System uses CPU by itself

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rsouthgate

Thread Starter
Joined
Jan 7, 2003
Messages
3
I have a small problem - but one that affects my ability to enjoy a DVD - and so becomes much more important!!!

I'm not sure how long it takes but seems to be about an hour after I boot up win2k there is something that periodically uses about 25% of the CPU for about a second every 5 seconds. If I'm watching a DVD then the picture will jump at this rate.

I have watched the performance monitor and see a graph where for most of the time CPU usage is down at 1 or 2% but every 5secs jumps to 25% for a split second and then back - this will repeat until I restart the machine and then everything is fine for about another hour / hour and a half.

Under processes it seems that the Process causing this is "System". That doesn't tell me too much so I was hoping someone here might know what within the system could be doing this periodic thing and how I can turn it off!

Thanks very much
Robin
 

rsouthgate

Thread Starter
Joined
Jan 7, 2003
Messages
3
Ok, Here is the list of all those things running. The thing that bothered me, though, was that it was clearly the System that was causing this blip - and most of these things listed would show up as separate processes in the task manager and therefore if they were causing the blip I would be able to see that. As it is I don't know what "System" actually means - but that is definately the culprit.


StartupList report, 08/01/2003, 13:52:43
StartupList version: 1.50
Started from : C:\Documents and Settings\Administrator\Desktop\StartupList.EXE
Detected: Windows 2000 SP2 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Macromedia\ColdFusion MX\runtime\bin\jrunsvc.exe
C:\Program Files\Macromedia\ColdFusion MX\db\slserver52\bin\swagent.exe
C:\Program Files\Macromedia\ColdFusion MX\runtime\bin\jrun.exe
C:\Program Files\Macromedia\ColdFusion MX\db\slserver52\bin\swstrtr.exe
C:\Program Files\Macromedia\ColdFusion MX\db\slserver52\bin\swsoc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\loadqm.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINNT\System32\CTHELPER.EXE
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\KaZaA\kazaa.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINNT\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Logitech\iTouch\kbdtray.exe
C:\Program Files\AOL 7.0a\aoltray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\AOL 7.0a\waol.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0a\aoltray.exe
GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
Iomega Startup Options = C:\Program Files\Iomega\Common\ImgStart.exe
Iomega Drive Icons = C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
UpdReg = C:\WINNT\UpdReg.EXE
LoadQM = loadqm.exe
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
NeroCheck = C:\WINNT\system32\NeroCheck.exe
WINDVDPatch = CTHELPER.EXE
Jet Detection = "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
RapidBlaster = C:\Program Files\RapidBlaster\rb32.exe
zBrowser Launcher = C:\PROGRA~1\Logitech\iTouch\iTouch.exe
EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
KAZAA = C:\Program Files\KaZaA\kazaa.exe /SYSTRAY
LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ATI Launchpad =
ctfmon.exe = ctfmon.exe
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINNT\WIN.INI:

load=
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
HKLM\..\Windows\CurrentVersion\WinLogon: load=
HKLM\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
HKCU\..\Windows\CurrentVersion\WinLogon: load=
HKCU\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

*INI section not found*
*INI section not found*
*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=(NONE)
*Registry value not found*

Policies Shell key:

HKCU\..\Policies: *Registry key not found*
HKLM\..\Policies: *Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINNT\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
CODEBASE = http://207.188.7.150/0866b279abd461a16405/netzip/RdxIE2.cab

[Update Class]
InProcServer32 = C:\WINNT\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37561.4432407407

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[StarInstall Control]
InProcServer32 = C:\WINNT\DOWNLO~1\STARIN~1.OCX
CODEBASE = http://www.stardialer.de/install/StarInstall.ocx

--------------------------------------------------
End of report, 9,050 bytes
Report generated in 1.191 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
Joined
Dec 9, 2000
Messages
45,855
This is the only clearly identifiable "nasty" I see there:

http://www.doxdesk.com/parasite/RapidBlaster.html

I see Kazaa of course, but don't have any clue as to whether you are seeing activity there.

What does seem particularly strange is the presence of these "Running Processes" without any startup call from the "ColdFusion" folder.

C:\Program Files\Macromedia\ColdFusion MX\runtime\bin\jrunsvc.exe
C:\Program Files\Macromedia\ColdFusion MX\db\slserver52\bin\swagent.exe
C:\Program Files\Macromedia\ColdFusion MX\runtime\bin\jrun.exe
C:\Program Files\Macromedia\ColdFusion MX\db\slserver52\bin\swstrtr.exe
C:\Program Files\Macromedia\ColdFusion MX\db\slserver52\bin\swsoc.exe

Any idea what's going on there? Were you manually running a Web development program when you posted this?
 

rsouthgate

Thread Starter
Joined
Jan 7, 2003
Messages
3
I removed rapidblaster quite a while back - so even though that link is there there is no rb32.exe to run.

I don't think Kazaa would be causing the problem - since I can boot up the machine and not go online - so Kazaa isn't connected and I still get this problem.

I have coldfusion server installed on the machine - and I think thoses services run constantly - I certainly never use coldfusion anymore - so I didn't start them off!!!

But again - those coldfusion processes are listed in the task manager and the numbers next to those remain constant - it is only the CPU number next to System that is jumping up and down. Isn't there a way of getting inside this thing called System and seeing exactly what calls are being made to the CPU?

Thanks for your help
robin
 
Joined
Dec 9, 2000
Messages
45,855
I think we mentioned using Filemon in that other thread to monitor the actual files being accessed. The one being pointed to in that case was something used for ntfs recovery purposes under certain circumstances.

In any case you can use utilities like Filemon and Regmon to view the system activity in real time. Takes a bit of interpretation and research to understand them, but they can be useful diagnostic tools well worth having handy.

http://www.sysinternals.com/ntw2k/utilities.shtml

You might want to view your "services" profile in Administrative Tools to see if those ColdFusion services are listed and enabled to start automatically. Then can easily be set to 'disabled' by right clicking and selecting 'properties'
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top