CtHelper.exe CPU=99%

  • Thread starter Thread starter Richard In Va.
  • Start date Start date
R

Richard In Va.

Maybe a bit off-topic but... I have a problem with CtHelper.exe, maybe
someone can help?

I have a windows process, C:\WINDOWS\system32\CtHelper.exe that is utilizing
99% of CPU as noted by Windows Task Manager. The process hangs at every
shutdown and I have to abort the process to fully shut down.

I understand this process is a part of SoundBlaster Audio software.

A few details... I'm rebuilding an older 2002 PC, WinXP-Home Intel P4, by
replacing the hard drive and re-installing using the OEM restore CD's. Used
the OEM restore CD to install all drivers as well. Updated via windows
update to SP2 then SP3 then the newer updates. Noticed in the updates
optional software a few driver/software updates, namely for the soundblaster
card installed. Installed the soundblaster software update and that's when
(I think) I picked up CtHelper and it's problem. This all occurred
yesterday.

Today I looked thru the OEM software CD's and installed Roxio CD Creator 5
Basic. At reboot, I noticed Roxio had a problem opening the "Project
Selection" window but the individual components seemed to open fine.

Opened Windows Task Manager and noticed the process CtHelper using 98-99% of
CPU. So I shut down the process and accepted the warning. As soon as the
process closed, the CD Creator "Project Selection" window opened up.

Anyone got any ideas here? Don't know if I really need the CtHelper process
and maybe I should remove the process for good if someone can tell me how
(other than unchecking it in msconfig). Maybe I can un-install everything
soundblaster and re-install from the OEM driver CD and forget about the
update located at windows update?

Any advice would be appreciated... even if a bit "off-topic"...

Richard in Va.
+++++++++++
 
Richard

Are there any yellow question marks in Device Manager? Right click on
the My Computer icon on your Desktop and select Properties,
Hardware,Device Manager. If yes what is the Device Error code?

Are there any errors in Event Viewer?

Have a look in the System and Application logs in Event Viewer for
Errors and Warnings and post copies here. Don't post any more than 48
hours ago.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Gerry,

No, there are no yellow question marks showing in device manager.

However, I do find 1 system error in event viewer...

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 1/29/2009
Time: 8:49:50 AM
User: N/A
Computer: C****E-M***E
Description:
The iscFlash service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

NO errors listed in Applications

Thanks!
++++++++++++++++++++++
 
Richard said:
Gerry,

No, there are no yellow question marks showing in device manager.

However, I do find 1 system error in event viewer...

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 1/29/2009
Time: 8:49:50 AM
User: N/A
Computer: C****E-M***E
Description:
The iscFlash service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

NO errors listed in Applications

Thanks!
++++++++++++++++++++++
Click to expand...

See the notes here:
http://searchtasks.answersthatwork.com/tasklist.php?File=CTHelper

Based on that, I'd suggest disabling it and see if any of your other
sound apps have problems. Either disable manually by editing the
registry or use Autoruns (has an easy-to-use GUI to disable and
re-enable startups).

Autoruns: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

or open regedit, navigate to

HKLM\Software\Microsoft\Windows\Current Version\Run

and right-click on CTHelper and choose Delete.

For restoration purposes:

ValueName = CTHelper [capitalization required]
ValueType = REG_SZ
Data = CTHelper.exe

--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
 
Richard

I would say you likely have a malware infestation. If you Google on
iscFlash service you will see why I think this likely.

I suggest you download and run Spybot S & D (freeware version). There
is a freeware version buried in this link:
http://www.safer-networking.org/en/spybotsd/index.html

Malwarebytes' Anti-Malware
1.32 -freeware (if you upgrade you pay).
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Run Malwarebytes' in safe mode and turn off your current anti-virus
before you do to avoid a conflict. Disregard the invitation on the web
site regarding the Registry Optimiser -a Registry Optimiser is not a
helpful utility.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Richard In Va. said:
Maybe a bit off-topic but... I have a problem with CtHelper.exe, maybe
someone can help?

I have a windows process, C:\WINDOWS\system32\CtHelper.exe that is utilizing
99% of CPU as noted by Windows Task Manager. The process hangs at every
shutdown and I have to abort the process to fully shut down.

I understand this process is a part of SoundBlaster Audio software.

A few details... I'm rebuilding an older 2002 PC, WinXP-Home Intel P4, by
replacing the hard drive and re-installing using the OEM restore CD's. Used
the OEM restore CD to install all drivers as well. Updated via windows
update to SP2 then SP3 then the newer updates. Noticed in the updates
optional software a few driver/software updates, namely for the soundblaster
card installed. Installed the soundblaster software update and that's when
(I think) I picked up CtHelper and it's problem. This all occurred
yesterday.

Today I looked thru the OEM software CD's and installed Roxio CD Creator 5
Basic. At reboot, I noticed Roxio had a problem opening the "Project
Selection" window but the individual components seemed to open fine.

Opened Windows Task Manager and noticed the process CtHelper using 98-99% of
CPU. So I shut down the process and accepted the warning. As soon as the
process closed, the CD Creator "Project Selection" window opened up.

Anyone got any ideas here? Don't know if I really need the CtHelper process
and maybe I should remove the process for good if someone can tell me how
(other than unchecking it in msconfig). Maybe I can un-install everything
soundblaster and re-install from the OEM driver CD and forget about the
update located at windows update?

Any advice would be appreciated... even if a bit "off-topic"...

Richard in Va.
+++++++++++
Click to expand...
Hello,
This item is not needed.
I found that removing the card and softwear, then reinstalling
using the CD that came with the card and do not update, worked without
problems.
Following information may be of some use.

While CtHelper MFC may be SoundBlaster related, a file by the same name
CtHelper.exe tries to monitor mouse and keyboard movements. Spyware.
From a sound card newsgroup, do not know if this is true.

cthelper.exe is installed with Creative Labs Soundblaster Devices. It's
purpose is to aid 3rd party developers create plugins/software for the card.
In this way it is a non-essential system process and can be removed from the
task-bar/startup.
From the same news group.

Suggest not updating third party drivers from the Microsoft Update site.
Unless there is a special need for more then normal sound card uses,
recommend not updating SoundBlaster card.


take care.
beamish.
 
Thanks!... I've read everyone's replies and will try some combination
thereof this morning. Will post back what I find and the results.

But I'm still listening if others have ideas too!

Be back soon,

Richard in Va.
+++++++++++
 
Resolution-

I looked again thru the CD's that came with the PC and found a SoundBlaster
CD with the Gateway name on it. So I removed all installed SoundBlaster and
audio drivers and the card itself as beamish recommended, Booted and all
seemed to be well, the CtHelper.exe process was now gone.

Ran AVG Free ver 8.0 and it found no threats. The PC had only been to 2
websites, msn.com and windows update.

Reinstalled the audio card and the driver from the Gateway provided CD. Did
not install all the other goodies... just the driver.

Everything (for now) seems to be much more better!

Thanks for all the help and good ideas!

Richard in Va.
+++++++++++
 
Richard In Va. said:
Resolution-

I looked again thru the CD's that came with the PC and found a SoundBlaster
CD with the Gateway name on it. So I removed all installed SoundBlaster and
audio drivers and the card itself as beamish recommended, Booted and all
seemed to be well, the CtHelper.exe process was now gone.

Ran AVG Free ver 8.0 and it found no threats. The PC had only been to 2
websites, msn.com and windows update.

Reinstalled the audio card and the driver from the Gateway provided CD. Did
not install all the other goodies... just the driver.

Everything (for now) seems to be much more better!

Thanks for all the help and good ideas!

Richard in Va.
+++++++++++
Click to expand...
Hello,
Thank You for the follow up.
take care.
beamish.
 
Richard

To be safe I would still do a further check for malware.

I suggest you download and run Spybot S & D (freeware version). There
is a freeware version buried in this link:
http://www.safer-networking.org/en/spybotsd/index.html

Malwarebytes' Anti-Malware
1.32 -freeware (if you upgrade you pay).
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Run Malwarebytes' in safe mode and turn off your current anti-virus
before you do to avoid a conflict. Disregard the invitation on the web
site regarding the Registry Optimiser -a Registry Optimiser is not a
helpful utility.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Thanks Gerry,

Spybot S & D + Malwarebytes, your right, maybe I should.... the boss will be
taking this PC home to his wife.

Thanks Again!

Richard in Va.
+++++++++++
 
Hello Gerry,

I've run both Spybot S&D and Malwarebytes and neither found any threats.
Per your concern, I did a system search for "iscflash" and found one file...
C:\Program Files\Gateway\SRCD\iscflash.sys

Googling for "iscflash" I found this link that applied to my situation and
made sense.

http://www.wilderssecurity.com/showthread.php?t=38021

Looks like "iscflash" is a part of the Gateway Restore facility.

So I assume I'm now clear of my dilemma...

Thanks for the good help!

Richard in Va.
+++++++++++
 
Richard

Glad you seem to have sorted your problem. In Windows Explorer you could
right click on iscflash.sys
and select Properties. You can then see what is said there about the
source of the file.


--



Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Not much information Gerry,

The Version tab shows...

Description: icsflash.sys
Copyright: 1999 Insyde Software
Version: 2.0.0.2
(everything else is blank)

via google, here is a link to their website...
http://www.insydesw.com/

Thanks again!!
++++++++++++
 
Richard

I think we have done this problem to death and the problem seems to be
fixed. One last observation. If the original Gateway Restoration CD
contains the file that would be conclusive that it is not malware.

--



Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Back
Top