none
High CPU utilization by process "System"

    Question

  • I can't find a suitable sub-forum to post this. so here goes..

    Occasionally, the "system" process will seems to run wild, having a CPU usage of up to 90+%. is this normal? any reason for it to consume all the cpu power?

    Thursday, October 26, 2006 3:42 AM

Answers

  • I just got an email reply from Trend Micro:

    Hi Alan!
     Thank you for addressing to us this concern. Yesterday, we uploaded a new pattern file version (3.XXX.60 instead of the normal 3.XXX.50) in our efforts for further pattern enhancement. However, we have recieved a few reports that this new pattern caused some systems to freeze (100% CPU utilization). We are also able to replicate the problem internally so we have moved back to the .50 pattern version as a temporary fix.
     In case you have downloaded patterns 3.898.60 or 3.900.60, please perform this workaround:

    1. Rename or delete lpt$vpn.898 and lpt$vpn.900 found inside the \Trend Micro\Internet Security 14\ folder 2. Restart the TrendMicro Central Control Component Service from the services applet (or, restart your computer) 3. Perform an update (this will download pattern 3.900.50)  After the procedure above, affected systems should return to normal.

    Should you require further assistance, please send us feedback. Thanks!

    Best Regards,

    Odeon Paul C. Rabanes
    Beta Test Coordinator
    TrendMicro Beta team
    --------------------------------------------
    TrendLabs HQ, Trend Micro Incorporated
    TrendMicro Beta Portal : http://www.trendbeta.com/
    --------------------------------------------
    Saturday, November 04, 2006 12:21 AM

All replies

  • anyone have any idea on this? i had left the pc on overnight and the same process had been active for no reason. basically the entire OS is crippled now. Basically the process just hog up the entire cpu power, restart and shutdown can never be executed. a force restart will end up having the process running again after windows is loaded.
    Friday, November 03, 2006 8:59 AM
  • I have this *exact* same problem, it's why I just came to the forums.

    I also, left my computer on overnight last night (like I do every night), and when I woke up I found the computer completely unusable.  Something was taking 99% CPU usage, so nothing worked.

    It was actually fairly complicated to find the source, as when I login, I had about 60 seconds before the computer locked up and reached 99% CPU usage, so I had to launch Task Manager during this time, but, of course, under UAC, I can only see my own tasks, and by the time you tell it to show all applications and authorize Task Manager to do such a thing, the system had locked up.

    After trying a number of things such as putting Task Manager in my startup folder, and attempting to set it to always run as administrator (which, apparently isn't possible), I disabled UAC.

    When I next rebooted, the Task Manager opened up with administrative privileges and showed me the problem:

    Image Name: System
    Username: SYSTEM
    CPU Usage: 99%
    Memory (Private Working Set): 2,712 K
    Description: NT Kernel & System

    The fact this happened to both of us, at the same time, and for the first time ever (I assume you've never had this problem before?), makes me worry that something serious is wrong in the code of Vista which somehow got tripped from some common element, the date would be the logical choice I guess.

    My system specs are as follows:
    Windows Vista Ultimate 32-bit RC1 - build 5600
    Pentium D-930
    GeForce 7900GT 256mb
    Asus P5N32-SLI Deluxe
    2 sticks of DDR2-667 1gb Corsair ValueSelect RAM (ie. 2gb in total)
    2x Seagate SATA 300gb drives in a RAID 0 (nVidia software array)

    I've not installed anything recently on my computer, nor am I running anything strange... Office 2007, Firefox, Visual Studio, PC-cillin Internet Security (the beta Vista version), some games etc...

    Throughout the day, after many restarts, I am sometimes able to get past the initial login of the system, but after a few hours this problem returns, and I am forced to hit the reset button on the computer - at which point I can't get past the desktop again after I login...

    As I mentioned, this problem isn't present in Safe Mode.

    I've disabled all automatic startup programs, including Microsoft ones - at least, all the ones Windows Defender would list.

    Has anyone got any suggestions as to how this problem could be resolved?  My computer is just totally unusable in its current state :(

    Cheers,

    - Alan Isherwood
    Friday, November 03, 2006 11:58 AM
  • This has just started happening for me last night. It is exactly as you both described. I think there was some update that caused this but I cannot figure it out. I am trying to uninstall the anti-virus.

    EHL

    Friday, November 03, 2006 2:48 PM
  • This is only a theory but I think PC-cillin was updated yesterday which caused this. I started windows in safe mode and renamed the Trend Micro directory under C:\Program Files and started normally. So far it seem to solve the issue. I am now uninstalling it completely (make sure you rename is back before you go to uninstall) and will monitor for a day. I will try another beta anti-virus (maybe OneCare from MS) for now.

     

    Please post if this resolved your issue.

    Friday, November 03, 2006 3:03 PM
  • I'm trying to uninstall PC-cillin now in Safe Mode, but it's giving me the following error message when I try and run the uninstaller:

    The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

    So, I went with your idea and renamed the "Trend Micro" directory to "Trend Micro-DISABLED".

    Once rebooted out of Safe Mode, I'm not sure how, but it seems PC-cillin is still running... I guess Windows identified the change in directory and tried to "fix" it by uploading shortcuts and the like.

    So, back in Safe Mode I renamed the directory to "candy" and moved the directory to another partition for good measure.

    Alright, so booting back into normal Windows, the problem seems resolved, and PC-cillin isn't running.

    I guess that's the confirmed source of the problem.

    That was the first time I'd ever actually tried PC-cillin, because they had the Vista beta there... don't know if I'd be using them again... I mean, I can understand it's beta software and such... but them pushing an automatic update like that, in that state - that's really bad stuff...

    I'll send them an email about it.
    Friday, November 03, 2006 4:02 PM
  • I like the PC-Cillin product much better than of the better known products out there. It doesn't take over the entire desktop and put nasty icons everywhere. However, for the beta period I rather look elsewhere. I am going to try Microsoft OneCare which just became available for Vista and so far looks nice.

    Glad this helped solve your problem.

    EHL

    Friday, November 03, 2006 6:57 PM
  • Same issue on 2 of my beta systems. Thanks for the info on the cause. I fixed mine by booting in safe mode and disabling all of the Trend Micro services. Did not have to move files around or change directory names - just disabled the services.

     

    -=Phil=-

    Friday, November 03, 2006 8:19 PM
  • I just got an email reply from Trend Micro:

    Hi Alan!
     Thank you for addressing to us this concern. Yesterday, we uploaded a new pattern file version (3.XXX.60 instead of the normal 3.XXX.50) in our efforts for further pattern enhancement. However, we have recieved a few reports that this new pattern caused some systems to freeze (100% CPU utilization). We are also able to replicate the problem internally so we have moved back to the .50 pattern version as a temporary fix.
     In case you have downloaded patterns 3.898.60 or 3.900.60, please perform this workaround:

    1. Rename or delete lpt$vpn.898 and lpt$vpn.900 found inside the \Trend Micro\Internet Security 14\ folder 2. Restart the TrendMicro Central Control Component Service from the services applet (or, restart your computer) 3. Perform an update (this will download pattern 3.900.50)  After the procedure above, affected systems should return to normal.

    Should you require further assistance, please send us feedback. Thanks!

    Best Regards,

    Odeon Paul C. Rabanes
    Beta Test Coordinator
    TrendMicro Beta team
    --------------------------------------------
    TrendLabs HQ, Trend Micro Incorporated
    TrendMicro Beta Portal : http://www.trendbeta.com/
    --------------------------------------------
    Saturday, November 04, 2006 12:21 AM
  • Alan, eternal gratitude for posting this solution!

    Sunday, November 05, 2006 5:00 AM
  • Im experiencing the same issue.

    Using process Explorer, the system process (PID 4) has the following thread that is consuming all available CPU:

    Thread 1496 ndis.sys!NdisInitializeWrapper+0xc3

    the ndsi6.0 wrapper driver file version is 6.0.6000.16386
    I noted with interest that process explorer reports the file size as 0k, whereas the file is actually 498k, so I wondered if access was being restricted. NTFS permissions look jsut fine, however I disabled windows defender in safe mode, and the system has come back up ok.

    I'll do more testing, and see If I can prove anything.

    Incidentally, I notice some references to trend micro antivirus software causing this issue - I'm using NOD32 (eset).





    Thursday, September 20, 2007 12:21 AM

  • okay - windows defender is not the issue. Disabled it, and I was able to duplicate the issue by booting my laptop without the network cable plugged in.





    Thursday, September 20, 2007 12:50 AM
  • so now I started reviewing the system drivers (looking for NDIS wrappers) as listed in msinfo32, and I noticed nm is tagged as unknown type.
    this is related to network monitor 3.1 (which rocks).
    Sadly, I've uninstalled it, and now I dont seem to be able to duplicate the fault. (well - with only 2 reboots with no network cable plugged in - this was previously guaranteed to produce the issue).

    We shall see....

    Incidentally, I dont know how I could have determined that drivers are "NDIS wrappers". Does anyone know how I could categorically have identified such drivers ?



    Thursday, September 20, 2007 2:27 AM

  • ok - I can confidently say that my issue was cause by network monitor 3.1 (sadly).
    I've been unable to duplicate the problem since removing it.


    Thursday, September 20, 2007 10:04 PM
  •  

    I can confirm this, Paul.

     

    I had system suddenly go to 99% for hours on end until i uninstalled Microsoft Network Monitor 3.1.

     

    Vista (in my case Business) does not like MN 3.1!

     

    Anders

    Sunday, October 21, 2007 9:17 PM
  •  

    I would like to know what NICs you were using in these cases?  I have had a least one other repro of this problem using Intel's wireless chipset.  We have had other problems with these chips sets and there is a new driver in the works. 

     

    If we could have a dump file in this state created and then a bug issue opened up on http://connect.microsoft.com under the Network Monitor project, we'd appreciate that.

     

    Thanks,

     

    Paul

    Monday, October 22, 2007 1:34 PM
  • Hi Paul,

     

    sure i got a dump file for you that i made yesterday.

    Where should i send the DMP file? Its 28 mb zipped!

     

    regards

    AndersR

     

     

    Monday, October 22, 2007 2:12 PM
  • Had the same problem too. 

     

    ndis.sys!NdisInitializeWrapper +0xc3 was consuming all of my processor and memory causing the system to crash.

     

    Found the solution here!

    http://blogs.blackmarble.co.uk/blogs/rfennell/archive/2007/10/30/vista-high-cpu-on-startup.aspx#comments

     

    I also found this blog helpful

     

    Basicaly, I booted into Safe Mode and disabled the Network Monitor Protocol Driver in each Network Adapter by clicking on Properties and unchecking the box.

    I then rebooted as normal and no more insane CPU usage! Just to be safe I then uninstalled Network Monitor 3.1. Nice tool, but not worth risking this happening anymore.

     

    Hope that helps.

    Saturday, December 01, 2007 12:27 AM
  •  

    Hm Same issue as it seems

     

    Thread ndis.sys!TrFilterDprIndicateReceiveComplete+0x3efe

    was using all my CPU and this was running under the System process with PID 4

    (Saw this with Process Explorer, Sysinternal tool)

     

    I have the following NIC;s, Drivers and machine.

    - Atheros AR5008X Wireless Network Adapter with driver athr.sys 7.4.2.15 from Atheros

    - Marvell Yukon 88E8058 PCI-E Gigabit Ethernet Controller with driver 10.51.1.3 from Marvell

    This is a Apple MacBook Pro running Windows Vista Ultimate (build 6001: Servicepack 1, v.744)

     

    I have just disabled the Network Monitor 3.1 (3.1.512.0) Protocol Drivers on all my NICTongue Tied and well

    so far so good, but as i like Netmon it would be cool to see this fixed. MS

     

    Thx. for this post and solution.

     

    /miver

     

    Tuesday, February 12, 2008 3:56 PM
  •  

    I have Vista Ultimate 64 and was messing around with it and tried to install Riva Tuner to overclock my system. It would not install but then I noticed that my CPU gadget was always real high at 50 percent. Usually it rests at around 0 percent.

     

    I blamed Riva Tuner and scrubbed my system of all of its files while I was in safe mode. This did not help.

     

    Then I used System Restore to go back one week before any of this stuff happened. Again this did not help.

     

    When I would look at Task Manager for processes it would show WDM (windows desk manager) then on inspection it would show that nt kernel & system were using all of the resources. Then it ocurred to me that I had "personalized" my system. I changed where documents in the start panel were stored. I moved that folder to my E drive. Lots of games and devices make hidden folders that are put into the My Documents file. The system restore had returned to the original location on the C drive where the start panel put My Documents were stored. I uninstalled and reinstalled all of the drivers. I went to the My Documents folder on the e drive and removed all hidden documents. In my experience removing these hidden folders in the My Documents folder usually does not cause any problems. Not so true for other folders.

     

    I still had the problem. I had heard that Creative Sound Cards can be a problem in Vista. I uninstalled and removed the Creative Xtreme Music Sound Card and the problem vanished. Now, it is possible that I can reinstall the sound card and have it working like before with X-Fi effects but I am just going to stick with on board sound for now.

     

    My problem with this high CPU use by WDM for the nt kernel & system all started with moving where the My Documents pointed on the start bar. You can personalized Vista by right clicking My Documents and going to properties and changing the location. I would recommend not doing this. All sort of Games and devices will make a My Document folder on the C drive. They do not like other letters.

     

    I do have My Music and My Photos on my E drive without any problem. I have My Videos on my E drive and this is sort of a problem since my son's Sony PSP keeps making its own My Videos folder on the C drive.

    Friday, February 15, 2008 2:33 PM
  •  

    is anyone still having issues with this problem? im running windows XP home... and a yesterday my System proccess started running 50-90% cpu usage when i try to access the internet... i have a linksys wireless G network card that has been installed for over a year now and this is the first issue i have had... my connection when gaming is extremely slow for cable and my IE and firefox hang when loading and hang when accessing pages... can anyone help me on this? it is starange that in a year this is the 1st instance of this happening... about a month ago i changed to a Nvidia video card and Soundblaster soundcard... when i first noticed the wireless lagg and high usage i also lost sound until reboot?... any help will be greatly appreciated.. thanx

    Justin

    Sunday, March 16, 2008 1:28 AM
  •  

    From my limited knowledge when the CPU use goes through the roof it is because something is looking for something that is not there. And it keeps looking and looking.

     

    System restore is a real nice application. Go to it and restore to a period of one month ago or whenever things were right. This will uninstall programs and updates but should not get rid of data. Did you change the location on any folders? My problem resulted from moving the My Documents folder. There are lots of hidden files put in there by applications and things go crazy when they cannot find them.

     

    The next thing I would try would be to uninstall and physically remove your sound card. Did this fix it? Then if it does fix it just reinstall it like it was new and things should be great. Do you have a way to run a cable from your computer to the router? Then you could uninstall and physically remove the wireless card to see if that fixes it. Even if you cannot otherwise connect to the internet you could "disable" and then remove the wireless card and see if that fixes it. If it fixes it then go through the process of installing it like it is new. If it does not fix it then "enable" it and put it back in. But there is always the risk of not being able to reconnect unless you can first run an ethernet cable to to router. Do you have onboard graphics? Then you could uninstall the video card and remove it and see if that fixes it. nVidia does have archived drivers and going back to an old one may fix it.

     

    Have you tried starting in Safe Mode? If the CPU usage is normal then it may be a background program.

     

    System Restore is great. Try that first. After you go back in time then see if the CPU use is normal. If it is then check the accept on the system restore window. If it does not fix it then select the option to not revert to the past. Since this just backs out programs and not data, I have never had going back in time to cause any problems.

     

    Completely unistalling hardware and reinstalling it can fix lots of problems and with automatic updates you can get back up to speed quickly.

     

    My MIS guys at work never figure out what the problem is. They find that it is faster to just rip everything out and reinstall it all.

    Sunday, March 16, 2008 2:26 PM
  • I can also confirm this.

     

    Vista (in my case Ultimate) does not like MN 3.1!

     

    Andy.

    Wednesday, July 09, 2008 2:09 PM
  • I also have the CPU Usuage at 100% but only when i am downloading. It goes to between 90-100% and as a result my computer goes really slow and u cant really do anything. But as soon as my download finishes CPU usuage goes back to normal i.e. 0-10%

    Any possible solutions would be great.
    Wednesday, September 03, 2008 3:07 PM
  • Wow!

    I disabled my ALL NICs and it worked ! Great help buddies!
    Friday, January 02, 2009 7:45 AM
  • Its not just a Vista issue, it happened today 02 May 2011 on my windows xp machine as well for the first time. It looks like whenever javac (Java Compiler) was running, the Symantec Antivirus Realtime protection kicked-in and somehow made the System process to take up near-100% utilization. Once the javac was done this went away. I also noticed that today the virus definition was updated automatically(New virus definition file loaded. Version: 130502b) and Symantec AntiVirus Tamper Protection Enabled, New Value 'HKLM\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\SymProtect\RealTimeScan\ProtectionProcess' = '1'. One of these could have created this issue.
    Tuesday, May 03, 2011 4:06 PM
  • I had the same behavior.

    Until I disabled my second NIC, which had no cable connected. ;-)
    I think it's caused by the default Discovery Mapper Driver.
    Buggy software I presume.... 

    Thursday, September 08, 2011 7:20 PM
  • happened to me after I disabled the router with the firewall;

    did you guys see, there are many years since this pest is crawling around;

    no solution from any of the antivirus companies... then where is the source?

    why professionals don't solve it?

    clean reinstall, get a router with a firmware firewall, then change your internet service provider...

     

    Monday, October 17, 2011 7:07 AM
  • The main symptom is the same for my manager's netbook, although not only occasionally but constantly using the CPU.

    • The NM is not installed on the PC.
    • Disabling the antivirus does not solves the problem.
    • Process Explorer shows multiple ntkrnlpa.exe!KeInsertQueueDPC+0x265 threads using massive amounts of CPU time.
    • After disabling the Atheros LAN network card the CPU usage immediately drops to normal level.
    • Stack walking using Windows Performance Toolkit shows L1C62x86.sys been at the end of the "cpu calls", however changing the driver does not solves the problem!

    Has anyone a suggestion what should be the next step from here?

    Could somebody with more experience and understandig about analyzing performance traces please take a look on this trace file? Maybe the solution is obvious from the trace for an expert. Here it is.

    Thanks in advance!


    molni

    Thursday, April 26, 2012 5:32 PM