Unflappable Drayk adc. Posted July 12, 2014 Share Posted July 12, 2014 Welcome back to another episode of my ranting, where even I hate my own noise. I finally found why my games are stuttering, the system process is using up RAM as I play games. Memory usage arranged from highest to lowest, the system process in all its greedy splendour For some reason, it happened just yesterday for no reason when I played my favorite MMORPG SWTOR. I noticed frames spiking frequently for no reason at all, my ping was 130-200 (which is normal and steady), which can't be the internet connection. My other games are also spiking and stuttering during gameplay, and what's worse, nothing stops the system process from munching up my RAM. I have tried: -using sfc /scannow -used CCleaner -Full scan of SpyHunter 4 -Full scan of Windows Defender -Uninstalling Intel Rapid Technology -Uninstalling recently installed programs (except SWTOR, took me three days to download that) -Disabling every startup non-Windows service in msconfig Although I haven't tried installing the Windows Update (I'm saving it for my last resort), I saw in forums that it's probably AVG's fault, thing is, I'm not using antiviruses, I always depended on WIndows Defender for a bloat-free experience. Some mentioned it was due to bad drivers, but I've done nothing to change since the past few weeks. HiJackThis log (idk what it does, all I know people having problems post these things) Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 8:31:18 PM, on 7/12/2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Users\Aaron\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0414c] "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c O4 - HKCU\..\Run: [GameCompanion] "C:\Users\Aaron\AppData\Roaming\GameCompanion\GameCompanion.exe" O4 - HKUS\S-1-5-18\..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.aeriagames.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 6681 bytes Process explorer log Process CPU Private Bytes Working Set PID Description Company Name System 0.16 608,540 K 301,720 K 4 explorer.exe 0.09 64,940 K 98,092 K 3556 Windows Explorer Microsoft Corporation MsMpEng.exe 0.01 81,732 K 86,736 K 1960 Antimalware Service Executable Microsoft Corporation svchost.exe 19.91 76,488 K 78,032 K 1132 Host Process for Windows Services Microsoft Corporation svchost.exe < 0.01 39,712 K 49,004 K 1008 Host Process for Windows Services Microsoft Corporation procexp64.exe 1.28 16,936 K 37,000 K 4764 Sysinternals Process Explorer Sysinternals - www.sysinternals.com LiveComm.exe Suspended 34,476 K 34,692 K 684 Communications Service Microsoft Corporation vpnclient_x64.exe < 0.01 21,512 K 30,508 K 2152 SoftEther VPN SoftEther VPN Project at University of Tsukuba, Japan. svchost.exe 24,688 K 29,624 K 1512 Host Process for Windows Services Microsoft Corporation SearchIndexer.exe 30,036 K 29,516 K 4016 Microsoft Windows Search Indexer Microsoft Corporation svchost.exe 0.01 19,616 K 29,240 K 976 Host Process for Windows Services Microsoft Corporation HD-Agent.exe 0.02 32,556 K 29,104 K 3744 BlueStacks Agent BlueStack Systems, Inc. dwm.exe 0.22 16,064 K 23,592 K 832 csrss.exe 0.22 1,756 K 22,552 K 2680 svchost.exe 13,868 K 17,932 K 1232 Host Process for Windows Services Microsoft Corporation svchost.exe < 0.01 8,820 K 17,788 K 776 Host Process for Windows Services Microsoft Corporation RuntimeBroker.exe 4,144 K 15,592 K 1364 Runtime Broker Microsoft Corporation svchost.exe 4,976 K 12,708 K 1700 Host Process for Windows Services Microsoft Corporation LogonUI.exe 3,680 K 11,872 K 2844 spoolsv.exe < 0.01 9,368 K 11,596 K 1484 Spooler SubSystem App Microsoft Corporation WUDFHost.exe < 0.01 10,032 K 10,804 K 3580 svchost.exe < 0.01 3,852 K 10,496 K 872 Host Process for Windows Services Microsoft Corporation lsass.exe 4,872 K 10,384 K 772 Local Security Authority Process Microsoft Corporation taskhostex.exe 5,568 K 9,880 K 3828 Host Process for Windows Tasks Microsoft Corporation audiodg.exe 6,800 K 9,852 K 4756 svchost.exe < 0.01 5,568 K 9,724 K 924 Host Process for Windows Services Microsoft Corporation dasHost.exe 2,924 K 8,580 K 1760 services.exe 5,280 K 8,352 K 764 svchost.exe 0.01 2,796 K 8,064 K 2908 Host Process for Windows Services Microsoft Corporation svchost.exe 2,244 K 8,008 K 1928 Host Process for Windows Services Microsoft Corporation SeaPort.EXE 2,812 K 7,900 K 5088 Microsoft SeaPort Search Enhancement Broker Microsoft Corporation. svchost.exe 3,240 K 7,876 K 1728 Host Process for Windows Services Microsoft Corporation SearchProtocolHost.exe 2,024 K 7,556 K 2940 procexp.exe 2,348 K 7,416 K 76 Sysinternals Process Explorer Sysinternals - www.sysinternals.com wuauclt.exe 1,512 K 6,276 K 64 Windows Update Microsoft Corporation SearchFilterHost.exe 1,672 K 5,140 K 5064 svchost.exe 1,448 K 5,104 K 3036 Host Process for Windows Services Microsoft Corporation svchost.exe 3,180 K 5,080 K 1604 Host Process for Windows Services Microsoft Corporation winlogon.exe 1,216 K 4,888 K 3920 sqlwriter.exe 1,420 K 4,504 K 1844 SQL Server VSS Writer - 64 Bit Microsoft Corporation winlogon.exe 1,160 K 4,492 K 3164 taskeng.exe 1,264 K 4,348 K 4204 csrss.exe 2,032 K 4,104 K 616 aspnet_state.exe 1,332 K 4,104 K 3696 Microsoft ASP.NET State Server Microsoft Corporation wininit.exe 1,024 K 3,896 K 664 alg.exe 1,072 K 3,852 K 2876 Application Layer Gateway Service Microsoft Corporation SynTPEnh.exe 0.54 3,600 K 3,752 K 1056 Synaptics TouchPad Enhancements Synaptics Incorporated csrss.exe < 0.01 1,252 K 3,432 K 4396 dwm.exe 744 K 3,300 K 1524 YCMMirage.exe 0.24 1,716 K 2,552 K 2904 YouCam Mirage CyberLink smss.exe 300 K 684 K 404 AVG-Secure-Search-Update_0414c.exe 1,584 K 452 K 3584 SynTPHelper.exe 648 K 420 K 4964 System Idle Process 76.82 0 K 20 K 0 Interrupts 0.45 0 K 0 K n/a Hardware Interrupts and DPCs Quote Link to comment Share on other sites More sharing options...
Unflappable Drayk adc. Posted July 12, 2014 Author Share Posted July 12, 2014 Figured it out, had to use my last resort, System process is now using 0.1 MB of memory Quote Link to comment Share on other sites More sharing options...
Garrulous Glaahk Nephil Thief Posted July 13, 2014 Share Posted July 13, 2014 I believe the System process is the Windows kernel. In my experience it is not unusual for it (and other OS kernels) to eat up a significant amount of memory, even when the system performs normally. I'm not sure how you could get it to use 0.1 MB, unless you embarked on some massive purging of filesystem caches or something. I can't say exactly what happened here (not enough of a Windows geek). However, looking at your Process Explorer log, I see stuff that probably shouldn't be there: sqlwriter.exe 1,420 K 4,504 K 1844 SQL Server VSS Writer - 64 Bit Microsoft Corporation aspnet_state.exe 1,332 K 4,104 K 3696 Microsoft ASP.NET State Server Microsoft Corporation >>> I'm not that familiar with Windows 8, but these are the sort of things one would normally see on a server, not a desktop. Serving up web content from a desktop is a security hazard. If this is for a class and/or experimentation you might want to use a virtual machine, otherwise you should probably serve the content from a dedicated computer. AVG-Secure-Search-Update_0414c.exe 1,584 K 452 K 3584 >>> This looks like part of AVG, not sure what it's doing on a system without. I'd also recommend uninstalling the browser toolbars. adc. 1 Quote Link to comment Share on other sites More sharing options...
Unflappable Drayk adc. Posted July 13, 2014 Author Share Posted July 13, 2014 Thanks for the reply, although I have already fixed it through my last resort of updating my system. One question... Is it weird having about 16 svchost.exe running simultaneously in the background? I've seen people with six or seven, but sixteen's a lot lol Quote Link to comment Share on other sites More sharing options...
Garrulous Glaahk Nephil Thief Posted July 13, 2014 Share Posted July 13, 2014 Maybe? Not sure though. svchost is the Windows service host. IIRC most Windows services are DLL libraries, not standalone executables, and must be loaded into the svchost process to run. I've never seen 16 svchosts running at once though. That sounds weird, even for Windows 8. No idea what it might imply though. Quote Link to comment Share on other sites More sharing options...
Understated Ur-Drakon Earth Posted July 13, 2014 Share Posted July 13, 2014 google blackviper and your windows version and you see which services can be disabled or set to manual. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.