Computer Hope
Hardware => Hardware => Topic started by: Dead Reckon on December 23, 2009, 09:36:31 PM
-
For the record, I posted this in hardware because I am not entirely sure this isn't a hardware issue. I hope my motherboard isn't going to crap (I don't have money to replace the blasted thing and I've only got a Pentium 4 3.0GHz socket 478 system w/ a gig of RAM and a 512MB 7300GT AGP 8X GPU as a backup. Its about as useful for gaming as this rig has become.
Alright so today I noticed my CPU has been pulling a balancing act between the two cores, leveling out at about 100% load, its REALLY annoying, however, its not crippling basic usage, just gaming, and any other resource intensive program. I have a Core 2 Duo E4500 and the cores are sharing the load like a couple drunken jugglers. But it seems to be fine for now. I dunno which'll go first, the CPU or my sanity. I've been trying to fix this off and on for most of the day.
Anyway, here's the hijack this report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:10 PM, on 12/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\EVEREST Ultimate Edition\everest.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 2067 bytes
As you can see, nada, nothing strange, nothing that doesn't belong, and most of all, simply nothing that has caused this before. I am absolutely baffled. On top of this, I get an error that the windows installer won't initialize since this happened. I don't remember the exact code but a lot of stuff won't install/uninstall now, I thought it was a virus, ran AVG, nothing but some tracking cookies.
To be honest, I am completely baffled as to what is causing this, but its driving me nuts, I would be more concerned about it but I think a format would fix it; However, I do NOT want to have to reinstall windows XP, my CPU is only running at about 99F, so I don't have to worry about it burning out from the load, but I'd still like to have this resolved as fast as possible. Thanks for any help you can provide.
-
You don't run any AV program?
If so, I'm not sure about your computer being clean....
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
AVG 8.5, I run that, I don't have it setup for live scanning, it drives me nuts and lags performance.
Here's that Proc explorer report:
Process PID CPU Description Company Name
System Idle Process 0 48.44
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 50.00
smss.exe 932 Windows NT Session Manager Microsoft Corporation
csrss.exe 984 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1012 Windows NT Logon Application Microsoft Corporation
services.exe 1056 Services and Controller app Microsoft Corporation
svchost.exe 1252 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1340 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1392 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1744 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 536 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1572 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 1068 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 916 Windows Explorer Microsoft Corporation
WZCSLDR2.exe 1384 ANIWZCS2 launcher for Windows. Wireless Service
AirGCFG.exe 1492 D-Link Wireless LAN Monitor D-Link
everest.exe 636 0.78 EVEREST Ultimate Edition Lavalys, Inc.
wmplayer.exe 660 Windows Media Player Microsoft Corporation
firefox.exe 3956 0.78 Firefox Mozilla Corporation
procexp.exe 2612 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
avgrsx.exe 904 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
-
AVG 8.5, I run that, I don't have it setup for live scanning, it drives me nuts and lags performance.
Well, AVG is rather known for that.
In any case, as you can see from the log, its process is running anyway.
Anyway, you can't be without AV program.
system process is taking 50% of your CPU cycles.
Unfortunately, it can be almost anything, making system process running high, software, or hardware.
This is what I propose.
Uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools
Get one of these:
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.
If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.
IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.
When done, post another PE log.
-
Working on downloading/installing the software, I'm not a fan of Avast, but, *censored* if I can fix this. I can't believe I didn't see that the system and system idle process where using that much of my CPU, this makes no sense. I'll upload a new report as soon as I install Comodo and/or Avast
-
Oh *censored*, I was afraid of this, I think the System process has been hijacked, but how the *censored* does that just happen? I haven't installed anything.
The firewall told me the System process is trying to broadcast to this:
http://en.wikipedia.org/wiki/NBName
Bad, very, very, very, very bad. *self censors cussing*...
I, of course, with my new god powers over packets, blocked it. ;D
Anyway, that report... thing...
Process PID CPU Description Company Name
System Idle Process 0 50.00
Interrupts n/a 0.78 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 49.22
smss.exe 972 Windows NT Session Manager Microsoft Corporation
csrss.exe 1024 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1052 Windows NT Logon Application Microsoft Corporation
services.exe 1096 Services and Controller app Microsoft Corporation
svchost.exe 1296 Generic Host Process for Win32 Services Microsoft Corporation
cmdagent.exe 1384 COMODO Internet Security COMODO
svchost.exe 1468 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1596 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1848 Generic Host Process for Win32 Services Microsoft Corporation
msiexec.exe 1912 Windows® installer Microsoft Corporation
wdfmgr.exe 1968 Windows User Mode Driver Manager Microsoft Corporation
svchost.exe 780 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 1108 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1364 Windows Explorer Microsoft Corporation
WZCSLDR2.exe 1960 ANIWZCS2 launcher for Windows. Wireless Service
AirGCFG.exe 2020 D-Link Wireless LAN Monitor D-Link
cfp.exe 2028 COMODO Internet Security COMODO
firefox.exe 1492 Firefox Mozilla Corporation
everest.exe 632 EVEREST Ultimate Edition Lavalys, Inc.
procexp.exe 932 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
-
'Nother note, I'm updating the Comodo's built in antivirus, gonna use it to see if i can't root out this cancerous annoyance that has somehow wormed its way onto my drive. I'm just glad its not a key logger or some such. I would also like to note that the computer has been hanging on shutdowns since the problem emerged, I forgot to mention this 'til the last reboot. I think its just idling blasting god knows where with packets. I installed a packet sniffer, WireShark, I've heard its good, I can't find anything unusual but there is a flood of packets long enough to make my head explode... I think it might be attacking... Google...
-
System idle process is CPU NOT used, so it should be as high as possible.
System process is your problem.
i can't root out this cancerous annoyance that has somehow wormed its way onto my drive
Explain, please. Are you aware of some infection?