Custom Search
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC!
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
Results 1 to 14 of 14

Thread: Kernel processor usage

  1. #1
    Join Date
    Nov 2003
    Location
    Eastcoast
    Posts
    744

    Kernel processor usage

    I just got finish with checking my system and found in system resourses that my kernel processor usage is 100%, now I do not think this is right, so I shutdown all the running programs except for my systray and the problem is still there. Does anyone know how to fix this or does it need fixing?
    Please let me know what to do.

  2. #2
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,389
    We are going to need a lot more info...

    What version of Windows are you running, what is running from startup etc.

    The easiest way to do this will be to post a HijackThis log.
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

  3. #3
    Join Date
    Nov 2001
    Location
    ^~^In my mind^~^
    Posts
    992
    If you mean 'kernel processor usage' in system monitor in win9x, it's isn't very reliable in checking processor usage. Before trying to fix something that may not be broken, try a better monitor,like Wintop, one of the Win95 Kernel Toys.Wintop
    ......_=_
    ....q(-_-)p
    .....'_) (_`
    ../__/ \ __\
    .._ (<_ / )_..
    (__\_\_|_/__)
    "Our life is shaped by our mind; we become what we think. One who conquers himself is greater than another who conquers a thousand times a thousand on the battlefield". Buddha, Siddhartha Gautama

  4. #4
    Join Date
    Nov 2003
    Location
    Eastcoast
    Posts
    744
    The windows I am using is windows ME and the only program I can find running is: explorer, zonealarm, systray and E_s10icz what ever this program is.

  5. #5
    Join Date
    Nov 2003
    Location
    Eastcoast
    Posts
    744
    I know I did not get a reply from my last post as yet but I just wanted to add this information. I could not get the Hijack web page to open, however I down loaded the wintop and installed it and ran it. It said that my cpu in idle is around 97-99%. The other programs running is zonealarm at 0.74% and the others are below 40%.

  6. #6
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    Try the HijackThis link in my sig... You may need to download from the LurkHere site on that page....
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  7. #7
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,389
    cpu in idle is around 97-99%
    That is fine. The idle process is not a real process, but a way of saying that your CPU is doing nothing 97+ % of the time.....

    The E_s10icz item is very suspicious, Google brings up absolutely nothing and it is not in any of my resources. It has the feel of a random name bad guy....
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

  8. #8
    Join Date
    Nov 2003
    Location
    Eastcoast
    Posts
    744
    You guys are very helpful mjc I am going to track down this file in question and remove it.
    I guess I was miss-interpreting the cpu problem, however, I have two more drives in this computer and I have not seen this situation with the other drives. I will try to download this hijack program and send to you guys the programs that are running and you will see that there is no reason for me to be getting this kind of reading when I check system resources.

  9. #9
    Join Date
    Nov 2003
    Location
    Eastcoast
    Posts
    744

    Cool

    Ok, this is my Hijack this log. Hope I don't have anything incriminating here.

    Logfile of HijackThis v1.97.7
    Scan saved at 6:48:17 PM, on 02/29/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\E_S10IC2.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\HIJACK THIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...5.5&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PRO\CCHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PRO\POPUPPRO.DLL
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\InstantCD+DVD\SharedFiles\Pixie\RegTool.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf3 2.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...928.3176041667
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content-g.kontiki.com/kdx/v2....urrent/kdx.cab

  10. #10
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    Your log looks mostly clean. You do need to update your IE since all older versions contain vulnerabilities that MS is not fully patching. You have a couple of things that are thought to be spyware by some people, but are not confirmed as spyware. They don't do anything for you except to tell you there are updates for programs online (to sell you the updates), so I recommend fixing them. To do so, close all open windows and your browser, open HJT and mark/fix:

    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: PowerReg Scheduler V3.exe

    These may also be okay, but it may be worthwhile to fix them just in case:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=hom e
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redi...=5.5&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    And that mystery file is there in Running Processes, so reboot into Safe Mode, find and delete this:

    C:\WINDOWS\SYSTEM\E_S10IC2.EXE

    After that, it would be a good idea to reboot, run HJT again, open your browser and post the new log here so we can see if it is cleaned out...
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  11. #11
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,389
    I would like to see that file.......I suspect that it may not be a baddie after all but something related to your Epson printer....

    so zip it and send it here (please include a link to this thread in the body of your email message).
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

  12. #12
    Join Date
    Nov 2003
    Location
    Eastcoast
    Posts
    744
    Here is my new log from hijack this also the file E_s10ic2 is for my epson printer. It monitors my ink status, so I did not delete it.

    Logfile of HijackThis v1.97.7
    Scan saved at 8:34:29 PM, on 02/29/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\EPSON\INK MONITOR\INKMONITOR.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\E_S10IC2.EXE
    C:\HIJACK THIS\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PRO\CCHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PRO\POPUPPRO.DLL
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\InstantCD+DVD\SharedFiles\Pixie\RegTool.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: ATI TV (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf3 2.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...928.3176041667
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content-g.kontiki.com/kdx/v2....urrent/kdx.cab

  13. #13
    Join Date
    Jul 2002
    Location
    Minn
    Posts
    17,373
    Your log looks clean, so it is probably not a malware problem... Wait for mjc and others for more ideas....
    Budfred ..... Caveat Emptor....

    Helpful links SpywareBlaster... HijackThis... ATF Cleaner...

    Post a complaint about malware here!!
    So how did I get infected in the first place??

    MS MVP 2006 and ASAP member since 2004...

    If you PM me for help, expect an irritated response... Post in the forum...

  14. #14
    Join Date
    Nov 2000
    Location
    The Mountain State
    Posts
    23,389
    Yes, it is an Epson file......so it is safe to keep.

    <rant>I hate when device drivers go random name...don't those idjits realize how friggin hard it is to keep track of the good guys when they do that </rant off>
    AV, Anti-Trojan List;Browser and Email client List;Popup Killer List;Portable Apps
    “When men yield up the privilege of thinking, the last shadow of liberty quits the horizon.” - Thomas Paine
    Remember: Amateurs built the ark; professionals built the Titantic."

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •