Computer briefly lags every several seconds...

[Guest]

I have Windows XP running on a HP media center PC m470

My computer briefly lags every several seconds. It is most noticeable when I
play video games (both online and offline). The activity on the screen will
freeze for a half second or so, then resume for about 6 seconds, then freeze
again for half a second, then resume for about 6 seconds, etc...

Under "Windows Task Manager", under "Processes" tab, listed under the "Image
Name" column: is a process called "System".... it goes from using 0% CPU to
anywhere from 40% - 90% CPU every several seconds with the regularity of a
heart beat.

Under "Windows Task Manager", under "Performance" tab, the "CPU Usage
History" graph shows a row of about 22 narrow mountain peaks of about the
same height and at equal distance from each other - again, like a heart beat.

Can anyone tell me what is wrong with "System" and how to correct it?

You get extra points if you can tell me what "System" is used for.

 

[Jim Hill]

My computer briefly lags every several seconds [...] Can anyone tell
me what is wrong with "System" and how to correct it?

Googling "System Process CPU Time", the second hit looks a whole lot
like your description.
http://www.sysinternals.com/blog/2005/07/case-of-periodic-system-hangs.html

There is, of course, a nasty possibility: you've got mal. (malware.
couldn't resist the phonetic pun. sorry.) Hunt down multiples of the
free scans if you're not already running something, and do a full scan.

You get extra points if you can tell me what "System" is used for.

ooooh For extra points I'll tell you that "System" is the guts of
Windows. You can add a "PID" column to your task manager. That's
"Process ID" and they're assigned serially from the time the system
boots (until they wrap, then it gets weird, but I'll lay odds you're not
going to see that happen any time soon). You can get books describing
the XP boot process in detail if you're really curious.

 

[Jim Hill]

Googling "System Process CPU Time", the second hit looks a whole lot
like your description.
http://www.sysinternals.com/blog/2005/07/case-of-periodic-system-hangs.html

Hmmm. Reading through that article the whole way, I noticed he's using
Process Explorer from sysinternals:
http://www.sysinternals.com/Utilities/ProcessExplorer.html
and probably forgot it was even installed.

 

[Guest]

I've run a total of 8 types of anti-virus software on my computer:

Stop-Sign
Norton
PC-Cillin
AVG Free
Ad-Aware
ewido anti-malware
CCleaner
hijackthis (see log below)

I've found and removed a LOT of stuff (each anti-virus scan seems to find
something new), but my computer still has the same problem! It's almost as
if there is an invisible trojan on my computer that's giving birth to little
baby trojans. I keep catching the babies, but can't find the mother.

Anyone have an Idea what is wrong with "System"?

 

[Jim Hill]

I've run a total of 8 types of anti-virus software on my computer:
each anti-virus scan seems to find something new

That's why you run multiples.

but my computer still has the same problem!
It's almost as if there is an invisible trojan on my computer that's
giving birth to little baby trojans. I keep catching the babies,

Someone may have a better suggestion, but I'd have to say it's time for
the nuclear option. Get your data backed up -- and only your data.
Collect the CDs you've purchased at retail or from truly reputable
sellers. Do a clean re-install on a newly formatted drive.

Now for the Most Important Part: when you're done, learn how to practice
safe hex, and how to protect your computer online. It's really not very
hard once you get the hang of it, things like not clicking "OK" to every
prompt that pops up just for starters.

Google will tell you how to do all of those.

As for the System process, forget it. Learn about that later, if ever.
Focus on the real problem now.

Jim

 

[Guest]

Thank you for your advice. Unfortunetly it has been seven days that I've been
strugleing with this problem. It would appear that it has stumped everyone.
I've used nine different anti-malware programs. I've posted my problem on
several help forums. And I've spent far too many hours resurching, scanning
and tinkering fruitlessly. I've decided to end this nightmare once and for
all by taking your advice.

To other readers: If you are reading this, then I have already used the
"nuclear option". If someone on this forum thinks they have a less drastic
solution, please feel free to post it. While such advice would have come to
late for me, there might be someone else who has the same problem and would
benifit from reading it.

I'll stop by later and let you know how it turned out.

All My Best,
- Paul Kinsella

 

[Guest]

GOOD NEWS!!!!
Just before using the "Nuclear" option I tried one last scan with yet
another anti-malware program (my 10th). What it found was mostly the same
kind of stuff that the other scans found. I removed the infected files by
hand, but saw no change. I noticed that the file for the sign-on name "paul
kinsella" contained most of the infected files (on previous scans it also
contained simular infected files). Since "Paul Kinsella" is a sign-on name
that I no longer use - I decided to trash the whole thing. I got a lot of
warnings saying that deleting "such-n-such" file might cause system
instability. But I figured 'what the hell' I'm going to do a complete system
restore soon anyway. So I deleted it. I saw no change, so I figured it did
not work. After turning off the computer and restarting (in preparation for
the restore) I noticed that "System" was no longer acting crazy. Problem
solved! The infected files I found with the scan, and then deleted, are
listed below. My theory (for what it is worth) is that a nasty malware
program found its way into an old sign-on file where, for what ever reason,
it was able to stay safe.

I'm just glad this is over and that I did not need to use the "Nuclear"
option. If someone else has the same problem as I had, Look for the following
files and delete them by hand. Also delete any unused sign-on name files.
Then restart your computer. (BE SURE TO BACK UP YOUR FILES FIRST!!!)

Thank you for the help,
- Paul Kinsella
http://www.normandcompany.com



Incident
Status Location




Adware:adware/alfacleaner
Not disinfected C:\WINDOWS\uninstDsk.exe



Spyware:Cookie/Ccbill
Not disinfected C:\Documents and
Settings\Administrator\Cookies\administrator@ccbill[1].txt



Spyware:Cookie/888
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@888[1].txt


Spyware:Cookie/888
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@888[2].txt


Spyware:Cookie/Any-Find
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@any-find[1].txt


Spyware:Cookie/Belnk
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@belnk[1].txt


Spyware:Cookie/Barelylegal
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul (e-mail address removed)[1].txt


Spyware:Cookie/GoStats
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul (e-mail address removed)[1].txt


Spyware:Cookie/Cassava
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@cassava[1].txt


Spyware:Cookie/Ccbill
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@ccbill[1].txt


Spyware:Cookie/CWS
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@coolwebsearch[1].txt


Spyware:Cookie/360i
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul [email protected][2].txt


Spyware:Cookie/did-it
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@did-it[1].txt


Spyware:Cookie/Belnk
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul (e-mail address removed)[2].txt


Spyware:Cookie/GoStats
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@gostats[2].txt


Spyware:Cookie/go
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@go[1].txt


Spyware:Cookie/MediaTickets
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@kinghost[1].txt


Spyware:Cookie/Kount
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@kount[2].txt


Spyware:Cookie/Outster
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@outster[2].txt


Spyware:Cookie/Rightmedia
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@rightmedia[1].txt


Spyware:Cookie/SpywareStormer
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@spywarestormer[2].txt


Spyware:Cookie/Target
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@target[1].txt


Spyware:Cookie/Toplist
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@toplist[2].txt


Spyware:Cookie/WebPower
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@webpower[1].txt


Spyware:Cookie/Affiliate fuel
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul (e-mail address removed)[2].txt


Spyware:Cookie/Searchit
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul (e-mail address removed)[1].txt


Spyware:Cookie/Xiti
Not disinfected C:\Documents and Settings\paul
kinsella\Cookies\paul kinsella@xiti[1].txt


Spyware:Cookie/adultfriendfinder
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul kinsella@adultfriendfinder[2].txt


Spyware:Cookie/Azjmp
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul kinsella@azjmp[2].txt


Spyware:Cookie/Belnk
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul kinsella@belnk[1].txt


Spyware:Cookie/GoStats
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul (e-mail address removed)[1].txt


Spyware:Cookie/Ccbill
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul kinsella@ccbill[1].txt


Spyware:Cookie/CWS
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul kinsella@coolwebsearch[1].txt


Spyware:Cookie/did-it
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul kinsella@did-it[2].txt


Spyware:Cookie/Belnk
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul (e-mail address removed)[2].txt


Spyware:Cookie/GoStats
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul kinsella@gostats[1].txt


Spyware:Cookie/Searchportal
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul
(e-mail address removed)[2].txt


Spyware:Cookie/Toplist
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul kinsella@toplist[1].txt


Spyware:Cookie/seeqA
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul (e-mail address removed)[1].txt


Spyware:Cookie/Buydomains
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul (e-mail address removed)[1].txt


Spyware:Cookie/Seeq
Not disinfected C:\Documents and Settings\paul
kinsella\Local Settings\Temp\Cookies\paul (e-mail address removed)[1].txt


Potentially unwanted tool:Application/HideWindow.A
Not disinfected C:\hp\bin\FondleWindow.exe



Potentially unwanted tool:Application/KillApp.B
Not disinfected C:\hp\bin\KillIt.exe



Adware:Adware/XSRemover
Not disinfected C:\WINDOWS\warnhp.html



Virus:Exploit/iFrame
Not disinfected Local Folders\ALT -- webmaster\***SPAM***
Delivery Failed ([email protected])\~0000003.~


Virus:Bck/Breplibot.J
Not disinfected Local Folders\NC -- webmaster\Campus
Life\Article Photos.zip[Photo and Article.exe]


Virus:Trj/Relink.A
Not disinfected Local Folders\SM -- joined\Please add me to
mailing list!\~0000002.~