Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"System" in task manager going crazy - HELP!

Started by kinsella , Mar 12 2006 01:30 PM

  • Please log in to reply

#1
kinsella
Posted 12 March 2006 - 01:30 PM

kinsella

    New Member

  • Member
  • Pip
  • 3 posts
My computer briefly lags every several seconds. It is most noticeable when I play video games (both online and offline). The activity on the screen will freeze for a half second or so, then resume for about 6 seconds, then freeze again for half a second, then resume for about 6 seconds, etc...

Under "Windows Task Manager", under "Processes" tab, listed under the "Image Name" column: is a process called "System".... it goes from using 0% CPU to anywhere from 40% - 90% CPU every several seconds with the regularity of a heart beat.

The "CPU Usage History" graph shows a row of about 22 narrow mountain peaks of about the same height and at equal distance from each other - again, like a heart beat.

Obviously my computer has something wrong with it.
Can anyone tell me what is wrong with "System" and how to correct it?

I've run a total of 9 types of anti-virus software on my computer. I've found and removed a LOT of stuff (each anti-virus scan seemed to find something new), but my computer still has the same problem! :tazz:


Anyone know what could be wrong with my "System" in task manager? It is not "system.exe" by the way - just "System".

Also, my "System" does not go crazy in safe mode.

Thank you in advance,
- Paul Kinsella




Logfile of HijackThis v1.99.1
Scan saved at 9:41:44 PM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...da...1221802609
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...up...mAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...-l...cfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Edited by kinsella, 12 March 2006 - 10:32 PM.

  • 0

Advertisements

#2
kinsella
Posted 14 March 2006 - 06:31 AM

kinsella

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
It has been seven days that I've been struggling with this problem. It would appear that it has stumped everyone. I've used nine different anti-malware programs. I've posted my problem on several help forums. And I've spent far too many hours researching, scanning and tinkering fruitlessly. I can no longer wait for online assistance. I've decided to end this nightmare once and for all by taking the following advice:

"Someone may have a better suggestion, but I'd have to say it's time for the nuclear option. Get your data backed up -- and only your data. Collect the CDs you've purchased at retail or from truly reputable sellers. Do a clean re-install on a newly formatted drive. Now for the Most Important Part: when you're done, learn how to practice safe hex, and how to protect your computer online. It's really not very hard once you get the hang of it, things like not clicking "OK" to every prompt that pops up just for starters." - Jim Hill

If you are reading this, then I have already used the "nuclear option". If someone on this forum thinks they have a less drastic solution, please feel free to post it. While such advice would have come too late for me, there might be someone else who has the same problem and would benefit from reading it.

I'll stop by later and let you know how it turned out.

All My Best,
- Paul Kinsella
  • 0

#3
kinsella
Posted 16 March 2006 - 03:47 AM

kinsella

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
:tazz:

GOOD NEWS!!!!

:)

Just before using the "Nuclear" option I tried one last scan with yet another anti-malware program (my 10th). What it found was mostly the same kind of stuff that the other scans found. I removed the infected files by hand, but saw no change. I noticed that the file for the sign-on name "paul kinsella" contained most of the infected files (on previous scans it also contained simular infected files). Since "Paul Kinsella" is a sign-on name that I no longer use - I decided to trash the whole thing. I got a lot of warnings saying that deleting "such-n-such" file might cause system instability. But I figured 'what the [bleep]' I'm going to do a complete system restore soon anyway. So I deleted it. I saw no change, so I figured it did not work. After turning off the computer and restarting (in preparation for the restore) I noticed that "System" was no longer acting crazy. Problem solved! The infected files I found with the scan, and then deleted, are listed below. My theory (for what it is worth) is that a nasty malware program found its way into an old sign-on file where, for what ever reason, it was able to stay safe.

I'm just glad this is over and that I did not need to use the "Nuclear" option. If someone else has the same problem as I had, Look for the following files and delete them by hand. Also delete any unused sign-on name files. Then restart your computer. (BE SURE TO BACK UP YOUR FILES FIRST!!!)

All my best,
- Paul Kinsella
http://www.normandcompany.com
http://www.orcmagazine.com





Incident Status Location

Adware:adware/alfacleaner Not disinfected C:\WINDOWS\uninstDsk.exe
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ccbill[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@888[2].txt
Spyware:Cookie/Any-Find Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@any-find[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@belnk[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul [email protected][1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul [email protected][1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@ccbill[1].txt
Spyware:Cookie/CWS Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@coolwebsearch[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul [email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul [email protected][2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@go[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@kinghost[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@kount[2].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@outster[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@rightmedia[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@spywarestormer[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@toplist[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@webpower[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul [email protected][2].txt
Spyware:Cookie/Searchit Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul [email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\paul kinsella\Cookies\paul kinsella@xiti[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul kinsella@adultfriendfinder[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul kinsella@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul kinsella@belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul [email protected][1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul kinsella@ccbill[1].txt
Spyware:Cookie/CWS Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul kinsella@coolwebsearch[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul kinsella@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul [email protected][2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul kinsella@gostats[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul [email protected][2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul kinsella@toplist[1].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul [email protected][1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul [email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\paul kinsella\Local Settings\Temp\Cookies\paul [email protected][1].txt
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Adware:Adware/XSRemover Not disinfected C:\WINDOWS\warnhp.html
Virus:Exploit/iFrame Not disinfected Local Folders\ALT -- webmaster\***SPAM*** Delivery Failed ([email protected])\~0000003.~
Virus:Bck/Breplibot.J Not disinfected Local Folders\NC -- webmaster\Campus Life\Article Photos.zip[Photo and Article.exe]
Virus:Trj/Relink.A Not disinfected Local Folders\SM -- joined\Please add me to mailing list!\~0000002.~

Edited by kinsella, 16 March 2006 - 03:49 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP