Solve : CPU constantly at 100%, no virus(?), no odd processes running,

1.	Solve : CPU constantly at 100%, no virus(?), no odd processes running, need help.?
Answer» For the record, I posted this in hardware because I am not entirely sure this isn't a hardware issue. I hope my motherboard isn't going to crap (I don't have money to replace the blasted thing and I've only got a Pentium 4 3.0GHz socket 478 system w/ a gig of RAM and a 512MB 7300GT AGP 8X GPU as a backup. Its about as useful for gaming as this rig has become. Alright so today I noticed my CPU has been pulling a balancing act between the two cores, leveling out at about 100% load, its REALLY annoying, however, its not crippling basic usage, just gaming, and any other resource intensive program. I have a Core 2 Duo E4500 and the cores are sharing the load like a COUPLE DRUNKEN jugglers. But it seems to be FINE for now. I dunno which'll go first, the CPU or my sanity. I've been trying to fix this off and on for most of the day. Anyway, here's the hijack this report: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:22:10 PM, on 12/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe C:\Program Files\EVEREST Ultimate Edition\everest.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2067 bytes As you can see, nada, nothing strange, nothing that doesn't belong, and most of all, simply nothing that has caused this before. I am absolutely baffled. On top of this, I get an error that the windows installer won't initialize since this happened. I don't remember the exact code but a lot of stuff won't install/uninstall now, I thought it was a virus, ran AVG, nothing but some tracking cookies. To be honest, I am completely baffled as to what is causing this, but its driving me nuts, I would be more concerned about it but I think a format would fix it; However, I do NOT want to have to reinstall windows XP, my CPU is only running at about 99F, so I don't have to worry about it burning out from the load, but I'd still like to have this resolved as fast as possible. Thanks for any help you can provide. You don't run any AV program? If so, I'm not sure about your computer being clean.... Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program. Click on View > Select Colunms. In addition to already pre-selected options, make sure, the Command Line is selected, and press OK. Go File>Save As, and save the report as Procexp.txt. Attach the file to your next reply.AVG 8.5, I run that, I don't have it setup for live scanning, it drives me nuts and lags performance. Here's that Proc explorer report: ProcessPIDCPUDescriptionCompany Name System Idle Process048.44 Interruptsn/aHardware Interrupts DPCsn/aDeferred Procedure Calls System450.00 smss.exe932Windows NT Session ManagerMicrosoft Corporation csrss.exe984Client Server Runtime ProcessMicrosoft Corporation winlogon.exe1012Windows NT Logon ApplicationMicrosoft Corporation services.exe1056Services and Controller appMicrosoft Corporation svchost.exe1252Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe1340Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe1392Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe1744Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe536Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe1572Generic Host Process for Win32 ServicesMicrosoft Corporation lsass.exe1068LSA Shell (Export Version)Microsoft Corporation explorer.exe916Windows ExplorerMicrosoft Corporation WZCSLDR2.exe1384ANIWZCS2 launcher for Windows.Wireless Service AirGCFG.exe1492D-Link Wireless LAN MonitorD-Link everest.exe6360.78EVEREST Ultimate EditionLavalys, Inc. wmplayer.exe660Windows Media PlayerMicrosoft Corporation firefox.exe39560.78FirefoxMozilla Corporation procexp.exe2612Sysinternals Process ExplorerSysinternals - www.sysinternals.com avgrsx.exe904AVG Resident Shield ServiceAVG Technologies CZ, s.r.o. Quote AVG 8.5, I run that, I don't have it setup for live scanning, it drives me nuts and lags performance. Well, AVG is rather known for that. In any case, as you can see from the log, its process is running anyway. Anyway, you can't be without AV program. system process is taking 50% of your CPU cycles. Unfortunately, it can be almost anything, making system process running high, software, or hardware. This is what I propose. Uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools Get one of these: - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html - free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/ NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product. If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall.. If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off. IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall. When done, post another PE log. Working on downloading/installing the software, I'm not a fan of Avast, but, censored if I can fix this. I can't believe I didn't see that the system and system idle process where using that much of my CPU, this makes no sense. I'll upload a new report as soon as I install Comodo and/or AvastOh censored, I was afraid of this, I think the System process has been hijacked, but how the censored does that just happen? I haven't installed anything. The firewall told me the System process is trying to broadcast to this: http://en.wikipedia.org/wiki/NBName Bad, very, very, very, very bad. self censors cussing... I, of course, with my new god powers over packets, blocked it. Anyway, that report... thing... ProcessPIDCPUDescriptionCompany Name System Idle Process050.00 Interruptsn/a0.78Hardware Interrupts DPCsn/aDeferred Procedure Calls System449.22 smss.exe972Windows NT Session ManagerMicrosoft Corporation csrss.exe1024Client Server Runtime ProcessMicrosoft Corporation winlogon.exe1052Windows NT Logon ApplicationMicrosoft Corporation services.exe1096Services and Controller appMicrosoft Corporation svchost.exe1296Generic Host Process for Win32 ServicesMicrosoft Corporation cmdagent.exe1384COMODO Internet SecurityCOMODO svchost.exe1468Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe1596Generic Host Process for Win32 ServicesMicrosoft Corporation svchost.exe1848Generic Host Process for Win32 ServicesMicrosoft Corporation msiexec.exe1912Windows® installerMicrosoft Corporation wdfmgr.exe1968Windows User Mode Driver ManagerMicrosoft Corporation svchost.exe780Generic Host Process for Win32 ServicesMicrosoft Corporation lsass.exe1108LSA Shell (Export Version)Microsoft Corporation explorer.exe1364Windows ExplorerMicrosoft Corporation WZCSLDR2.exe1960ANIWZCS2 launcher for Windows.Wireless Service AirGCFG.exe2020D-Link Wireless LAN MonitorD-Link cfp.exe2028COMODO Internet SecurityCOMODO firefox.exe1492FirefoxMozilla Corporation everest.exe632EVEREST Ultimate EditionLavalys, Inc. procexp.exe932Sysinternals Process ExplorerSysinternals - www.sysinternals.com 'Nother note, I'm updating the Comodo's built in antivirus, gonna use it to see if i can't root out this cancerous annoyance that has somehow wormed its way onto my drive. I'm just GLAD its not a key logger or some such. I would also like to note that the computer has been hanging on shutdowns since the problem emerged, I forgot to mention this 'til the last reboot. I think its just idling blasting god knows where with packets. I installed a packet sniffer, WireShark, I've heard its good, I can't find anything unusual but there is a flood of packets long enough to make my head explode... I think it might be attacking... Google...System idle process is CPU NOT used, so it should be as high as possible. System process is your problem. Quote i can't root out this cancerous annoyance that has somehow wormed its way onto my drive Explain, please. Are you aware of some infection?

Solve : CPU constantly at 100%, no virus(?), no odd processes running, need help.?

Answer»

For the record, I posted this in hardware because I am not entirely sure this isn't a hardware issue. I hope my motherboard isn't going to crap (I don't have money to replace the blasted thing and I've only got a Pentium 4 3.0GHz socket 478 system w/ a gig of RAM and a 512MB 7300GT AGP 8X GPU as a backup. Its about as useful for gaming as this rig has become.

Alright so today I noticed my CPU has been pulling a balancing act between the two cores, leveling out at about 100% load, its REALLY annoying, however, its not crippling basic usage, just gaming, and any other resource intensive program. I have a Core 2 Duo E4500 and the cores are sharing the load like a COUPLE DRUNKEN jugglers. But it seems to be FINE for now. I dunno which'll go first, the CPU or my sanity. I've been trying to fix this off and on for most of the day.

Anyway, here's the hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:10 PM, on 12/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\EVEREST Ultimate Edition\everest.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2067 bytes

As you can see, nada, nothing strange, nothing that doesn't belong, and most of all, simply nothing that has caused this before. I am absolutely baffled. On top of this, I get an error that the windows installer won't initialize since this happened. I don't remember the exact code but a lot of stuff won't install/uninstall now, I thought it was a virus, ran AVG, nothing but some tracking cookies.

To be honest, I am completely baffled as to what is causing this, but its driving me nuts, I would be more concerned about it but I think a format would fix it; However, I do NOT want to have to reinstall windows XP, my CPU is only running at about 99F, so I don't have to worry about it burning out from the load, but I'd still like to have this resolved as fast as possible. Thanks for any help you can provide. You don't run any AV program?
If so, I'm not sure about your computer being clean....

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.AVG 8.5, I run that, I don't have it setup for live scanning, it drives me nuts and lags performance.

Here's that Proc explorer report:

ProcessPIDCPUDescriptionCompany Name
System Idle Process048.44
Interruptsn/aHardware Interrupts
DPCsn/aDeferred Procedure Calls
System450.00
smss.exe932Windows NT Session ManagerMicrosoft Corporation
csrss.exe984Client Server Runtime ProcessMicrosoft Corporation
winlogon.exe1012Windows NT Logon ApplicationMicrosoft Corporation
services.exe1056Services and Controller appMicrosoft Corporation
svchost.exe1252Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe1340Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe1392Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe1744Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe536Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe1572Generic Host Process for Win32 ServicesMicrosoft Corporation
lsass.exe1068LSA Shell (Export Version)Microsoft Corporation
explorer.exe916Windows ExplorerMicrosoft Corporation
WZCSLDR2.exe1384ANIWZCS2 launcher for Windows.Wireless Service
AirGCFG.exe1492D-Link Wireless LAN MonitorD-Link
everest.exe6360.78EVEREST Ultimate EditionLavalys, Inc.
wmplayer.exe660Windows Media PlayerMicrosoft Corporation
firefox.exe39560.78FirefoxMozilla Corporation
procexp.exe2612Sysinternals Process ExplorerSysinternals - www.sysinternals.com
avgrsx.exe904AVG Resident Shield ServiceAVG Technologies CZ, s.r.o.

Quote

AVG 8.5, I run that, I don't have it setup for live scanning, it drives me nuts and lags performance.

Well, AVG is rather known for that.
In any case, as you can see from the log, its process is running anyway.
Anyway, you can't be without AV program.
system process is taking 50% of your CPU cycles.
Unfortunately, it can be almost anything, making system process running high, software, or hardware.

This is what I propose.
Uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools

Get one of these:

- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

When done, post another PE log.
Working on downloading/installing the software, I'm not a fan of Avast, but, *censored* if I can fix this. I can't believe I didn't see that the system and system idle process where using that much of my CPU, this makes no sense. I'll upload a new report as soon as I install Comodo and/or AvastOh *censored*, I was afraid of this, I think the System process has been hijacked, but how the *censored* does that just happen? I haven't installed anything.

The firewall told me the System process is trying to broadcast to this:

http://en.wikipedia.org/wiki/NBName

Bad, very, very, very, very bad. *self censors cussing*...

I, of course, with my new god powers over packets, blocked it.

Anyway, that report... thing...

ProcessPIDCPUDescriptionCompany Name
System Idle Process050.00
Interruptsn/a0.78Hardware Interrupts
DPCsn/aDeferred Procedure Calls
System449.22
smss.exe972Windows NT Session ManagerMicrosoft Corporation
csrss.exe1024Client Server Runtime ProcessMicrosoft Corporation
winlogon.exe1052Windows NT Logon ApplicationMicrosoft Corporation
services.exe1096Services and Controller appMicrosoft Corporation
svchost.exe1296Generic Host Process for Win32 ServicesMicrosoft Corporation
cmdagent.exe1384COMODO Internet SecurityCOMODO
svchost.exe1468Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe1596Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe1848Generic Host Process for Win32 ServicesMicrosoft Corporation
msiexec.exe1912Windows® installerMicrosoft Corporation
wdfmgr.exe1968Windows User Mode Driver ManagerMicrosoft Corporation
svchost.exe780Generic Host Process for Win32 ServicesMicrosoft Corporation
lsass.exe1108LSA Shell (Export Version)Microsoft Corporation
explorer.exe1364Windows ExplorerMicrosoft Corporation
WZCSLDR2.exe1960ANIWZCS2 launcher for Windows.Wireless Service
AirGCFG.exe2020D-Link Wireless LAN MonitorD-Link
cfp.exe2028COMODO Internet SecurityCOMODO
firefox.exe1492FirefoxMozilla Corporation
everest.exe632EVEREST Ultimate EditionLavalys, Inc.
procexp.exe932Sysinternals Process ExplorerSysinternals - www.sysinternals.com

'Nother note, I'm updating the Comodo's built in antivirus, gonna use it to see if i can't root out this cancerous annoyance that has somehow wormed its way onto my drive. I'm just GLAD its not a key logger or some such. I would also like to note that the computer has been hanging on shutdowns since the problem emerged, I forgot to mention this 'til the last reboot. I think its just idling blasting god knows where with packets. I installed a packet sniffer, WireShark, I've heard its good, I can't find anything unusual but there is a flood of packets long enough to make my head explode... I think it might be attacking... Google...System idle process is CPU NOT used, so it should be as high as possible.
System process is your problem.

Quote

i can't root out this cancerous annoyance that has somehow wormed its way onto my drive

Explain, please. Are you aware of some infection?

Solve : CPU constantly at 100%, no virus(?), no odd processes running, need help.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment