1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

system32.exe using up 100% CPU

Discussion in 'Windows XP' started by louisj23, Feb 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. louisj23

    louisj23 Thread Starter

    Joined:
    Jun 11, 2001
    Messages:
    133
    I was just reading about how this may be a virus but I don't get all of the marajuna icons and windows.
    Anyway, my comp was completely bogged down so checked under my CPU processes in the task manager only to find a file named SYSTEM32.EXE was using up 100% !!
    What is this file and is it in fact a virus and which directory does it get lumped into cause I can't seem to find it.
    Running a virus scan right now with System Suite.

    Windows 2000
    Thanks
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    It can be any of a number of viruses, and it's certainly no Windows file.

    Please do this:

    Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

    Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

    Go to Edit > select all, copy it and post the contents here.
     
  3. louisj23

    louisj23 Thread Starter

    Joined:
    Jun 11, 2001
    Messages:
    133
    damn that was quick, thanks for replying. Here's the info....

    StartupList report, 2/15/2003, 6:47:49 PM
    StartupList version: 1.51
    Started from : C:\DOCUME~1\LOUISC~1\LOCALS~1\Temp\Rar$EX00.121\StartupList.EXE
    Detected: Windows 2000 SP3 (WinNT 5.00.2195)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\System32\mspmspsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\windows\system32\syssrcvs.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\CMEII\CMESys.exe
    C:\Program Files\Common Files\GMT\GMT.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Ontrack\SystemSuite\SSuite.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\LOUISC~1\LOCALS~1\Temp\Rar$EX00.121\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SystemTray = SysTray.Exe
    SoundMan = soundman.exe
    Fix-It AV = C:\PROGRA~1\Ontrack\SYSTEM~1\MemCheck.exe
    NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    SysTray = c:\windows\system32\syssrcvs.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    CMESys = "C:\Program Files\Common Files\CMEII\CMESys.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    SystemSAS = system32.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Desktop Weather = C:\PROGRA~1\THEWEA~1\THEWEA~1.exe

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrFile\shell\open\command

    (Default) = "C:\Program Files\Internet Explorer\Iexplore.exe" %1

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

    [IEDial Class]
    InProcServer32 = C:\WINDOWS\System32\IEAccess2.dll
    CODEBASE = http://usa-download.nocreditcard.com/download/Object/ieaccess2.cab

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37577.4276157407

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    Protocol #1: wps.dll (file MISSING)
    Protocol #2: wps.dll (file MISSING)
    Protocol #3: wps.dll (file MISSING)
    Protocol #4: wps.dll (file MISSING)
    Protocol #5: wps.dll (file MISSING)
    Protocol #11: wps.dll (file MISSING)

    --------------------------------------------------
    End of report, 5,433 bytes
    Report generated in 0.161 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  4. louisj23

    louisj23 Thread Starter

    Joined:
    Jun 11, 2001
    Messages:
    133
    OK, found something new with this.
    Just tried opening up Windows Media Player and playing a couple of files.
    The.Lord.Of.The.Rings.The.Two.Towers.CD1.DVDScr.XViD-ViTE
    and
    The.Ring.(DVDScreener).Cd1.[ViTE].Osloskop

    Now earlier I downloaded and installed a couple XVid codecs to get the movies to play.
    Tried a couple of other video files and they were fine but when I open either one of those two, windows media player stops responding and is using up 100% of my resources. I know, I know, I just need to delete these files but I just want to make sure they didn't leave something behing
     
  5. louisj23

    louisj23 Thread Starter

    Joined:
    Jun 11, 2001
    Messages:
    133
    and now just opened up another browser and EXPLORER.EXE is using 100%
     
  6. The_Egg

    The_Egg

    Joined:
    Sep 16, 2002
    Messages:
    1,157
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - system32 using 100%
  1. SkipRinPerth
    Replies:
    1
    Views:
    581
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/119000

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice