Few days ago I replaced my router, and since then im experiencing some problems with the kernel CPU usage, it uses 40-80% of my CPU (see attached screen-shot). For now the only way I found to resolve it is by restarting the router.

* Few more symptom that I noticed is that when the CPU usage goes up the http protocol stops working (but I can still download using P2P and get emails, just not websites or even the routers for that matter (I however do so from other computers)).
* If I ask to ipconfig /renew or /release I get the following error “The operation failed as no adapter is in the state permissible for this operation.” (Normally it’s not a problem)
* If I close all app that are using the internet the cpu usage will go down to normal (normally, even when those apps are running I have 99+% idle)
* The only way my computer differs from the other computers in the LAN is that my computer is not using the DHCP sever, it uses static IP (I need it for the port forwarding). I tried to remove my IP from the DHCP allocation and also tried to include it but in the end, both in vain.

I know it started with the new router but it’s a software/configuration problem, no?

I’m not an IT guy, can anyone give me a hint or let me know what the frak is the problem? :cry:

Thanks for the help guys.

http://upload4.postimage.org/1513825/cpukp.jpg (http://upload4.postimage.org/1513825/photo_hosting.html)

try getting rootkit hook analyser: http://www.resplendence.com/hookanalyzer

and check if you didn't get rooted by some sort of rootkit.

also get sysinternals process explorer and check out what is using so much cpu power.

Thanks Delfi, I’ll check it as soon as it get home

As cool as those tools are, I have no idea how to use the information they provide.. :(

* What I did find out is that System (PID: 4) is the process that uses all of the CPU, still not sure way.
* I installed the old router and the problem persists.
* When starting an application that uses a lot of socket connections (i.e eMule) there is no problem, the more connections eMule establishes the more CPU the kernel uses up to 100%..
* When I close eMule (a simple task that can take forever when kernel is at 100%) the kernel uses drops significantly, even until 0%.
* I scanned my computer for viruses other malwares, didn’t found a thing..

Any ideas?

Great tool for rootkits! I've been looking for one like that. I don't use antiviruses anymore, neither antispywares, you can't believe on them, that's my conclusion. I haven't used them for 4 years now, while sharing files and documents with P2P, and my computer is completely clean. Instead I use analysis tools. I even made my own in Delphi :D The best solution against malware is knowing what's hidden in your system. By the way, I have found the source code of a rootkit written in Delphi for experimentation, it's very cool.

This the tool I made in Delphi, I still have to add the removal option, but it does the full analysis:

http://www.pcgoose.com

tanffn - You could check your system with Security Task Manager ( http://www.neuber.com/taskmanager/ ).

As cool as those tools are, I have no idea how to use the information they provide.. :(

* What I did find out is that System (PID: 4) is the process that uses all of the CPU, still not sure way.
* I installed the old router and the problem persists.
* When starting an application that uses a lot of socket connections (i.e eMule) there is no problem, the more connections eMule establishes the more CPU the kernel uses up to 100%..
* When I close eMule (a simple task that can take forever when kernel is at 100%) the kernel uses drops significantly, even until 0%.
* I scanned my computer for viruses other malwares, didn’t found a thing..

Any ideas?

I guess it would be the driver, just out of curiosity, what netcard do you have? if it is onboard, which motherboard? try another pci netcard.

run the rootkit tool i linked to, click refresh on hooks page and post up a screenshoot here.

cronodragon: hehe, same here, a collection of tools from sysinternals and resplendence works great for me, and i also haven't got a virus/trojan/rootkit in last 3 years ;)

Thanks guys for helping me with this, I really appreciate this.

I can’t remember the last time I found a viruses or malware in my system, but it’s a must in my moms computer :) and having AVG in the background never really bothered me.

I exported the data after pressing Analyze + show hooked services only:

Service name Syscall Address Hooked Module Product Company Description
---------------------------------------------------------------------------------------------------------------------------------------------------------
NtClose, ZwClose 25 0xF736C028 YES a347bus.sys Plug and Play BIOS Extension
NtCreateKey, ZwCreateKey 41 0xF736BFE0 YES a347bus.sys Plug and Play BIOS Extension
NtCreatePagingFile, ZwCreatePagingFile 45 0xF735FB00 YES a347bus.sys Plug and Play BIOS Extension
NtEnumerateKey, ZwEnumerateKey 71 0xF73605DC YES a347bus.sys Plug and Play BIOS Extension
NtEnumerateValueKey, ZwEnumerateValueKey 73 0xF736C120 YES a347bus.sys Plug and Play BIOS Extension
NtOpenFile, ZwOpenFile 116 0xF735FB40 YES a347bus.sys Plug and Play BIOS Extension
NtOpenKey, ZwOpenKey 119 0xF736BFA4 YES a347bus.sys Plug and Play BIOS Extension
NtQueryKey, ZwQueryKey 160 0xF73605FC YES a347bus.sys Plug and Play BIOS Extension
NtQueryValueKey, ZwQueryValueKey 177 0xF736C076 YES a347bus.sys Plug and Play BIOS Extension
NtSetSystemPowerState, ZwSetSystemPowerState 241 0xF736B550 YES a347bus.sys Plug and Play BIOS Extension

When the kernel usage is high and I try to open a new connection (with DAP or uTorrent) I get this error:

"An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full."

Strange, what about OS, do you have SP2? SP2 limits some stuff about amout of connections.. you will need to check that out, also go to control panel > administrative tools > event viewer, and check out for any unusual entries in system and application sections.

Yeah i'm using XP SP2, with the latest Windiz Updates (http://windowsupdate.62nds.com/).

one of the 1st things I tried is check the event viewer, I didn't found anything wrong..

btw the error refers to .Net, and 50+ protocols thats not my case..

So Delfi you finally gave up? :cry: I really really don't want to reinstall windows..