CPU usage fluctuating up to 100% & system very slow

Posted on 2004-11-24
Last Modified: 2008-01-09
My Win2k PC (Service Pack 4) has just started having a problem whereby the CPU usage fluctuates for no apparent reason and sometimes goes up to 100%. It becomes unresponsive and unusable, even before it gets to 100%.

This can happen when no applications are running. It is very difficult to tell from Task Manager exactly which process is tying up the CPU (update speed set to low) - it doesn't seem to be any of them! Sometimes, the CPU usage looks as though it is low, but the system is still very very very slow - we're talking a minute or two before it will respond at all and then it does so very slowly. I have run AVG and Trend Micro antivirus (online scanner), which found nothing. Adaware and Spybot find nothing significant. Are some processes hidden? Is there any way of showing everything?

The system seems to be ok in Safe mode.

Rebooting used to fix the problem for a few hours at least, but today (after a power outage) the system keeps getting really slow after a few minutes of use. Sometimes rebooting takes ages - it gets stuck for a few minutes on the "Starting Windows" page.

When in Task Manager, the bottom of the window will say something like CPU 65% and the System Idle process will be 99%. How can that be right?

Is it possible that it's a hardware problem? Could a faulty or overheated CPU cause this issue? Leaving the computer off for a few hours seems to improve matters - but maybe that's just coincidence as it will sometimes run for days without a problem.

I want to avoid having to reformat if at all possible, mainly because I am not convinced that reformatting will solve the problem - unless anyone knows different?

All help gratefully received

Question by:Sal_Laz
    LVL 18

    Expert Comment

    A good program to use to show you everything running on your computer is:


    Here is a tutorial on HijackThis

    You can also use it to delete all the bad crap...but be very careful before deleting anything that you have MADE SURE it is "bad"
    LVL 18

    Expert Comment

    Also, when running adaware and spybot...did you make sure they were up to date AND also run them in safe mode?

    Author Comment

    I ran Spybot in Safe mode, but Adaware wouldn't work for some reason? I will try again. I ran Pest Patrol online and it identified "Backweb" as spyware. It seems to have been installed with my Logitech mouse driver and some sources say it is ok in this context. However, I uninstalled my Logitech mouse software earlier to see if that was causing the problem and Backweb remains...

    My HijackThis log is as follows:

    Logfile of HijackThis v1.98.2
    Scan saved at 17:03:37, on 24/11/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Multipass\My Documents\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [piiserviceOE] "C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
    O16 - DPF: ppctlcab -
    O16 - DPF: Yahoo! Pool 2 -
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O20 - AppInit_DLLs: PAVWAIT.DLL

    So, is there anything anyone recognises to be dodgy in there?


    LVL 18

    Expert Comment

    Your log looked ok to me..but of course there are some things that are particular to programs that I"m not familar with.

    In the future, you can post your log to the following site to have it analyzed: I think we've ruled out spyware....maybe someone else has some comments. I'll keep looking.
    LVL 4

    Expert Comment

    Run Stinger from McAfee (  Many viruses/trojans can hide away from basic scanners.  Stinger is designed to find and fix these.  Run it in safe mode.

    High CPU levels aren't usually associated with hardware problems.  It usually means something is 'doing something'.  

    Are you seeing excessive disk access at the same time?

    Does the problem occur when you are disconnected from the Internet/network?

    Have you run any memory tests?  (


    Author Comment

    I ran stinger which didn't find anything. Also ran Memtest for over an hour - no errors.

    There doesn't seem to be any disk activity at the same time as the high cpu usage.

    In general, the problem only occurs when connected to the network, especially when a firefox browser window is open. However, yesterday, (when the problem was constant), when rebooting, windows started up very slowly and the system was very slow once I was logged in, even without the network adapter plugged in (I have a Belkin F5D5050uk USB to ethernet adapter ). I originally thought the problem was being caused by a Netgear WG121 wireless adapter as other people on various forums seemed to be having a similar problem - apparently their problem was being caused by an incompatibility between the chipset in the WG121 and Athlon processors (guess what processor I have?!). However, this has now been uninstalled and I'm using the Belkin. Could the Netgear still be causing problems if it didn't uninstall completely? Or maybe the Belkin also has an incompatible chipset?

    Any other suggestions?


    Author Comment

    Further info:

    Checked the event viewer and there are a set of 4 errors which have been occuring regularly recently. The system has just tied up again, so when I manage to reboot I will check if these errors coincided with the problem.. The errors are, in order:


    It took about 5 mins to respond to ctrl-alt-del. It was connected to the network at the time, but the internet lock was engaged on zone alarm. The only windows open were Admin tools and Event Viewer

    LVL 4

    Expert Comment

    Eo sort the Perfdisk error try this:
    LVL 4

    Expert Comment

    LVL 4

    Expert Comment

    LVL 4

    Expert Comment

    Perfnet is probably being caused by the Perfdisk problem and will probably disappear when it has been fixed.

    Good luck,


    Author Comment

    These errors seem to have fixed themsleves?! I spent some time deleting program fragments from the registry using Reg Supreme Pro. There was an error occurring that told me that Panda Process Protection Driver failed to start, but that hasn't happened the last couple of days. Panda was (supposedly) uninstalled weeks ago. Could this have been causing problems? I deleted all refererences to Panda that show up in Reg Supreme Pro, but using regedit, there still seem to be a lot of references to panda drivers - shldrv.sys PavPrSrv, PAVDRV, PAVSRV. Trying to uninstall the Program via Reg Supreme results in it reappearing straight away. I started the Panda installer to see if it would give me a chance to uninstall the remaining fragments, but it seemed to reinstall several files including shlddrv.sys and PavPrSrv despite the fact that the installation was cancelled early on. There are references to the panda files in "Legacy" in the registry - what do the Legacy entries do? Is there any way I can get rid of all these pesky entries? They have a security key that is not accessible. Does anyone know if  Panda have a removal tool and if so where I can get it?

    Another error that has been occuring is NetBT Eventid 4319 - A duplicate name has been detected on the TCP network. Could this be causing the computer freeze? Also MRxSmb Eventid 8003 - the master browser received a server announcement from the computer FRODO that beleives it is the master browser for the domain... Could this cause a freeze? (The freeze has also happened with no other computers on the network)

    Any suggestions?


    Author Comment

    Currently looking into the possibility that there is some conflict with Zone Alarm or a Zone Alarm setting  causing the freeze. (Doing a google search shows that other people have had similar problems with ZA). Any comments?



    Accepted Solution

    This problem turned out to be caused by a faulty motherboard


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    These days socially coordinated efforts have turned into a critical requirement for enterprises.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now