Jump to content

Recommended Posts

Welcome back to another episode of my ranting, where even I hate my own noise.

 

I finally found why my games are stuttering, the system process is using up RAM as I play games.

 

 

 

 

Memory usage arranged from highest to lowest, the system process in all its greedy splendour10501771_590037971117548_7805629660998566084_n.jpg

 

 

For some reason, it happened just yesterday for no reason when I played my favorite MMORPG SWTOR. I noticed frames spiking frequently for no reason at all, my ping was 130-200 (which is normal and steady), which can't be the internet connection. My other games are also spiking and stuttering during gameplay, and what's worse, nothing stops the system process from munching up my RAM.

 

I have tried:

-using sfc /scannow

-used CCleaner

-Full scan of SpyHunter 4

-Full scan of Windows Defender

-Uninstalling Intel Rapid Technology

-Uninstalling recently installed programs (except SWTOR, took me three days to download that)

-Disabling every startup non-Windows service in msconfig

 

Although I haven't tried installing the Windows Update (I'm saving it for my last resort), I saw in forums that it's probably AVG's fault, thing is, I'm not using antiviruses, I always depended on WIndows Defender for a bloat-free experience. Some mentioned it was due to bad drivers, but I've done nothing to change since the past few weeks.

 

HiJackThis log (idk what it does, all I know people having problems post these things)

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:31:18 PM, on 7/12/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Aaron\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0414c] "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
O4 - HKCU\..\Run: [GameCompanion] "C:\Users\Aaron\AppData\Roaming\GameCompanion\GameCompanion.exe"
O4 - HKUS\S-1-5-18\..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6681 bytes

 

 

Process explorer log

 

 

Process CPU Private Bytes Working Set PID Description Company Name
System 0.16 608,540 K 301,720 K 4
explorer.exe 0.09 64,940 K 98,092 K 3556 Windows Explorer Microsoft Corporation
MsMpEng.exe 0.01 81,732 K 86,736 K 1960 Antimalware Service Executable Microsoft Corporation
svchost.exe 19.91 76,488 K 78,032 K 1132 Host Process for Windows Services Microsoft Corporation
svchost.exe < 0.01 39,712 K 49,004 K 1008 Host Process for Windows Services Microsoft Corporation
procexp64.exe 1.28 16,936 K 37,000 K 4764 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
LiveComm.exe Suspended 34,476 K 34,692 K 684 Communications Service Microsoft Corporation
vpnclient_x64.exe < 0.01 21,512 K 30,508 K 2152 SoftEther VPN SoftEther VPN Project at University of Tsukuba, Japan.
svchost.exe 24,688 K 29,624 K 1512 Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 30,036 K 29,516 K 4016 Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 0.01 19,616 K 29,240 K 976 Host Process for Windows Services Microsoft Corporation
HD-Agent.exe 0.02 32,556 K 29,104 K 3744 BlueStacks Agent BlueStack Systems, Inc.
dwm.exe 0.22 16,064 K 23,592 K 832
csrss.exe 0.22 1,756 K 22,552 K 2680
svchost.exe 13,868 K 17,932 K 1232 Host Process for Windows Services Microsoft Corporation
svchost.exe < 0.01 8,820 K 17,788 K 776 Host Process for Windows Services Microsoft Corporation
RuntimeBroker.exe 4,144 K 15,592 K 1364 Runtime Broker Microsoft Corporation
svchost.exe 4,976 K 12,708 K 1700 Host Process for Windows Services Microsoft Corporation
LogonUI.exe 3,680 K 11,872 K 2844
spoolsv.exe < 0.01 9,368 K 11,596 K 1484 Spooler SubSystem App Microsoft Corporation
WUDFHost.exe < 0.01 10,032 K 10,804 K 3580
svchost.exe < 0.01 3,852 K 10,496 K 872 Host Process for Windows Services Microsoft Corporation
lsass.exe 4,872 K 10,384 K 772 Local Security Authority Process Microsoft Corporation
taskhostex.exe 5,568 K 9,880 K 3828 Host Process for Windows Tasks Microsoft Corporation
audiodg.exe 6,800 K 9,852 K 4756
svchost.exe < 0.01 5,568 K 9,724 K 924 Host Process for Windows Services Microsoft Corporation
dasHost.exe 2,924 K 8,580 K 1760
services.exe 5,280 K 8,352 K 764
svchost.exe 0.01 2,796 K 8,064 K 2908 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,244 K 8,008 K 1928 Host Process for Windows Services Microsoft Corporation
SeaPort.EXE 2,812 K 7,900 K 5088 Microsoft SeaPort Search Enhancement Broker Microsoft Corporation.
svchost.exe 3,240 K 7,876 K 1728 Host Process for Windows Services Microsoft Corporation
SearchProtocolHost.exe 2,024 K 7,556 K 2940
procexp.exe 2,348 K 7,416 K 76 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
wuauclt.exe 1,512 K 6,276 K 64 Windows Update Microsoft Corporation
SearchFilterHost.exe 1,672 K 5,140 K 5064
svchost.exe 1,448 K 5,104 K 3036 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,180 K 5,080 K 1604 Host Process for Windows Services Microsoft Corporation
winlogon.exe 1,216 K 4,888 K 3920
sqlwriter.exe 1,420 K 4,504 K 1844 SQL Server VSS Writer - 64 Bit Microsoft Corporation
winlogon.exe 1,160 K 4,492 K 3164
taskeng.exe 1,264 K 4,348 K 4204
csrss.exe 2,032 K 4,104 K 616
aspnet_state.exe 1,332 K 4,104 K 3696 Microsoft ASP.NET State Server Microsoft Corporation
wininit.exe 1,024 K 3,896 K 664
alg.exe 1,072 K 3,852 K 2876 Application Layer Gateway Service Microsoft Corporation
SynTPEnh.exe 0.54 3,600 K 3,752 K 1056 Synaptics TouchPad Enhancements Synaptics Incorporated
csrss.exe < 0.01 1,252 K 3,432 K 4396
dwm.exe 744 K 3,300 K 1524
YCMMirage.exe 0.24 1,716 K 2,552 K 2904 YouCam Mirage CyberLink
smss.exe 300 K 684 K 404
AVG-Secure-Search-Update_0414c.exe 1,584 K 452 K 3584
SynTPHelper.exe 648 K 420 K 4964
System Idle Process 76.82 0 K 20 K 0
Interrupts 0.45 0 K 0 K n/a Hardware Interrupts and DPCs

 

Link to comment
Share on other sites

I believe the System process is the Windows kernel. In my experience it is not unusual for it (and other OS kernels) to eat up a significant amount of memory, even when the system performs normally. I'm not sure how you could get it to use 0.1 MB, unless you embarked on some massive purging of filesystem caches or something.

 

I can't say exactly what happened here (not enough of a Windows geek).

 

However, looking at your Process Explorer log, I see stuff that probably shouldn't be there:

 

sqlwriter.exe 1,420 K 4,504 K 1844 SQL Server VSS Writer - 64 Bit Microsoft Corporation

aspnet_state.exe 1,332 K 4,104 K 3696 Microsoft ASP.NET State Server Microsoft Corporation

 

>>> I'm not that familiar with Windows 8, but these are the sort of things one would normally see on a server, not a desktop. Serving up web content from a desktop is a security hazard. If this is for a class and/or experimentation you might want to use a virtual machine, otherwise you should probably serve the content from a dedicated computer.

 

AVG-Secure-Search-Update_0414c.exe 1,584 K 452 K 3584

 

>>> This looks like part of AVG, not sure what it's doing on a system without.

 

I'd also recommend uninstalling the browser toolbars. :)

Link to comment
Share on other sites

Maybe? Not sure though. svchost is the Windows service host. IIRC most Windows services are DLL libraries, not standalone executables, and must be loaded into the svchost process to run.

 

I've never seen 16 svchosts running at once though. That sounds weird, even for Windows 8. No idea what it might imply though.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...