Sign in with
Sign up | Sign in
Your question

CPU starts constantly spiking in XP

Last response: in Windows XP
Share
January 2, 2012 5:05:19 AM

Hey.

I am troubleshooting for a friend who's computer starts freezing up at ~5 second intervals because his CPU starts spiking. It happens when he's in a game or something and a lot of things are happening at once (i.e. in WoW during a large PVP battle, but I haven't seen it happen otherwise). The problem is not chronic, so I'm having a hard time pinning it down.

Here's his specs (as best as I can remember them, but I'll update them when I get a chance)


OS: Windows XP Home SP3
CPU: Intel Core 2 Duo E4700 @ 2.6GHz (stock)
GPU: nVidia 9600 GT
MEM: 2x1GB DDR2
HDD: 7200 RPM SATA drive (dont know make or model)
Mobo: I'll have to get this, it's a generic intel board IIRC


Basically the one of the cores on the CPU starts spiking and the computer freezes during each spike (the other core is idle @ 0%). Task manager shows a random task using 50% of the CPU (it never shows 100% because the screen does not refresh during the spike, and yes I ticked the "show processes from all users" box), when I kill that process, another process takes it's place. Even when I kill all the user processes so that only system processes are running it is still showing a spike and I have to reboot.

I ran memtest for 2 passes, both were clean. I tried updating his graphics drivers, but the nVidia installer wasn't able to install them for some reason. I ran Malware Bytes which found some things that were removed. I ran CCleaner, some other diagnostics, etc. Nothing seemed to help. I didn't see any suspicious applications running either. I downloaded Process Explorer, but wasn't able to get the problem to happen again after I did it. Still, that should help me troubleshoot in the future.

Here's a Hijack This log.

  1. Logfile of Trend Micro HijackThis v2.0.4
  2. Scan saved at 9:43:42 PM, on 12/30/2011
  3. Platform: Windows XP SP3 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v8.00 (8.00.6001.18702)
  5. Boot mode: Normal
  6.  
  7. Running processes:
  8. C:\WINDOWS\System32\smss.exe
  9. C:\WINDOWS\system32\winlogon.exe
  10. C:\WINDOWS\system32\services.exe
  11. C:\WINDOWS\system32\lsass.exe
  12. C:\WINDOWS\system32\svchost.exe
  13. C:\WINDOWS\System32\svchost.exe
  14. C:\WINDOWS\system32\spoolsv.exe
  15. C:\WINDOWS\system32\rundll32.exe
  16. C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  17. C:\Program Files\Bonjour\mDNSResponder.exe
  18. C:\Program Files\Java\jre6\bin\jqs.exe
  19. C:\WINDOWS\Explorer.EXE
  20. C:\WINDOWS\system32\nvsvc32.exe
  21. c:\windows\softwaredistribution\download\install\STacSV.exe
  22. C:\WINDOWS\system32\svchost.exe
  23. C:\Program Files\Common Files\Java\Java Update\jusched.exe
  24. C:\WINDOWS\system32\ctfmon.exe
  25. C:\WINDOWS\system32\taskmgr.exe
  26. C:\Program Files\Mozilla Firefox\firefox.exe
  27. C:\Program Files\Mozilla Firefox\plugin-container.exe
  28. C:\WINDOWS\system32\mmc.exe
  29. C:\Documents and Settings\Authorized User\My Documents\Downloads\HijackThis.exe
  30.  
  31. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  32. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  33. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  34. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  35. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  36. O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
  37. O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll
  38. O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  39. O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  40. O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll
  41. O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
  42. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  43. O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
  44. O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
  45. O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  46. O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  47. O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
  48. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  49. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  50. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  51. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  52. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  53. O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
  54. O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
  55. O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
  56. O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  57. O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  58. O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  59. O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  60. O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  61. O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
  62. O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\windows\softwaredistribution\download\install\STacSV.exe
  63.  
  64. --
  65. End of file - 4875 bytes


Next I'm going to defrag and try updating his Mobo drivers and possibly do a BIOS update, but I doubt these will do anything. I have not tried troubleshooting using a live CD or booting into Safe Mode because the problem is not chronic and I have no idea how to predict what is causing it or when it will occur.

I'm looking for some ideas on what to look for or do next. I've never done troubleshooting on someone else's computer so I'm kind of at a loss here.
a b à CPUs
January 2, 2012 6:14:50 PM

I don't see any suspicious processes in the Hijackthis log. Try downloading and running Driver Sweeper, selecting all the Nvidia stuff, then after cleaning all the nVidia stuff re-boot, install the latest nVidia drivers.
m
0
l
a b à CPUs
January 2, 2012 7:32:19 PM

I don't see suspicious processes either, but they say any process could be safe or suspicious, so you've got to start with the unnecessary and most likely to be suspicious. Those I would investigate and possibly uninstall are: mDNSResponder.exe and STacSV.exe... other processes are Apple and Google applications that are basically useless... you may want to remove them specifically because they don't serve a usefull purpose in my book. I also see a few toolbars that should be removed. Toolbars started out as spyware and by now they have been mostly accepted but I wouldn't trust any other than the Google toolbar.

What is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
http://www.howtogeek.com/howto/6456/what-is-mdnsrespond...

What is stacsv.exe doing on my computer?
http://www.processlibrary.com/directory/files/stacsv/66...

One thing I've noticed is that some processes that consume high CPU %, go down immediately as you open the taskmanager, when I find this problem, I keep the taskmanager open so I can catch them in the act.

Check the Bios settings to see if the Processor Core is disabled and can be reset... if you don't find an option to enable it or if it's not disabled, just select to set BIOS to default settings.

You should also; Reset the security registry and files permissions to default running Using SECEDIT.EXE, and check the Plug and Play and SSDP Discovery Service are enabled,.. before attempting to update the Graphics drivers.
http://www.winhelponline.com/blog/reset-the-registry-an...

Also disable the Remote Assistance and related Services, as well as the Computer Browser, Server, Remote Registry, Telephony and Telnet services to secure the computer from external access... and finally I'd suggest you scan for Rootkits, disable startup programs, delete temp files, Internet temp files and junk files.
m
0
l
!