
Run by Nookia at 20:34:10 on 2011-10-26
Microsoft Windows XP Professional  5.1.2600.3.874.66.1033.18.3327.2663 [GMT 7:00]
.
.
============== Running Processes ===============
.
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\RUNDLL32.EXE
C:\WINXP\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
svchost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\SddSUpdate\SddSUpdate.exe
C:\WINXP\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINXP\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.th/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\nookia\application data\flashgetbho\FlashGetBHO3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\winxp\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winxp\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup
mRun: [IMJPMIG8.1] "c:\winxp\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\winxp\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\winxp\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\winxp\system32\NeroCheck.exe
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\winxp\system32\CTFMON.EXE
IE: Download all by FlashGet3 - c:\documents and settings\nookia\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\nookia\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: com.cn\*.cga
Trusted Zone: kuaiche.com\software
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{74B61D8C-FD92-4099-9703-D4AD44B5EB4C} : NameServer = 192.168.1.2,192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nookia\application data\mozilla\firefox\profiles\msprhzcg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.th/
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;c:\winxp\system32\drivers\mv61xx.sys [2011-3-2 159024]
R0 mv61xxmm;mv61xxmm;c:\winxp\system32\drivers\mv61xxmm.sys [2011-3-2 13616]
R0 mv64xxmm;mv64xxmm;c:\winxp\system32\drivers\mv64xxmm.sys [2011-3-2 5632]
R0 mvxxmm;mvxxmm;c:\winxp\system32\drivers\mvxxmm.sys [2011-3-2 13616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [2011-5-16 218688]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-26 366152]
R2 SddSUpdate;SddSUpdate;c:\program files\sddsupdate\SddSUpdate.exe [2011-9-27 466440]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2011-10-26 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-30 136176]
S3 1394hub;1394 Enabled Hub;c:\winxp\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Ambfilt;Ambfilt;c:\winxp\system32\drivers\Ambfilt.sys [2011-5-16 1684736]
S3 dump_wmimmc;dump_wmimmc;\??\d:\games\ea sports\fifa online 2\gameguard\dump_wmimmc.sys --> d:\games\ea sports\fifa online 2\gameguard\dump_wmimmc.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\winxp\system32\drivers\eaglexnt.sys --> c:\winxp\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena classic\safedrv.sys --> c:\program files\garena classic\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-30 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\winxp\system32\drivers\mbamswissarmy.sys --> c:\winxp\system32\drivers\mbamswissarmy.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\winxp\system32\gamemon.des -service --> c:\winxp\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva385;XDva385;\??\c:\winxp\system32\xdva385.sys --> c:\winxp\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\winxp\system32\xdva387.sys --> c:\winxp\system32\XDva387.sys [?]
.
=============== Created Last 30 ================
.
2011-10-26 11:35:40   --------   d-----w-   c:\winxp\pss
2011-10-26 09:33:00   --------   d-----w-   c:\documents and settings\nookia\application data\Malwarebytes
2011-10-26 09:32:54   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-10-26 09:32:51   22216   ----a-w-   c:\winxp\system32\drivers\mbam.sys
2011-10-26 09:32:51   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-10-25 12:30:45   --------   d-----w-   C:\Log
2011-10-25 10:19:29   --------   d-----w-   c:\winxp\EA Sports FIFA Online 2
2011-10-25 10:19:29   --------   d-----w-   C:\Joy2Key
2011-10-24 11:10:25   --------   d-----w-   c:\program files\KONAMI
2011-10-18 02:29:14   39424   ----a-w-   c:\winxp\LZService.exe
2011-10-18 02:28:45   132880   ----a-w-   c:\winxp\system32\MSINET.OCX
2011-10-16 17:06:49   74072   ----a-w-   c:\winxp\system32\XAPOFX1_5.dll
2011-10-16 17:06:49   527192   ----a-w-   c:\winxp\system32\XAudio2_7.dll
2011-10-16 17:06:49   239960   ----a-w-   c:\winxp\system32\xactengine3_7.dll
2011-10-16 17:06:49   2106216   ----a-w-   c:\winxp\system32\D3DCompiler_43.dll
2011-10-16 17:06:48   470880   ----a-w-   c:\winxp\system32\d3dx10_43.dll
2011-10-16 17:06:48   248672   ----a-w-   c:\winxp\system32\d3dx11_43.dll
2011-10-16 17:06:48   1868128   ----a-w-   c:\winxp\system32\d3dcsx_43.dll
2011-10-16 17:06:47   1998168   ----a-w-   c:\winxp\system32\D3DX9_43.dll
2011-10-16 16:40:09   --------   d-----w-   c:\documents and settings\nookia\application data\NVIDIA
2011-10-11 15:47:15   74072   ----a-w-   c:\winxp\system32\XAPOFX1_4.dll
2011-10-11 15:47:15   528216   ----a-w-   c:\winxp\system32\XAudio2_6.dll
2011-10-11 15:47:15   238936   ----a-w-   c:\winxp\system32\xactengine3_6.dll
2011-10-11 15:47:14   22360   ----a-w-   c:\winxp\system32\X3DAudio1_7.dll
2011-10-10 04:09:40   4550304   ----a-w-   c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-10-07 05:33:50   --------   d-----w-   c:\program files\HHD Software
2011-10-06 03:54:14   --------   d-----w-   c:\documents and settings\nookia\application data\fretsonfire
2011-10-06 03:53:56   --------   d-----w-   c:\program files\Frets on Fire
2011-10-04 03:14:25   --------   d-----w-   c:\program files\Activision
2011-10-04 02:58:01   --------   d-----w-   c:\documents and settings\nookia\local settings\application data\Activision
2011-10-04 02:41:11   --------   d-sh--w-   c:\winxp\ftpcache
2011-10-02 08:56:03   --------   d-----w-   c:\documents and settings\all users\application data\NexonUS
2011-10-02 04:17:27   --------   d-----w-   c:\program files\Acoustica Shared Effects
2011-10-02 04:08:09   --------   d-----w-   c:\documents and settings\all users\application data\Acoustica
2011-10-02 04:07:33   --------   d-----w-   c:\program files\Acoustica Mixcraft 5
2011-10-01 15:51:06   --------   d-----w-   c:\program files\ASIO4ALL v2
2011-10-01 15:50:50   225280   ----a-w-   c:\winxp\system32\rewire.dll
2011-10-01 15:50:50   --------   d-----w-   c:\program files\VstPlugins
2011-10-01 15:50:43   1554944   ----a-w-   c:\winxp\system32\vorbis.acm
2011-10-01 15:50:39   --------   d-----w-   c:\program files\Outsim
2011-10-01 15:47:09   --------   d-----w-   c:\program files\Image-Line
2011-10-01 15:47:04   1700352   ----a-w-   c:\winxp\system32\gdiplus.dll
2011-10-01 15:44:42   --------   d-----w-   c:\program files\FL Studio
2011-09-30 13:34:35   --------   d-----w-   c:\documents and settings\all users\application data\Electronic Arts
2011-09-30 13:34:35   --------   d-----w-   c:\documents and settings\all users\application data\EA Core
2011-09-30 13:32:51   447752   ----a-r-   c:\winxp\system32\vp6vfw.dll
2011-09-30 13:32:50   --------   d-----w-   c:\program files\Microsoft WSE
2011-09-29 10:46:57   --------   d-----w-   c:\documents and settings\nookia\local settings\application data\Firaxis Games
2011-09-29 09:39:02   --------   d-----w-   c:\winxp\system32\XPSViewer
2011-09-29 01:58:32   89088   ----a-w-   c:\winxp\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-29 01:58:10   89088   -c----w-   c:\winxp\system32\dllcache\filterpipelineprintproc.dll
2011-09-29 01:58:10   117760   ------w-   c:\winxp\system32\prntvpt.dll
2011-09-29 01:58:09   597504   -c----w-   c:\winxp\system32\dllcache\printfilterpipelinesvc.exe
2011-09-29 01:58:09   597504   ------w-   c:\winxp\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-09-29 01:58:09   575488   -c----w-   c:\winxp\system32\dllcache\xpsshhdr.dll
2011-09-29 01:58:09   575488   ------w-   c:\winxp\system32\xpsshhdr.dll
2011-09-29 01:58:09   1676288   -c----w-   c:\winxp\system32\dllcache\xpssvcs.dll
2011-09-29 01:58:09   1676288   ------w-   c:\winxp\system32\xpssvcs.dll
2011-09-29 01:58:09   --------   d-----w-   C:\3f9d14be43711397db9ffd31043f28bc
2011-09-29 01:54:54   --------   d-----w-   C:\cc6b51d250c0cea3656f1fb210
2011-09-29 01:54:37   --------   d-----w-   C:\02798d8739b357d4a4b0e2
2011-09-28 17:31:03   --------   d-----w-   C:\7beff02027e3d28540fca470
2011-09-26 16:11:53   --------   d-----w-   c:\program files\common files\Steam
.
==================== Find3M  ====================
.
2011-10-23 02:12:11   414368   ----a-w-   c:\winxp\system32\FlashPlayerCPLApp.cpl
2011-10-16 18:20:04   444952   ----a-w-   c:\winxp\system32\wrap_oal.dll
2011-10-16 18:20:04   109080   ----a-w-   c:\winxp\system32\OpenAL32.dll
2011-09-10 02:42:04   73728   ----a-w-   c:\winxp\system32\javacpl.cpl
2011-09-10 02:42:03   472808   ----a-w-   c:\winxp\system32\deployJava1.dll
.
============= FINISH: 20:34:17.51 ===============

Dr Jay

  • Malware Removal Specialist


  • Specialist
  • Moderator emeritus
  • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: System Idle Process CPU won't go down
« Reply #5 on: October 26, 2011, 09:37:41 AM »
Your computer has keygens, which are a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.


Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.
~Dr Jay

F4llschirmjager

    Topic Starter


    Rookie

  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows XP
Re: System Idle Process CPU won't go down
« Reply #6 on: October 26, 2011, 10:19:30 AM »
Your computer has keygens, which are a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.


Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.
Thank You for your effort in replying my issue. I can see now that the cracks and keygen could have malware hidden in them. I will try not to pirate anymore software from now. But I still don't know how does that involves with the System Idle Process eating all the CPU ? Have you ever experienced these kinds of issue before ? I mean issue about the System Idle Process things because I mostly see it goes with svchost.exe instead.

And here are the combofix log

ComboFix 11-10-26.03 - Nookia 10/26/2011  23:07:22.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.874.66.1033.18.3327.2604 [GMT 7:00]
Running from: c:\documents and settings\Nookia\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-26 to 2011-10-26  )))))))))))))))))))))))))))))))
.
.
2011-10-26 14:01 . 2011-10-26 14:01   --------   d-----w-   c:\program files\Defraggler
2011-10-26 09:33 . 2011-10-26 09:33   --------   d-----w-   c:\documents and settings\Nookia\Application Data\Malwarebytes
2011-10-26 09:32 . 2011-10-26 09:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-26 09:32 . 2011-10-26 09:32   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-10-26 09:32 . 2011-08-31 10:00   22216   ----a-w-   c:\winxp\system32\drivers\mbam.sys
2011-10-26 09:09 . 2011-10-26 09:09   --------   d-----w-   c:\documents and settings\Guest\Local Settings\Application Data\Activision
2011-10-26 08:59 . 2011-10-26 08:59   --------   d-----w-   c:\documents and settings\Guest\Local Settings\Application Data\SKIDROW
2011-10-26 08:57 . 2011-10-26 08:57   --------   d-----w-   c:\documents and settings\Guest\Local Settings\Application Data\My Games
2011-10-25 12:30 . 2011-10-25 12:30   --------   d-----w-   C:\Log
2011-10-25 10:19 . 2011-10-25 10:19   --------   d-----w-   c:\winxp\EA Sports FIFA Online 2
2011-10-25 10:19 . 2011-10-25 10:19   --------   d-----w-   C:\Joy2Key
2011-10-24 11:10 . 2011-10-25 08:18   --------   d-----w-   c:\program files\KONAMI
2011-10-18 02:29 . 2011-10-18 02:29   39424   ----a-w-   c:\winxp\LZService.exe
2011-10-18 02:28 . 2009-10-05 19:47   132880   ----a-w-   c:\winxp\system32\MSINET.OCX
2011-10-16 17:06 . 2010-06-01 21:55   74072   ----a-w-   c:\winxp\system32\XAPOFX1_5.dll
2011-10-16 17:06 . 2010-06-01 21:55   527192   ----a-w-   c:\winxp\system32\XAudio2_7.dll
2011-10-16 17:06 . 2010-06-01 21:55   239960   ----a-w-   c:\winxp\system32\xactengine3_7.dll
2011-10-16 17:06 . 2010-05-26 04:41   2106216   ----a-w-   c:\winxp\system32\D3DCompiler_43.dll
2011-10-16 17:06 . 2010-05-26 04:41   470880   ----a-w-   c:\winxp\system32\d3dx10_43.dll
2011-10-16 17:06 . 2010-05-26 04:41   248672   ----a-w-   c:\winxp\system32\d3dx11_43.dll
2011-10-16 17:06 . 2010-05-26 04:41   1868128   ----a-w-   c:\winxp\system32\d3dcsx_43.dll
2011-10-16 17:06 . 2010-05-26 04:41   1998168   ----a-w-   c:\winxp\system32\D3DX9_43.dll
2011-10-16 16:40 . 2011-10-16 16:40   --------   d-----w-   c:\documents and settings\Nookia\Application Data\NVIDIA
2011-10-11 15:47 . 2010-02-04 03:01   74072   ----a-w-   c:\winxp\system32\XAPOFX1_4.dll
2011-10-11 15:47 . 2010-02-04 03:01   528216   ----a-w-   c:\winxp\system32\XAudio2_6.dll
2011-10-11 15:47 . 2010-02-04 03:01   238936   ----a-w-   c:\winxp\system32\xactengine3_6.dll
2011-10-11 15:47 . 2010-02-04 03:01   22360   ----a-w-   c:\winxp\system32\X3DAudio1_7.dll
2011-10-10 04:09 . 2011-10-10 04:09   4550304   ----a-w-   c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-07 05:33 . 2011-10-07 05:33   --------   d-----w-   c:\program files\HHD Software
2011-10-06 03:54 . 2011-10-06 03:56   --------   d-----w-   c:\documents and settings\Nookia\Application Data\fretsonfire
2011-10-06 03:53 . 2011-10-06 03:54   --------   d-----w-   c:\program files\Frets on Fire
2011-10-04 03:14 . 2011-10-04 03:14   --------   d-----w-   c:\program files\Activision
2011-10-04 02:58 . 2011-10-06 00:35   --------   d-----w-   c:\documents and settings\Nookia\Local Settings\Application Data\Activision
2011-10-04 02:41 . 2011-10-04 02:41   --------   d-sh--w-   c:\winxp\ftpcache
2011-10-02 08:56 . 2011-10-02 08:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\NexonUS
2011-10-02 04:17 . 2011-10-02 04:17   --------   d-----w-   c:\program files\Acoustica Shared Effects
2011-10-02 04:08 . 2011-10-02 04:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Acoustica
2011-10-02 04:07 . 2011-10-02 04:22   --------   d-----w-   c:\program files\Acoustica Mixcraft 5
2011-10-01 15:51 . 2011-10-01 15:51   --------   d-----w-   c:\program files\ASIO4ALL v2
2011-10-01 15:50 . 2011-10-01 15:50   --------   d-----w-   c:\program files\VstPlugins
2011-10-01 15:50 . 2006-06-20 08:56   225280   ----a-w-   c:\winxp\system32\rewire.dll
2011-10-01 15:50 . 2009-09-15 09:14   1554944   ----a-w-   c:\winxp\system32\vorbis.acm
2011-10-01 15:50 . 2011-10-01 15:50   --------   d-----w-   c:\program files\Outsim
2011-10-01 15:47 . 2011-10-01 15:50   --------   d-----w-   c:\program files\Image-Line
2011-10-01 15:47 . 2011-10-01 15:47   1700352   ----a-w-   c:\winxp\system32\gdiplus.dll
2011-10-01 15:44 . 2011-10-01 15:45   --------   d-----w-   c:\program files\FL Studio
2011-09-30 13:34 . 2011-09-30 13:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Electronic Arts
2011-09-30 13:34 . 2011-09-30 13:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\EA Core
2011-09-30 13:32 . 2010-11-23 00:09   447752   ----a-r-   c:\winxp\system32\vp6vfw.dll
2011-09-30 13:32 . 2011-09-30 13:32   --------   d-----w-   c:\program files\Microsoft WSE
2011-09-29 10:46 . 2011-09-29 10:46   --------   d-----w-   c:\documents and settings\Nookia\Local Settings\Application Data\Firaxis Games
2011-09-29 09:39 . 2011-09-29 09:39   --------   d-----w-   c:\winxp\system32\XPSViewer
2011-09-29 01:58 . 2011-09-29 01:58   --------   d-----w-   c:\program files\Reference Assemblies
2011-09-29 01:58 . 2008-07-06 12:06   89088   ----a-w-   c:\winxp\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-29 01:58 . 2008-07-06 12:06   89088   -c----w-   c:\winxp\system32\dllcache\filterpipelineprintproc.dll
2011-09-29 01:58 . 2008-07-06 12:06   117760   ------w-   c:\winxp\system32\prntvpt.dll
2011-09-29 01:58 . 2011-09-29 01:58   --------   d-----w-   C:\3f9d14be43711397db9ffd31043f28bc
2011-09-29 01:58 . 2008-07-06 12:06   575488   -c----w-   c:\winxp\system32\dllcache\xpsshhdr.dll
2011-09-29 01:58 . 2008-07-06 12:06   575488   ------w-   c:\winxp\system32\xpsshhdr.dll
2011-09-29 01:58 . 2008-07-06 12:06   1676288   -c----w-   c:\winxp\system32\dllcache\xpssvcs.dll
2011-09-29 01:58 . 2008-07-06 12:06   1676288   ------w-   c:\winxp\system32\xpssvcs.dll
2011-09-29 01:58 . 2008-07-06 10:50   597504   -c----w-   c:\winxp\system32\dllcache\printfilterpipelinesvc.exe
2011-09-29 01:58 . 2008-07-06 10:50   597504   ------w-   c:\winxp\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-09-29 01:54 . 2011-09-29 01:54   --------   d-----w-   C:\cc6b51d250c0cea3656f1fb210
2011-09-29 01:54 . 2011-09-29 04:17   --------   d-----w-   C:\02798d8739b357d4a4b0e2
2011-09-28 17:31 . 2011-09-28 17:53   --------   d-----w-   C:\7beff02027e3d28540fca470
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 02:12 . 2011-09-10 01:59   414368   ----a-w-   c:\winxp\system32\FlashPlayerCPLApp.cpl
2011-10-16 18:20 . 2011-06-24 13:11   444952   ----a-w-   c:\winxp\system32\wrap_oal.dll
2011-10-16 18:20 . 2011-06-24 13:11   109080   ----a-w-   c:\winxp\system32\OpenAL32.dll
2011-09-10 02:42 . 2011-09-10 02:42   73728   ----a-w-   c:\winxp\system32\javacpl.cpl
2011-09-10 02:42 . 2011-09-10 02:42   472808   ----a-w-   c:\winxp\system32\deployJava1.dll
2011-10-02 23:36 . 2011-05-16 09:54   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-09-16 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\winxp\system32\dllcache\tcpip.sys
[-] 2010-09-16 . A5BC817BB84DCB9E71719FF868144124 . 361600 . . [5.1.2600.5625] . . c:\winxp\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KzShlobj]
@="{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}"
[HKEY_CLASSES_ROOT\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}]
2011-08-31 02:21   224288   ----a-w-   c:\program files\ฟ์ัน\KZipShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe" [2009-12-22 2127408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\winxp\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2010-10-16 13851752]
"IMJPMIG8.1"="c:\winxp\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\winxp\system32\NeroCheck.exe" [2001-07-09 155648]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-09-20 801792]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Nookia\\My Documents\\Downloads\\Software\\Setup-MsgPlus-501.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"d:\\Games\\EA Sports\\FIFA Online 2\\FF2Client.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Thaicybergames
.
R0 mv61xx;mv61xx;c:\winxp\system32\drivers\mv61xx.sys [3/2/2011 3:45 PM 159024]
R0 mv61xxmm;mv61xxmm;c:\winxp\system32\drivers\mv61xxmm.sys [3/2/2011 3:45 PM 13616]
R0 mv64xxmm;mv64xxmm;c:\winxp\system32\drivers\mv64xxmm.sys [3/2/2011 3:45 PM 5632]
R0 mvxxmm;mvxxmm;c:\winxp\system32\drivers\mvxxmm.sys [3/2/2011 3:45 PM 13616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [5/16/2011 5:19 PM 218688]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/26/2011 4:32 PM 366152]
R2 SddSUpdate;SddSUpdate;c:\program files\SddSUpdate\SddSUpdate.exe [9/27/2011 9:47 AM 466440]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [10/26/2011 4:32 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2011 1:18 PM 136176]
S3 1394hub;1394 Enabled Hub;c:\winxp\system32\svchost.exe -k netsvcs [4/14/2008 5:00 PM 14336]
S3 Ambfilt;Ambfilt;c:\winxp\system32\drivers\Ambfilt.sys [5/16/2011 10:45 PM 1684736]
S3 dump_wmimmc;dump_wmimmc;\??\d:\games\EA Sports\FIFA Online 2\GameGuard\dump_wmimmc.sys --> d:\games\EA Sports\FIFA Online 2\GameGuard\dump_wmimmc.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\winxp\system32\drivers\EagleXNt.sys --> c:\winxp\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2011 1:18 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\winxp\system32\drivers\mbamswissarmy.sys --> c:\winxp\system32\drivers\mbamswissarmy.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\winxp\system32\GameMon.des -service --> c:\winxp\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva385;XDva385;\??\c:\winxp\system32\XDva385.sys --> c:\winxp\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\winxp\system32\XDva387.sys --> c:\winxp\system32\XDva387.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-01 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:57]
.
2011-10-26 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 06:18]
.
2011-10-26 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.th/
uInternet Settings,ProxyOverride = *.local
IE: Download all by FlashGet3 - c:\documents and settings\Nookia\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Nookia\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: com.cn\*.cga
Trusted Zone: kuaiche.com\software
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
TCP: Interfaces\{74B61D8C-FD92-4099-9703-D4AD44B5EB4C}: NameServer = 192.168.1.2,192.168.1.1
DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
FF - ProfilePath - c:\documents and settings\Nookia\Application Data\Mozilla\Firefox\Profiles\msprhzcg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.th/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-26 23:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\winxp\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1092)
c:\winxp\system32\WININET.dll
c:\winxp\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\ฟ์ัน\KZipShell.dll
c:\winxp\system32\ieframe.dll
c:\winxp\system32\webcheck.dll
c:\winxp\system32\WPDShServiceObj.dll
c:\winxp\system32\PortableDeviceTypes.dll
c:\winxp\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-26  23:14:49
ComboFix-quarantined-files.txt  2011-10-26 16:14
.
Pre-Run: 37,932,589,056 bytes free
Post-Run: 38,512,857,088 bytes free
.
- - End Of File - - 5ACDDA9150E00B7F4D5779A0A3F8259B


F4llschirmjager

    Topic Starter


    Rookie

  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows XP
Re: System Idle Process CPU won't go down
« Reply #7 on: October 26, 2011, 10:25:04 AM »
As you can see there's this Chinese threat "KZipShell.dll" which I can't delete it, working under explorer.exe. I'm not sure if it is the reason which effecting my System Idle Process. But I'm quite sure it is some kind of threat to my computer. :/

Here is where I got information from http://www.threatexpert.com/report.aspx?md5=d1975c00385cb9c9d11d17289ae34d0e

I have detected various IPs from Malwarebytes protection log too.
77.78.224.33
89.28.85.132
208.91.207.10
91.197.237.17
109.235.55.11
194.54.80.150
62.45.3.198
222.65.184.25
212.117.164.209

There are many more but I'm tired of copying and paste them. D:

Thank You so far by the way, appreciated 'cheers' :D

Dr Jay

  • Malware Removal Specialist


  • Specialist
  • Moderator emeritus
  • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: System Idle Process CPU won't go down
« Reply #8 on: October 26, 2011, 11:09:57 AM »
The System Idle Process indicates there are no more runnable threads for the CPU. It sticks up at highest usage, because it is considered "ready". It goes down automatically when new threads are created. It does not matter how high or low the System Idle Process runs, because all that shows is that your system is at an idle state.

Let's check one more thing...

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.
~Dr Jay

F4llschirmjager

    Topic Starter


    Rookie

  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows XP
Re: System Idle Process CPU won't go down
« Reply #9 on: October 26, 2011, 11:20:21 AM »
So in other words, you are saying my computer was always in an idle state even though I run a program which needs RAM, CPU, Memory to be used and instead of working on the current program, it keeps itself as idle. Is that correct ? Because now you see it's not like 50-50 CPU for Sys Idle and the program I'm running anymore. The System Idle Process hogs 99% CPU even though I'm running a huge games or program, it doesn't go down that's my problem.

And here are the logs no threat found

00:16:16.0687 1280   TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
00:16:17.0500 1280   ============================================================
00:16:17.0500 1280   Current date / time: 2011/10/27 00:16:17.0500
00:16:17.0500 1280   SystemInfo:
00:16:17.0500 1280   
00:16:17.0500 1280   OS Version: 5.1.2600 ServicePack: 3.0
00:16:17.0500 1280   Product type: Workstation
00:16:17.0500 1280   ComputerName: LARCTH
00:16:17.0500 1280   UserName: Nookia
00:16:17.0500 1280   Windows directory: C:\WINXP
00:16:17.0500 1280   System windows directory: C:\WINXP
00:16:17.0500 1280   Processor architecture: Intel x86
00:16:17.0500 1280   Number of processors: 2
00:16:17.0500 1280   Page size: 0x1000
00:16:17.0500 1280   Boot type: Normal boot
00:16:17.0500 1280   ============================================================
00:16:18.0484 1280   Initialize success
00:16:33.0609 0852   ============================================================
00:16:33.0609 0852   Scan started
00:16:33.0609 0852   Mode: Manual;
00:16:33.0609 0852   ============================================================
00:16:34.0671 0852   1394hub - ok
00:16:34.0687 0852   Abiosdsk - ok
00:16:34.0687 0852   abp480n5 - ok
00:16:34.0718 0852   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINXP\system32\DRIVERS\ACPI.sys
00:16:34.0718 0852   ACPI - ok
00:16:34.0750 0852   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINXP\system32\drivers\ACPIEC.sys
00:16:34.0765 0852   ACPIEC - ok
00:16:34.0765 0852   adpu160m - ok
00:16:34.0796 0852   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINXP\system32\drivers\aec.sys
00:16:34.0796 0852   aec - ok
00:16:34.0812 0852   AFD             (4d43e74f2a1239d53929b82600f1971c) C:\WINXP\System32\drivers\afd.sys
00:16:34.0812 0852   AFD - ok
00:16:34.0828 0852   Aha154x - ok
00:16:34.0828 0852   aic78u2 - ok
00:16:34.0843 0852   aic78xx - ok
00:16:34.0843 0852   AliIde - ok
00:16:34.0906 0852   Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINXP\system32\drivers\Ambfilt.sys
00:16:34.0906 0852   Ambfilt - ok
00:16:34.0921 0852   amsint - ok
00:16:34.0921 0852   asc - ok
00:16:34.0937 0852   asc3350p - ok
00:16:34.0937 0852   asc3550 - ok
00:16:34.0953 0852   AsIO            (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINXP\system32\drivers\AsIO.sys
00:16:34.0953 0852   AsIO - ok
00:16:35.0000 0852   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINXP\system32\DRIVERS\asyncmac.sys
00:16:35.0000 0852   AsyncMac - ok
00:16:35.0015 0852   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINXP\system32\DRIVERS\atapi.sys
00:16:35.0015 0852   atapi - ok
00:16:35.0015 0852   Atdisk - ok
00:16:35.0046 0852   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINXP\system32\DRIVERS\atmarpc.sys
00:16:35.0046 0852   Atmarpc - ok
00:16:35.0078 0852   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINXP\system32\DRIVERS\audstub.sys
00:16:35.0078 0852   audstub - ok
00:16:35.0109 0852   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINXP\system32\drivers\Beep.sys
00:16:35.0109 0852   Beep - ok
00:16:35.0140 0852   BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINXP\system32\DRIVERS\BrScnUsb.sys
00:16:35.0140 0852   BrScnUsb - ok
00:16:35.0218 0852   catchme - ok
00:16:35.0250 0852   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINXP\system32\drivers\cbidf2k.sys
00:16:35.0250 0852   cbidf2k - ok
00:16:35.0265 0852   cd20xrnt - ok
00:16:35.0265 0852   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINXP\system32\drivers\Cdaudio.sys
00:16:35.0265 0852   Cdaudio - ok
00:16:35.0312 0852   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINXP\system32\drivers\Cdfs.sys
00:16:35.0312 0852   Cdfs - ok
00:16:35.0359 0852   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINXP\system32\DRIVERS\cdrom.sys
00:16:35.0359 0852   Cdrom - ok
00:16:35.0390 0852   Changer - ok
00:16:35.0390 0852   CmdIde - ok
00:16:35.0406 0852   Cpqarray - ok
00:16:35.0437 0852   cpuz135         (c2eb4539a4f6ab6edd01bdc191619975) C:\WINXP\system32\drivers\cpuz135_x32.sys
00:16:35.0437 0852   cpuz135 - ok
00:16:35.0437 0852   dac2w2k - ok
00:16:35.0453 0852   dac960nt - ok
00:16:35.0453 0852   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINXP\system32\DRIVERS\disk.sys
00:16:35.0453 0852   Disk - ok
00:16:35.0515 0852   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINXP\system32\drivers\dmboot.sys
00:16:35.0515 0852   dmboot - ok
00:16:35.0515 0852   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINXP\system32\drivers\dmio.sys
00:16:35.0515 0852   dmio - ok
00:16:35.0546 0852   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINXP\system32\drivers\dmload.sys
00:16:35.0546 0852   dmload - ok
00:16:35.0578 0852   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINXP\system32\drivers\DMusic.sys
00:16:35.0578 0852   DMusic - ok
00:16:35.0593 0852   dpti2o - ok
00:16:35.0593 0852   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINXP\system32\drivers\drmkaud.sys
00:16:35.0593 0852   drmkaud - ok
00:16:35.0640 0852   dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\WINXP\system32\DRIVERS\dtsoftbus01.sys
00:16:35.0640 0852   dtsoftbus01 - ok
00:16:35.0781 0852   dump_wmimmc - ok
00:16:35.0781 0852   EagleXNt - ok
00:16:35.0843 0852   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINXP\system32\drivers\Fastfat.sys
00:16:35.0843 0852   Fastfat - ok
00:16:35.0859 0852   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINXP\system32\drivers\Fdc.sys
00:16:35.0859 0852   Fdc - ok
00:16:35.0875 0852   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINXP\system32\drivers\Fips.sys
00:16:35.0890 0852   Fips - ok
00:16:35.0890 0852   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINXP\system32\drivers\Flpydisk.sys
00:16:35.0890 0852   Flpydisk - ok
00:16:35.0921 0852   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINXP\system32\DRIVERS\fltMgr.sys
00:16:35.0921 0852   FltMgr - ok
00:16:35.0953 0852   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINXP\system32\drivers\Fs_Rec.sys
00:16:35.0953 0852   Fs_Rec - ok
00:16:35.0953 0852   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINXP\system32\DRIVERS\ftdisk.sys
00:16:35.0953 0852   Ftdisk - ok
00:16:35.0984 0852   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys
00:16:35.0984 0852   GEARAspiWDM - ok
00:16:36.0015 0852   GGSAFERDriver - ok
00:16:36.0062 0852   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINXP\system32\DRIVERS\msgpc.sys
00:16:36.0062 0852   Gpc - ok
00:16:36.0093 0852   HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINXP\system32\DRIVERS\HDAudBus.sys
00:16:36.0093 0852   HDAudBus - ok
00:16:36.0140 0852   hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINXP\system32\DRIVERS\hidusb.sys
00:16:36.0140 0852   hidusb - ok
00:16:36.0156 0852   hpn - ok
00:16:36.0187 0852   HTTP            (937031c085718c1c04a9c0864625ec6b) C:\WINXP\system32\Drivers\HTTP.sys
00:16:36.0187 0852   HTTP - ok
00:16:36.0187 0852   i2omgmt - ok
00:16:36.0203 0852   i2omp - ok
00:16:36.0218 0852   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINXP\system32\DRIVERS\i8042prt.sys
00:16:36.0218 0852   i8042prt - ok
00:16:36.0234 0852   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINXP\system32\DRIVERS\imapi.sys
00:16:36.0234 0852   Imapi - ok
00:16:36.0234 0852   ini910u - ok
00:16:36.0328 0852   IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINXP\system32\drivers\RtkHDAud.sys
00:16:36.0359 0852   IntcAzAudAddService - ok
00:16:36.0437 0852   IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINXP\system32\DRIVERS\intelide.sys
00:16:36.0437 0852   IntelIde - ok
00:16:36.0453 0852   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINXP\system32\DRIVERS\intelppm.sys
00:16:36.0453 0852   intelppm - ok
00:16:36.0468 0852   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINXP\system32\DRIVERS\Ip6Fw.sys
00:16:36.0468 0852   Ip6Fw - ok
00:16:36.0500 0852   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINXP\system32\DRIVERS\ipfltdrv.sys
00:16:36.0500 0852   IpFilterDriver - ok
00:16:36.0500 0852   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINXP\system32\DRIVERS\ipinip.sys
00:16:36.0500 0852   IpInIp - ok
00:16:36.0515 0852   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINXP\system32\DRIVERS\ipnat.sys
00:16:36.0515 0852   IpNat - ok
00:16:36.0531 0852   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINXP\system32\DRIVERS\ipsec.sys
00:16:36.0531 0852   IPSec - ok
00:16:36.0546 0852   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINXP\system32\DRIVERS\irenum.sys
00:16:36.0546 0852   IRENUM - ok
00:16:36.0562 0852   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINXP\system32\DRIVERS\isapnp.sys
00:16:36.0562 0852   isapnp - ok
00:16:36.0593 0852   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINXP\system32\DRIVERS\kbdclass.sys
00:16:36.0593 0852   Kbdclass - ok
00:16:36.0625 0852   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINXP\system32\drivers\kmixer.sys
00:16:36.0625 0852   kmixer - ok
00:16:36.0640 0852   KSecDD          (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINXP\system32\drivers\KSecDD.sys
00:16:36.0640 0852   KSecDD - ok
00:16:36.0656 0852   L1e             (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINXP\system32\DRIVERS\l1e51x86.sys
00:16:36.0656 0852   L1e - ok
00:16:36.0656 0852   lbrtfdc - ok
00:16:36.0671 0852   MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\WINXP\system32\drivers\mbam.sys
00:16:36.0671 0852   MBAMProtector - ok
00:16:36.0687 0852   MBAMSwissArmy - ok
00:16:36.0703 0852   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINXP\system32\drivers\mnmdd.sys
00:16:36.0703 0852   mnmdd - ok
00:16:36.0718 0852   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINXP\system32\drivers\Modem.sys
00:16:36.0718 0852   Modem - ok
00:16:36.0750 0852   Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINXP\system32\drivers\Monfilt.sys
00:16:36.0765 0852   Monfilt - ok
00:16:36.0796 0852   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINXP\system32\DRIVERS\mouclass.sys
00:16:36.0796 0852   Mouclass - ok
00:16:36.0828 0852   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINXP\system32\DRIVERS\mouhid.sys
00:16:36.0828 0852   mouhid - ok
00:16:36.0843 0852   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINXP\system32\drivers\MountMgr.sys
00:16:36.0843 0852   MountMgr - ok
00:16:36.0859 0852   mraid35x - ok
00:16:36.0859 0852   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINXP\system32\DRIVERS\mrxdav.sys
00:16:36.0859 0852   MRxDAV - ok
00:16:36.0875 0852   MRxSmb          (d09b9f0b9960dd41e73127b7814c115f) C:\WINXP\system32\DRIVERS\mrxsmb.sys
00:16:36.0875 0852   MRxSmb - ok
00:16:36.0890 0852   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINXP\system32\drivers\Msfs.sys
00:16:36.0890 0852   Msfs - ok
00:16:36.0921 0852   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINXP\system32\drivers\MSKSSRV.sys
00:16:36.0921 0852   MSKSSRV - ok
00:16:36.0953 0852   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINXP\system32\drivers\MSPCLOCK.sys
00:16:36.0953 0852   MSPCLOCK - ok
00:16:36.0968 0852   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINXP\system32\drivers\MSPQM.sys
00:16:36.0968 0852   MSPQM - ok
00:16:37.0015 0852   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINXP\system32\DRIVERS\mssmbios.sys
00:16:37.0015 0852   mssmbios - ok
00:16:37.0031 0852   MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINXP\system32\DRIVERS\ASACPI.sys
00:16:37.0031 0852   MTsensor - ok
00:16:37.0046 0852   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINXP\system32\drivers\Mup.sys
00:16:37.0046 0852   Mup - ok
00:16:37.0046 0852   mv61xx          (a4a61d30097c8adaad648ebe204d61ef) C:\WINXP\system32\DRIVERS\mv61xx.sys
00:16:37.0046 0852   mv61xx - ok
00:16:37.0078 0852   mv61xxmm        (4578f2d91309bc360b4f67c8a513bc77) C:\WINXP\system32\drivers\mv61xxmm.sys
00:16:37.0078 0852   mv61xxmm - ok
00:16:37.0078 0852   mv64xxmm        (6090786daa545a3ec7d34a46a8cd1661) C:\WINXP\system32\drivers\mv64xxmm.sys
00:16:37.0078 0852   mv64xxmm - ok
00:16:37.0093 0852   mvxxmm          (f3376efec7d3fd00f577067ad2a0b194) C:\WINXP\system32\drivers\mvxxmm.sys
00:16:37.0093 0852   mvxxmm - ok
00:16:37.0093 0852   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINXP\system32\drivers\NDIS.sys
00:16:37.0109 0852   NDIS - ok
00:16:37.0109 0852   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINXP\system32\DRIVERS\ndistapi.sys
00:16:37.0109 0852   NdisTapi - ok
00:16:37.0125 0852   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINXP\system32\DRIVERS\ndisuio.sys
00:16:37.0125 0852   Ndisuio - ok
00:16:37.0140 0852   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINXP\system32\DRIVERS\ndiswan.sys
00:16:37.0140 0852   NdisWan - ok
00:16:37.0140 0852   NDProxy         (816460bd4b4acd27937d1d0813e2e9e9) C:\WINXP\system32\drivers\NDProxy.sys
00:16:37.0140 0852   NDProxy - ok
00:16:37.0156 0852   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINXP\system32\DRIVERS\netbios.sys
00:16:37.0156 0852   NetBIOS - ok
00:16:37.0171 0852   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINXP\system32\DRIVERS\netbt.sys
00:16:37.0171 0852   NetBT - ok
00:16:37.0187 0852   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINXP\system32\drivers\Npfs.sys
00:16:37.0187 0852   Npfs - ok
00:16:37.0218 0852   NPPTNT2         (9131fe60adfab595c8da53ad6a06aa31) C:\WINXP\system32\npptNT2.sys
00:16:37.0234 0852   NPPTNT2 - ok
00:16:37.0250 0852   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINXP\system32\drivers\Ntfs.sys
00:16:37.0265 0852   Ntfs - ok
00:16:37.0296 0852   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINXP\system32\drivers\Null.sys
00:16:37.0296 0852   Null - ok
00:16:37.0484 0852   nv              (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINXP\system32\DRIVERS\nv4_mini.sys
00:16:37.0531 0852   nv - ok
00:16:37.0546 0852   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINXP\system32\DRIVERS\nwlnkflt.sys
00:16:37.0546 0852   NwlnkFlt - ok
00:16:37.0562 0852   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
00:16:37.0562 0852   NwlnkFwd - ok
00:16:37.0578 0852   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINXP\system32\drivers\Parport.sys
00:16:37.0578 0852   Parport - ok
00:16:37.0609 0852   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINXP\system32\drivers\PartMgr.sys
00:16:37.0609 0852   PartMgr - ok
00:16:37.0640 0852   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINXP\system32\drivers\ParVdm.sys
00:16:37.0640 0852   ParVdm - ok
00:16:37.0656 0852   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINXP\system32\DRIVERS\pci.sys
00:16:37.0656 0852   PCI - ok
00:16:37.0656 0852   PCIDump - ok
00:16:37.0671 0852   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINXP\system32\drivers\PCIIde.sys
00:16:37.0671 0852   PCIIde - ok
00:16:37.0687 0852   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINXP\system32\drivers\Pcmcia.sys
00:16:37.0687 0852   Pcmcia - ok
00:16:37.0703 0852   PDCOMP - ok
00:16:37.0703 0852   PDFRAME - ok
00:16:37.0703 0852   PDRELI - ok
00:16:37.0718 0852   PDRFRAME - ok
00:16:37.0718 0852   perc2 - ok
00:16:37.0734 0852   perc2hib - ok
00:16:37.0750 0852   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINXP\system32\DRIVERS\raspptp.sys
00:16:37.0750 0852   PptpMiniport - ok
00:16:37.0765 0852   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINXP\system32\DRIVERS\psched.sys
00:16:37.0765 0852   PSched - ok
00:16:37.0765 0852   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINXP\system32\DRIVERS\ptilink.sys
00:16:37.0765 0852   Ptilink - ok
00:16:37.0796 0852   PxHelp20        (40fedd328f98245ad201cf5f9f311724) C:\WINXP\system32\Drivers\PxHelp20.sys
00:16:37.0796 0852   PxHelp20 - ok
00:16:37.0796 0852   ql1080 - ok
00:16:37.0812 0852   Ql10wnt - ok
00:16:37.0812 0852   ql12160 - ok
00:16:37.0812 0852   ql1240 - ok
00:16:37.0828 0852   ql1280 - ok
00:16:37.0843 0852   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINXP\system32\DRIVERS\rasacd.sys
00:16:37.0843 0852   RasAcd - ok
00:16:37.0859 0852   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINXP\system32\DRIVERS\rasl2tp.sys
00:16:37.0859 0852   Rasl2tp - ok
00:16:37.0875 0852   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINXP\system32\DRIVERS\raspppoe.sys
00:16:37.0875 0852   RasPppoe - ok
00:16:37.0875 0852   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINXP\system32\DRIVERS\raspti.sys
00:16:37.0875 0852   Raspti - ok
00:16:37.0890 0852   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINXP\system32\DRIVERS\rdbss.sys
00:16:37.0890 0852   Rdbss - ok
00:16:37.0906 0852   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINXP\system32\DRIVERS\RDPCDD.sys
00:16:37.0906 0852   RDPCDD - ok
00:16:37.0937 0852   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINXP\system32\DRIVERS\rdpdr.sys
00:16:37.0937 0852   rdpdr - ok
00:16:37.0968 0852   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINXP\system32\drivers\RDPWD.sys
00:16:37.0968 0852   RDPWD - ok
00:16:38.0000 0852   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINXP\system32\DRIVERS\redbook.sys
00:16:38.0000 0852   redbook - ok
00:16:38.0046 0852   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINXP\system32\DRIVERS\secdrv.sys
00:16:38.0046 0852   Secdrv - ok
00:16:38.0046 0852   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINXP\system32\DRIVERS\serenum.sys
00:16:38.0046 0852   serenum - ok
00:16:38.0062 0852   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINXP\system32\DRIVERS\serial.sys
00:16:38.0062 0852   Serial - ok
00:16:38.0093 0852   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINXP\system32\drivers\Sfloppy.sys
00:16:38.0093 0852   Sfloppy - ok
00:16:38.0093 0852   Simbad - ok
00:16:38.0125 0852   SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINXP\system32\DRIVERS\SONYPVU1.SYS
00:16:38.0125 0852   SONYPVU1 - ok
00:16:38.0125 0852   Sparrow - ok
00:16:38.0156 0852   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINXP\system32\drivers\splitter.sys
00:16:38.0156 0852   splitter - ok
00:16:38.0203 0852   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINXP\system32\DRIVERS\sr.sys
00:16:38.0203 0852   sr - ok
00:16:38.0218 0852   Srv             (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINXP\system32\DRIVERS\srv.sys
00:16:38.0218 0852   Srv - ok
00:16:38.0250 0852   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINXP\system32\DRIVERS\swenum.sys
00:16:38.0250 0852   swenum - ok
00:16:38.0265 0852   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINXP\system32\drivers\swmidi.sys
00:16:38.0265 0852   swmidi - ok
00:16:38.0265 0852   symc810 - ok
00:16:38.0281 0852   symc8xx - ok
00:16:38.0281 0852   sym_hi - ok
00:16:38.0281 0852   sym_u3 - ok
00:16:38.0312 0852   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINXP\system32\drivers\sysaudio.sys
00:16:38.0312 0852   sysaudio - ok
00:16:38.0375 0852   Tcpip           (a5bc817bb84dcb9e71719ff868144124) C:\WINXP\system32\DRIVERS\tcpip.sys
00:16:38.0375 0852   Tcpip - ok
00:16:38.0390 0852   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINXP\system32\drivers\TDPIPE.sys
00:16:38.0390 0852   TDPIPE - ok
00:16:38.0437 0852   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINXP\system32\drivers\TDTCP.sys
00:16:38.0437 0852   TDTCP - ok
00:16:38.0453 0852   TermDD          (88155247177638048422893737429d9e) C:\WINXP\system32\DRIVERS\termdd.sys
00:16:38.0453 0852   TermDD - ok
00:16:38.0468 0852   TosIde - ok
00:16:38.0500 0852   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINXP\system32\drivers\Udfs.sys
00:16:38.0500 0852   Udfs - ok
00:16:38.0500 0852   ultra - ok
00:16:38.0515 0852   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINXP\system32\DRIVERS\update.sys
00:16:38.0515 0852   Update - ok
00:16:38.0562 0852   USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINXP\system32\Drivers\usbaapl.sys
00:16:38.0562 0852   USBAAPL - ok
00:16:38.0593 0852   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINXP\system32\DRIVERS\usbccgp.sys
00:16:38.0593 0852   usbccgp - ok
00:16:38.0609 0852   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINXP\system32\DRIVERS\usbehci.sys
00:16:38.0609 0852   usbehci - ok
00:16:38.0640 0852   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINXP\system32\DRIVERS\usbhub.sys
00:16:38.0640 0852   usbhub - ok
00:16:38.0640 0852   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINXP\system32\DRIVERS\usbprint.sys
00:16:38.0640 0852   usbprint - ok
00:16:38.0656 0852   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINXP\system32\DRIVERS\usbscan.sys
00:16:38.0656 0852   usbscan - ok
00:16:38.0671 0852   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINXP\system32\DRIVERS\USBSTOR.SYS
00:16:38.0671 0852   USBSTOR - ok
00:16:38.0671 0852   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINXP\system32\DRIVERS\usbuhci.sys
00:16:38.0671 0852   usbuhci - ok
00:16:38.0703 0852   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINXP\System32\drivers\vga.sys
00:16:38.0703 0852   VgaSave - ok
00:16:38.0703 0852   ViaIde - ok
00:16:38.0718 0852   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINXP\system32\drivers\VolSnap.sys
00:16:38.0718 0852   VolSnap - ok
00:16:38.0734 0852   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINXP\system32\DRIVERS\wanarp.sys
00:16:38.0734 0852   Wanarp - ok
00:16:38.0734 0852   WDICA - ok
00:16:38.0765 0852   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINXP\system32\drivers\wdmaud.sys
00:16:38.0765 0852   wdmaud - ok
00:16:38.0812 0852   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINXP\system32\DRIVERS\WudfPf.sys
00:16:38.0812 0852   WudfPf - ok
00:16:38.0828 0852   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINXP\system32\DRIVERS\wudfrd.sys
00:16:38.0828 0852   WudfRd - ok
00:16:38.0828 0852   XDva385 - ok
00:16:38.0843 0852   XDva387 - ok
00:16:38.0859 0852   MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:16:38.0921 0852   \Device\Harddisk0\DR0 - ok
00:16:38.0921 0852   Boot (0x1200)   (079d83d72b1c92bdb0051ab3dca0f6b6) \Device\Harddisk0\DR0\Partition0
00:16:38.0921 0852   \Device\Harddisk0\DR0\Partition0 - ok
00:16:38.0937 0852   Boot (0x1200)   (1596dca7a70b9a6c10e78b2c1e299963) \Device\Harddisk0\DR0\Partition1
00:16:38.0937 0852   \Device\Harddisk0\DR0\Partition1 - ok
00:16:38.0937 0852   ============================================================
00:16:38.0937 0852   Scan finished
00:16:38.0937 0852   ============================================================
00:16:38.0953 1100   Detected object count: 0
00:16:38.0953 1100   Actual detected object count: 0

F4llschirmjager

    Topic Starter


    Rookie

  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows XP
Re: System Idle Process CPU won't go down
« Reply #10 on: October 26, 2011, 11:58:01 AM »
For example I'm currently running Civilization V

The System idle Process hogs half of the CPU Usage, which shouldn't and never happened before.

Img - http://upic.me/i/j2/cem51.jpg

What strange is that the lag will come only when I'm actually playing the game, you know like when there are movements and graphic ?

But when I'm on the main menu screen of the games, I just don't feel the lag.

While the System Idle Process is hogging the CPU at the same amount in both situation. weird ehh ? :\

This problem goes to all of my game but strangely again it doesn't go with software like Photoshop CS5. It seems to work fine for me even though the System Idle is hogging over half of the CPU.

Could this be some kind of graphic card problem instead ?

Dr Jay

  • Malware Removal Specialist


  • Specialist
  • Moderator emeritus
  • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: System Idle Process CPU won't go down
« Reply #11 on: October 26, 2011, 12:37:32 PM »
In that screenshot, it clearly shows that 50% of the CPU is being used by Civilization V, and 50% is used by System Idle Process. The System Idle Process does not hog the CPU by any means. That is showing that 50% of the CPU is free to use.

Start other programs that need to thread objects in the CPU and see if the Idle process goes down. It most likely will.

That processor is lucky enough to even run Civilization V. IMO, that is not good enough.

Civ. V needs either:

A. Quad core processor at 1.8 GHz (required by the game makers)
B. Dual core processor at 4.0 GHz (my own recommendation)

The Minimum requirements on a game is specifically needed for the program to simply install and run at reduced functionality. However, the recommended requirements on a game is what the game is supposed to run at, in full functionality.

If you're not running that game in a high-performance environment...expect trouble!
~Dr Jay

Linux711



    Mentor

    Thanked: 59
    • Yes
    • Programming Blog
  • Certifications: List
  • Computer: Specs
  • Experience: Experienced
  • OS: Windows 7
Re: System Idle Process CPU won't go down
« Reply #12 on: October 26, 2011, 01:20:51 PM »
FYI: I think you are seeing only 50% CPU usage because that program is not multithreaded (uses multiple cores).
YouTube

"Genius is persistence, not brain power." - Me

"Insomnia is just a byproduct of, "It can't be done"" - LaVolpe

F4llschirmjager

    Topic Starter


    Rookie

  • Certifications: List
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows XP
Re: System Idle Process CPU won't go down
« Reply #13 on: October 26, 2011, 09:12:50 PM »
I have tried running Civilization V, Warcraft III, Starcraft all at the same time and during gameplay. The System Idle Process still keeps using 50-50 CPU when it should being used for either Starcraft or Warcraft III, but no luck. :(

While War3 and Starcraft is running and uses some Memory, The CPU still goes for System Idle Process instead.
http://upic.me/i/63/56wtf.jpg

List by Memory Usage
http://upic.me/i/7k/r0wth.jpg

My Video settings of Civilization V (Default Setting)
http://upic.me/i/m1/87omg.jpg

I have used this setting since I installed the game and it worked just fine (smooth), until now its lag is killing me bad and if no solution could be find, I guess I will have to format my C and see if that works...

If not the System Idle Process, what could be any other ? Because you see when game lags I just find out what's going on from Task Manager first and this is what I got.

Could it be some kind of machine overheating ? I don't know now. ;/

Ps. It happens to Warcraft III also, not only the Civilization V, if you are trying to say my spec is too low for it. D:
and is there anyway to force my computer to uses 99% of CPU on something and don't let it keep in idle state ? Thx alot though so far

Dr Jay

  • Malware Removal Specialist


  • Specialist
  • Moderator emeritus
  • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: System Idle Process CPU won't go down
« Reply #14 on: October 27, 2011, 06:52:07 AM »
Did you notice in this screenshot that Warcraft 3 was not using the CPU: http://upic.me/i/63/56wtf.jpg ??

Explorer.exe is using 1%, System Idle at 49, and Civ V using 50. With 51% of the processor being used for Explorer and Civ V, the other 49% is free to use, occupied by the System Idle Process.

You don't seem to understand this computing method. Either A: you don't believe my expertise, or B: you seriously think something is wrong with the Idle task in the Task Manager.

Allow me to quote for you the explanation of the System Idle process so you kindly understand here:

Quote
...the System Idle Process contains one or more kernel threads which run when no other runnable thread can be scheduled on a CPU. For example, there may be no runnable thread in the system, or all runnable threads are already running on a different CPU. In a multiprocessor system, there is one idle thread associated with each CPU.

The CPU time consumed by the System Idle Process is commonly of interest to end users, as it is a measure of the CPU utilization in their system which is easily accessible through Windows Task Manager. Understanding its function can alleviate concern: the System Idle Process and its threads eliminate the possibility of the scheduler having to deal with the exception to a rule. Its threads are scheduled at a lower priority than any other threads can reach; if no ordinary thread is scheduled to run on a free CPU, then and only then does the scheduler select that CPU's System Idle Process thread for execution. In other words, although it may appear to users that their CPU is being monopolized by the idle process, it is merely acting as a sort of placeholder during "free time" (therefore, whenever the idle process appears to be consuming most of the CPU, it is proof that no other process wants that CPU time).

Read articles for backupo references, please: http://en.wikipedia.org/wiki/System_Idle_Process and http://en.wikipedia.org/wiki/Idle_task
~Dr Jay