HBaginski
asked on
Why do I have HIGH CPU USAGE with no programs running?
HELLO.
I have been searching this site for a while now looking for a problem simlar to mine but have found nothing. I'm hoping someone will help me please.
When I open task manager my CPU usage is changing by the second (ie: 33%, 67%, 43%, 82%). While no programs are running a number of processes jump all over the screen including: System, CSRSS.exe, SVCHOST.EXE, acsd.exe, and EXPLORER.EXE. Also TASKMGR.EXE runs at a very high CPU, normally around 20, and the task manager continues to reports errors and shuts down. Even when the Sytem Idles Process reaches 99 for a second the CPU doen not drop to zero.
I really hope someone can help me. I had an IT tech look at my computer the other day for about an hour, but he couldn't figure it out. I have already ran the most recent versions of spyware and adware, but neither fixed the problem.
Thank you in advance for your help.
I have been searching this site for a while now looking for a problem simlar to mine but have found nothing. I'm hoping someone will help me please.
When I open task manager my CPU usage is changing by the second (ie: 33%, 67%, 43%, 82%). While no programs are running a number of processes jump all over the screen including: System, CSRSS.exe, SVCHOST.EXE, acsd.exe, and EXPLORER.EXE. Also TASKMGR.EXE runs at a very high CPU, normally around 20, and the task manager continues to reports errors and shuts down. Even when the Sytem Idles Process reaches 99 for a second the CPU doen not drop to zero.
I really hope someone can help me. I had an IT tech look at my computer the other day for about an hour, but he couldn't figure it out. I have already ran the most recent versions of spyware and adware, but neither fixed the problem.
Thank you in advance for your help.
ASKER
Will running a clean boot remove any installed software from my pc? (ie. autocad, photoshop, etc.)
Hello;
No, it won't remove any software, it'll just "disable common startup programs, settings, and drivers to eliminate possible software conflicts when you start Microsoft Windows XP"
Cheers...
No, it won't remove any software, it'll just "disable common startup programs, settings, and drivers to eliminate possible software conflicts when you start Microsoft Windows XP"
Cheers...
ASKER
I tried running the reboot, but my system would no allow me to deselect the Process System.ini File.
Also, how do I uninstall and reinstall my drivers?
Also, how do I uninstall and reinstall my drivers?
Hello again;
As you mentioned you didn't know how to uninstall and reinstall drivers, i wouldn't recommend trying, at least for now. (No offense)
So i have another suggestion; making a XP repair install. The procedure for this is in the link below:
http://www.michaelstevenstech.com/XPrepairinstall.htm
Cheers...
As you mentioned you didn't know how to uninstall and reinstall drivers, i wouldn't recommend trying, at least for now. (No offense)
So i have another suggestion; making a XP repair install. The procedure for this is in the link below:
http://www.michaelstevenstech.com/XPrepairinstall.htm
Cheers...
ASKER
Will running an XP repair install remove any software from my pc?
Hello;
Yes it'd remain your appliction settings and applications inact but you'll need to reinstall windows updates again.
Cheers...
Yes it'd remain your appliction settings and applications inact but you'll need to reinstall windows updates again.
Cheers...
ASKER
Will i need to reinstall my autocad and photoshop?
If you read the link I've given above, it answers your questions regarding to your installed applications.
ASKER
I downloaded process explorer, but when i try to open it a window says it has encoutered errors and need to shut down.
hi, could you please run HijackThis on your computer and then post the log in this forum? Just copy it here. That would probably help... us.
ASKER
Thank you. Here is my log file:
Logfile of HijackThis v1.99.1
Scan saved at 5:44:01 PM, on 8/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\PROGRA~1\COMMON~1\aol\A CS\acsd.ex e
C:\WINDOWS\system32\cisvc. exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpm gr.exe
C:\WINDOWS\System32\hkcmd. exe
C:\WINDOWS\System32\DSentr y.exe
C:\Program Files\Dell\AccessDirect\da dapp.exe
C:\WINDOWS\System32\carpse rv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\America Online 9.0b\aolwbspd.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Baginski\Local Settings\Temporary Internet Files\Content.IE5\IBOFCDYR \HijackThi s[1].exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.ex e"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr ay.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm gr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd. exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentr y.exe
O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\da dapp.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\cazdyb .exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCt r\Binaries \MSConfig. exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Adobe Gamma Loader (2).lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B 6E1F053A9E 7} - C:\Program Files\EmpirePoker\EmpirePo ker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B 6E1F053A9E 7} - C:\Program Files\EmpirePoker\EmpirePo ker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1 2A255F085E 1} - C:\Program Files\PartyPoker\PartyPoke r.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1 2A255F085E 1} - C:\Program Files\PartyPoker\PartyPoke r.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\System32\Shdocv w.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A 9046DEA8A2 1} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0 060B0FCC12 2} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-0 0108302FDF D} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0 010830243B D} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\T cpip\..\{4 456F95F-D1 D0-40E0-9D 37-0BDFEAC 6B539}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\T cpip\..\{4 456F95F-D1 D0-40E0-9D 37-0BDFEAC 6B539}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr vc.dll
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-3 16290B5B73 8} - C:\WINDOWS\System32\Akfeba ek.dll
Now what should I do?
Logfile of HijackThis v1.99.1
Scan saved at 5:44:01 PM, on 8/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\COMMON~1\aol\A
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\spool\
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpm
C:\WINDOWS\System32\hkcmd.
C:\WINDOWS\System32\DSentr
C:\Program Files\Dell\AccessDirect\da
C:\WINDOWS\System32\carpse
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\America Online 9.0b\aolwbspd.exe
C:\WINDOWS\system32\cidaem
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Baginski\Local Settings\Temporary Internet Files\Content.IE5\IBOFCDYR
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.ex
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentr
O4 - HKLM\..\Run: [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\da
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\cazdyb
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Adobe Gamma Loader (2).lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0
O16 - DPF: {AE563720-B4F5-11D4-A415-0
O16 - DPF: {F281A59C-7B65-11D3-8617-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-3
Now what should I do?
Right, if I were you, I would remove from the registry some or all of the entries below:
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr ay.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd. exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentr y.exe
??? [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\da dapp.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\cazdyb .exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
??? [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCt r\Binaries \MSConfig. exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
I don't know all of the apps you got there. Those I don't recognize are marked with question marks...
The rest you can remove from the registry branch at:
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run
After restarting the computer check if anything improved and let us know.
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentr
??? [Desksite CMA] c:\program files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\da
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\cazdyb
O4 - HKLM\..\Run: [CARPService] carpserv.exe
??? [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
I don't know all of the apps you got there. Those I don't recognize are marked with question marks...
The rest you can remove from the registry branch at:
HKEY_LOCAL_MACHINE\SOFTWAR
After restarting the computer check if anything improved and let us know.
And one more thing, did you try to reinstall AOL?
ASKER
I removed them from the registry and reinstalled AOL. My CPU usage improved a little, but it's still running around 40 to 50 percent usage. The following procceses continue to use CPU:
scvhost.exe (2), EXPLORER.EXE, System, CSRSS.exe, and task manager continues to run at a high CPU. The task manager is probably an effect of the other processes starting and stopping every few seconds. What can be causing these processes to run and how can I stop them from running all the time.
scvhost.exe (2), EXPLORER.EXE, System, CSRSS.exe, and task manager continues to run at a high CPU. The task manager is probably an effect of the other processes starting and stopping every few seconds. What can be causing these processes to run and how can I stop them from running all the time.
ASKER
When on the internet my CPU is jumping back and forth between 60 and 90 percent usage.
waol.exe, aolwbspb.exe, companion.exe,
waol.exe, aolwbspb.exe, companion.exe,
the processes you enumerated above are system processes. You should leave them, they show up no matter what.
now, try opening the device manager by clicking right mouse button on "My computer" and then clicking "Properties". Open "Hardware" tab and go to "Device Manager". Once there, locate IDE/ATAPI controller. Open it and go to "Primary IDE channel". Double click on it and then go to "Advanced Settings" tab. Both "Transfer types" should be "DMA if available". If that's so, go to the "Secondary IDE channel" and check the same.
If "DMA..." is set to every device there, please tell me how much RAM does your computer have and what's the usage of it? go to "Task Manager" where you can check that.
One more question: what kind of antispyware software did you use?
Regards
now, try opening the device manager by clicking right mouse button on "My computer" and then clicking "Properties". Open "Hardware" tab and go to "Device Manager". Once there, locate IDE/ATAPI controller. Open it and go to "Primary IDE channel". Double click on it and then go to "Advanced Settings" tab. Both "Transfer types" should be "DMA if available". If that's so, go to the "Secondary IDE channel" and check the same.
If "DMA..." is set to every device there, please tell me how much RAM does your computer have and what's the usage of it? go to "Task Manager" where you can check that.
One more question: what kind of antispyware software did you use?
Regards
and if everything fails, please do the HIjackthis again and post it once more. maybe there's a persistent spyware that wasn't really removed.
First check system with safe mode, if it is ok then next...
try to go for a system restore. (Previous date with good working condition)
a simple question, exactly what cpu do you use in this machine?
ASKER
Followed the My Computer instructions.....everthing was already set to DMA if available.
Ram = 384 MB
Used = 150 (when nothing running)
Basically my System Idle Process is never at 99
There are always about 6 processes starting and stopping; they jump all over the place on the Task Manager Process Tab. Task manager eventually terminates from errors. When I run in safe mode my CPU jumps around from 0 to 10 percent.
I have Norton, Adware, and Spybot- Search & Destoy. I have run all of them numerous times now and haven't found anything.
Ram = 384 MB
Used = 150 (when nothing running)
Basically my System Idle Process is never at 99
There are always about 6 processes starting and stopping; they jump all over the place on the Task Manager Process Tab. Task manager eventually terminates from errors. When I run in safe mode my CPU jumps around from 0 to 10 percent.
I have Norton, Adware, and Spybot- Search & Destoy. I have run all of them numerous times now and haven't found anything.
ASKER
Current Log File
Logfile of HijackThis v1.99.1
Scan saved at 5:15:27 PM, on 8/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools v.exe
C:\PROGRA~1\COMMON~1\aol\A CS\acsd.ex e
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpm gr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\America Online 9.0c\aoltray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\America Online 9.0c\shellmon.exe
C:\Program Files\America Online 9.0c\aolwbspd.exe
C:\WINDOWS\system32\cidaem on.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.e xe
C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE
C:\Documents and Settings\Baginski\Desktop\ HijackThis .exe
C:\Program Files\Symantec\LiveUpdate\ NDETECT.EX E
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-2 98DDF1699E 1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A 37C9A5676A 7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt .dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm gr.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - Global Startup: Adobe Gamma Loader (2).lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\System32\Shdocv w.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0 0105AA9B6A E} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E 099162EEEC 5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0 060B0FCC12 2} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-0 0108302FDF D} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0 010830243B D} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\T cpip\..\{4 456F95F-D1 D0-40E0-9D 37-0BDFEAC 6B539}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\T cpip\..\{4 456F95F-D1 D0-40E0-9D 37-0BDFEAC 6B539}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr vc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\A CS\acsd.ex e
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN T~1\SCRIPT ~1\SBServ. exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:15:27 PM, on 8/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\PROGRA~1\COMMON~1\aol\A
C:\WINDOWS\system32\cisvc.
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\
C:\Program Files\HP\hpcoretech\hpcmpm
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\America Online 9.0c\aoltray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\America Online 9.0c\shellmon.exe
C:\Program Files\America Online 9.0c\aolwbspd.exe
C:\WINDOWS\system32\cidaem
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.e
C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE
C:\Documents and Settings\Baginski\Desktop\
C:\Program Files\Symantec\LiveUpdate\
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: Adobe Gamma Loader (2).lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0
O16 - DPF: {AE563720-B4F5-11D4-A415-0
O16 - DPF: {F281A59C-7B65-11D3-8617-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\A
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try to using process explorer 9
this gives a good and deep look of every process
it is far more better than HijackThis
http://www.sysinternals.com/Utilities/ProcessExplorer.html
this gives a good and deep look of every process
it is far more better than HijackThis
http://www.sysinternals.com/Utilities/ProcessExplorer.html
ASKER
Thanks alot smirk. Not sure what did it, but after following all of your ideas my CPU now runs around 10% usage. I appreciate your help.
No problem, glad to have been of service :)
The things that may cause high cpu usage are viruses, worms, bad drivers etc
As you said you used latest spyware programs; it's probably not an issue.
First, i'd recommend scanning viruses with latest definition files.
Second; these high cpu utilization sometimes caused by bad or corrupt drivers. Try uninstalling your drivers and reinstall them, refereably with known-as-working versions.
Third; i'd recommend clean boot of windows. The steps for clean boot is http://support.microsoft.com/default.aspx?scid=kb;en-us;Q310353
Hope those help...
Cheers...