CPU usage fluctuating up to 100% & system very slow

My Win2k PC (Service Pack 4) has just started having a problem whereby the CPU usage fluctuates for no apparent reason and sometimes goes up to 100%. It becomes unresponsive and unusable, even before it gets to 100%.

This can happen when no applications are running. It is very difficult to tell from Task Manager exactly which process is tying up the CPU (update speed set to low) - it doesn't seem to be any of them! Sometimes, the CPU usage looks as though it is low, but the system is still very very very slow - we're talking a minute or two before it will respond at all and then it does so very slowly. I have run AVG and Trend Micro antivirus (online scanner), which found nothing. Adaware and Spybot find nothing significant. Are some processes hidden? Is there any way of showing everything?

The system seems to be ok in Safe mode.

Rebooting used to fix the problem for a few hours at least, but today (after a power outage) the system keeps getting really slow after a few minutes of use. Sometimes rebooting takes ages - it gets stuck for a few minutes on the "Starting Windows" page.

When in Task Manager, the bottom of the window will say something like CPU 65% and the System Idle process will be 99%. How can that be right?

Is it possible that it's a hardware problem? Could a faulty or overheated CPU cause this issue? Leaving the computer off for a few hours seems to improve matters - but maybe that's just coincidence as it will sometimes run for days without a problem.

I want to avoid having to reformat if at all possible, mainly because I am not convinced that reformatting will solve the problem - unless anyone knows different?

All help gratefully received

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

A good program to use to show you everything running on your computer is:

hijackthis: http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Here is a tutorial on HijackThis


You can also use it to delete all the bad crap...but be very careful before deleting anything that you have MADE SURE it is "bad"
Also, when running adaware and spybot...did you make sure they were up to date AND also run them in safe mode?
Sal_LazAuthor Commented:
I ran Spybot in Safe mode, but Adaware wouldn't work for some reason? I will try again. I ran Pest Patrol online and it identified "Backweb" as spyware. It seems to have been installed with my Logitech mouse driver and some sources say it is ok in this context. However, I uninstalled my Logitech mouse software earlier to see if that was causing the problem and Backweb remains...

My HijackThis log is as follows:

Logfile of HijackThis v1.98.2
Scan saved at 17:03:37, on 24/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Multipass\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [piiserviceOE] "C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/178cd9fb8ce3fb9d2716/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.warwick.ac.uk/newwebcam/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

So, is there anything anyone recognises to be dodgy in there?


Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Your log looked ok to me..but of course there are some things that are particular to programs that I"m not familar with.

In the future, you can post your log to the following site to have it analyzed:


Hmmm...so I think we've ruled out spyware....maybe someone else has some comments. I'll keep looking.
Run Stinger from McAfee (http://vil.nai.com/vil/stinger/).  Many viruses/trojans can hide away from basic scanners.  Stinger is designed to find and fix these.  Run it in safe mode.

High CPU levels aren't usually associated with hardware problems.  It usually means something is 'doing something'.  

Are you seeing excessive disk access at the same time?

Does the problem occur when you are disconnected from the Internet/network?

Have you run any memory tests?  (http://www.memtest86.com/)

Sal_LazAuthor Commented:
I ran stinger which didn't find anything. Also ran Memtest for over an hour - no errors.

There doesn't seem to be any disk activity at the same time as the high cpu usage.

In general, the problem only occurs when connected to the network, especially when a firefox browser window is open. However, yesterday, (when the problem was constant), when rebooting, windows started up very slowly and the system was very slow once I was logged in, even without the network adapter plugged in (I have a Belkin F5D5050uk USB to ethernet adapter ). I originally thought the problem was being caused by a Netgear WG121 wireless adapter as other people on various forums seemed to be having a similar problem - apparently their problem was being caused by an incompatibility between the chipset in the WG121 and Athlon processors (guess what processor I have?!). However, this has now been uninstalled and I'm using the Belkin. Could the Netgear still be causing problems if it didn't uninstall completely? Or maybe the Belkin also has an incompatible chipset?

Any other suggestions?

Sal_LazAuthor Commented:
Further info:

Checked the event viewer and there are a set of 4 errors which have been occuring regularly recently. The system has just tied up again, so when I manage to reboot I will check if these errors coincided with the problem.. The errors are, in order:


It took about 5 mins to respond to ctrl-alt-del. It was connected to the network at the time, but the internet lock was engaged on zone alarm. The only windows open were Admin tools and Event Viewer

Eo sort the Perfdisk error try this:

Perfnet is probably being caused by the Perfdisk problem and will probably disappear when it has been fixed.

Good luck,

Sal_LazAuthor Commented:
These errors seem to have fixed themsleves?! I spent some time deleting program fragments from the registry using Reg Supreme Pro. There was an error occurring that told me that Panda Process Protection Driver failed to start, but that hasn't happened the last couple of days. Panda was (supposedly) uninstalled weeks ago. Could this have been causing problems? I deleted all refererences to Panda that show up in Reg Supreme Pro, but using regedit, there still seem to be a lot of references to panda drivers - shldrv.sys PavPrSrv, PAVDRV, PAVSRV. Trying to uninstall the Program via Reg Supreme results in it reappearing straight away. I started the Panda installer to see if it would give me a chance to uninstall the remaining fragments, but it seemed to reinstall several files including shlddrv.sys and PavPrSrv despite the fact that the installation was cancelled early on. There are references to the panda files in "Legacy" in the registry - what do the Legacy entries do? Is there any way I can get rid of all these pesky entries? They have a security key that is not accessible. Does anyone know if  Panda have a removal tool and if so where I can get it?

Another error that has been occuring is NetBT Eventid 4319 - A duplicate name has been detected on the TCP network. Could this be causing the computer freeze? Also MRxSmb Eventid 8003 - the master browser received a server announcement from the computer FRODO that beleives it is the master browser for the domain... Could this cause a freeze? (The freeze has also happened with no other computers on the network)

Any suggestions?

Sal_LazAuthor Commented:
Currently looking into the possibility that there is some conflict with Zone Alarm or a Zone Alarm setting  causing the freeze. (Doing a google search shows that other people have had similar problems with ZA). Any comments?


Sal_LazAuthor Commented:
This problem turned out to be caused by a faulty motherboard


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.