Member Avatar for clarky1983

Hi Guys,

Apologies if I am in the wrong section- this is my first post on these boards. Anyhoo, hello (!) and thanks for looking at my predicament

For the last 2 weeks, my computer has been running really slow - especially (though not exclusively) when I run IE. I thought it might be IE7, so I removed it and - surprisingly - it didn't have any effect. I then decided to do some detective work.....

From reading other forums/friends advice, I checked my task manager and found that a file called SYSTEM is running on my CPU between 90 - 99 pretty much all the time. I am unsure what this means (or, I know the basics) but I know that it is not supposed to be that high. I believe I should reiterate that the file is called "SYSTEM" not "system idle process" - surely this is the wrong way round? Shouldn't my idle process be around 90?

I downloaded Process Explorer and run it but I've no idea what I'm looking for!!

The readings showed that DPCs are running at anything between 40 - 50 and Hardware Interrupts are between 26 and 50 of my CPU. I'm assuming - in my limited computing knowledge - that this is not great??!

Can anyone advise what I can do to change this? I is driving me insane - and I can't seem to find any specific solution!! Though admittedly, I'm pretty useless on a computer.

I really can't reinstall Windows, as I've too much information and nowhere to put it!!! I've heard that the DPC and HI could be due to a buggy connection - is this possible? Also - if it is - how do I go about checking the connections?? There are no yellow warning triangles in my device/hardware manager!

Here are the specs of my computer :

Compaq SR 1200
Pentium 4 3.0Gb
Ram 1 Gb
XP Home SP2
AVG 8.0

I'm not sure of any more of the specs but I have made no additions to the computer since i bought it (e.g. external drives, new mouse etc) except installing a wireless router - which was nearly 2 years ago!! I never use the computer for anything other than editing photos, music and occassional word processing.

Any help would be most appreciated!!

thanks,

Matt

  • 2 Contributors
  • 7 Replies
  • 644 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by Suspishio

Recommended Answers

All 7 Replies

Member Avatar for Suspishio

There are two processes: System and System Idle. That'll be the Image Name in Task Manager. The User Name for each of these will be SYSTEM.

One of two things could be happening:

1/
The image "System" can host other services. If one of them is malware or you have something loaded at startup that's gone wrong, and if that is hosted by "System", then there's your problem.

2/
If the word isn't "System" but it's all caps or someother distortion, then you've probably got a trojan. Other clues are very high memory use.

You would need to list the services that are running and look for something unusual. This is done from Admiistrative Tools in Control Panel. You could post an attachment with the list here for us to take a look at.

Also if you can list the programs that are loaded by Windows at Startup, that'll possibly provide valuable clues.

Member Avatar for clarky1983

I didn't get chance to actually look at my computer last night. I'll have a look tonight, do what you've suggested and post the results.

thanks for the advice though!

Member Avatar for clarky1983

Hi,

I have attached the services information as a text document. It looks a little crazy but hopefully you'll get the idea (and understand it a little better than I do). I've also looked at my startup programmes and there's nothing in there that shouldn't be.

Any information you can give me would be amazing - I'm still massively stuck!

thanks!

Name	Description	Status  	Startup Type	Log On As
Alerter	Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.		Disabled	Local Service
Application Layer Gateway Service	Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.	Started	Manual	Local Service
Application Management	Provides software installation services such as Assign, Publish, and Remove.		Manual	Local System
ASP.NET State Service	Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Network Service
Ati HotKey Poller		Started	Automatic	Local System
Automatic Updates	Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.	Started	Automatic	Local System
AVG Free8 E-mail Scanner		Started	Automatic	Local System
AVG Free8 WatchDog		Started	Automatic	Local System
Background Intelligent Transfer Service	Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.	Started	Automatic	Local System
ClipBook	Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.		Disabled	Local System
COM+ Event System	Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Manual	Local System
COM+ System Application	Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Computer Browser	Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.		Automatic	Local System
Cryptographic Services	Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
DCOM Server Process Launcher	Provides launch functionality for DCOM services.	Started	Automatic	Local System
DHCP Client	Manages network configuration by registering and updating IP addresses and DNS names.	Started	Automatic	Local System
Distributed Link Tracking Client	Maintains links between NTFS files within a computer or across computers in a network domain.	Started	Automatic	Local System
Distributed Transaction Coordinator	Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. 		Manual	Network Service
DNS Client	Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Network Service
Error Reporting Service	Allows error reporting for services and applictions running in non-standard environments.	Started	Automatic	Local System
Event Log	Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.	Started	Automatic	Local System
Fast User Switching Compatibility	Provides management for applications that require assistance in a multiple user environment.	Started	Manual	Local System
Fax	Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.		Manual	Local System
FLEXnet Licensing Service	This service performs licensing functions on behalf of FLEXnet enabled products.		Manual	Local System
Help and Support	Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
HID Input Service	Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.	Started	Automatic	Local System
HTTP SSL	This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
IMAPI CD-Burning COM Service	Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Indexing Service	Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.		Manual	Local System
InstallDriver Table Manager	Provides support for the Running Object Table for InstallShield Drivers		Manual	Local System
iPod Service	iPod hardware management services	Started	Manual	Local System
IPSEC Services	Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.	Started	Automatic	Local System
Logical Disk Manager	Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Logical Disk Manager Administrative Service	Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.		Manual	Local System
Messenger	Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.		Disabled	Local System
MS Software Shadow Copy Provider	Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Net Logon	Supports pass-through authentication of account logon events for computers in a domain.		Manual	Local System
NetMeeting Remote Desktop Sharing	Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.		Manual	Local System
Network Connections	Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.	Started	Manual	Local System
Network DDE	Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.		Disabled	Local System
Network DDE DSDM	Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. 		Disabled	Local System
Network Location Awareness (NLA)	Collects and stores network configuration and location information, and notifies applications when this information changes.	Started	Manual	Local System
Network Provisioning Service	Manages XML configuration files on a domain basis for automatic network provisioning.		Manual	Local System
NT LM Security Support Provider	Provides security to remote procedure call (RPC) programs that use transports other than named pipes.		Manual	Local System
Office Source Engine	Saves installation files used for updates and repairs and is required for the downloading of Setup updat
Member Avatar for Suspishio

So the services look fine (half expected that). Right, so, discounting a trojan, this is what it it is likely to be (doesn't make it easy to fix):
1/
"System" is called by a kernel level process that must run.

2/
This could be a hardware demand, like the power system (ACPI).
Or it could be a device that's calling for a service when it shouldn't be; the device is faulty.

You can google & download a process monitor and get deeper information but there are two potential immediate steps:

1 Update now to XP SP3 - may fix a bug (in ACPI?)

2 Turn ACPI off in BIOS and Windows

Let us know.

Member Avatar for clarky1983

Thanks for this info,

I'm away this weekend so will do these steps as soon as i'm back - on Sunday night.

I'll let you know how i get on!

Member Avatar for clarky1983

I've done all the steps you suggested but with no success. I've also used process monitor but have no idea what I'm looking at. It seems that the main 'programmes' running are:

19:33:40.2578755 svchost.exe 1148 RegCloseKey HKCU SUCCESS
19:33:45.7685429 wuauclt.exe 3052 RegCloseKey HKLM\SOFTWARE\Microsoft\COM3 SUCCESS
19:30:32.9491913 svchost.exe 1148 RegOpenKey HKCR\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InprocHandler32 NAME NOT FOUND Desired Access: Maximum Allowed

svchost appears in many different forms so I'm guessing that this is standard??

Member Avatar for Suspishio

Having read your otiginal post again, I should have spotted the DPCs. The Windows Kernel is required to service these DPCs and they occur usually because something's not right in the hardware somewhere. Have a read of this article:
http://www.microsoft.com/whdc/Driver/tips/DPC_ISR.mspx

Perhaps you could accumulate the Tracelog or post a text file with the Process Explorer results so we can see the DPCs and what might be deduced from them.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.