[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

CPU usage fluctuating up to 100% & system very slow

Posted on 2004-11-24
16
Medium Priority
?
798 Views
Last Modified: 2008-01-09
My Win2k PC (Service Pack 4) has just started having a problem whereby the CPU usage fluctuates for no apparent reason and sometimes goes up to 100%. It becomes unresponsive and unusable, even before it gets to 100%.

This can happen when no applications are running. It is very difficult to tell from Task Manager exactly which process is tying up the CPU (update speed set to low) - it doesn't seem to be any of them! Sometimes, the CPU usage looks as though it is low, but the system is still very very very slow - we're talking a minute or two before it will respond at all and then it does so very slowly. I have run AVG and Trend Micro antivirus (online scanner), which found nothing. Adaware and Spybot find nothing significant. Are some processes hidden? Is there any way of showing everything?

The system seems to be ok in Safe mode.

Rebooting used to fix the problem for a few hours at least, but today (after a power outage) the system keeps getting really slow after a few minutes of use. Sometimes rebooting takes ages - it gets stuck for a few minutes on the "Starting Windows" page.

When in Task Manager, the bottom of the window will say something like CPU 65% and the System Idle process will be 99%. How can that be right?

Is it possible that it's a hardware problem? Could a faulty or overheated CPU cause this issue? Leaving the computer off for a few hours seems to improve matters - but maybe that's just coincidence as it will sometimes run for days without a problem.

I want to avoid having to reformat if at all possible, mainly because I am not convinced that reformatting will solve the problem - unless anyone knows different?

All help gratefully received

Sal
0
Comment
Question by:Sal_Laz
  • 6
  • 5
  • 3
14 Comments
 
LVL 18

Expert Comment

by:luv2smile
ID: 12667393
A good program to use to show you everything running on your computer is:

hijackthis: http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Here is a tutorial on HijackThis

http://www.spywareinfo.com/~merijn/htlogtutorial.html

You can also use it to delete all the bad crap...but be very careful before deleting anything that you have MADE SURE it is "bad"
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12667411
Also, when running adaware and spybot...did you make sure they were up to date AND also run them in safe mode?
0
 

Author Comment

by:Sal_Laz
ID: 12667551
I ran Spybot in Safe mode, but Adaware wouldn't work for some reason? I will try again. I ran Pest Patrol online and it identified "Backweb" as spyware. It seems to have been installed with my Logitech mouse driver and some sources say it is ok in this context. However, I uninstalled my Logitech mouse software earlier to see if that was causing the problem and Backweb remains...

My HijackThis log is as follows:

Logfile of HijackThis v1.98.2
Scan saved at 17:03:37, on 24/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\SYSTEM32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Multipass\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [piiserviceOE] "C:\Program Files\Spam Inspector Outlook Express\Spam Inspector Outlook Express Edition\piiserviceOE.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/178cd9fb8ce3fb9d2716/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.warwick.ac.uk/newwebcam/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O20 - AppInit_DLLs: PAVWAIT.DLL

So, is there anything anyone recognises to be dodgy in there?

Sal

0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 18

Expert Comment

by:luv2smile
ID: 12667679
Your log looked ok to me..but of course there are some things that are particular to programs that I"m not familar with.

In the future, you can post your log to the following site to have it analyzed:

http://www.hijackthis.de/index.php?langselect=english

Hmmm...so I think we've ruled out spyware....maybe someone else has some comments. I'll keep looking.
0
 
LVL 4

Expert Comment

by:rubiconx
ID: 12670694
Run Stinger from McAfee (http://vil.nai.com/vil/stinger/).  Many viruses/trojans can hide away from basic scanners.  Stinger is designed to find and fix these.  Run it in safe mode.

High CPU levels aren't usually associated with hardware problems.  It usually means something is 'doing something'.  

Are you seeing excessive disk access at the same time?

Does the problem occur when you are disconnected from the Internet/network?

Have you run any memory tests?  (http://www.memtest86.com/)

Dave
0
 

Author Comment

by:Sal_Laz
ID: 12675460
I ran stinger which didn't find anything. Also ran Memtest for over an hour - no errors.

There doesn't seem to be any disk activity at the same time as the high cpu usage.

In general, the problem only occurs when connected to the network, especially when a firefox browser window is open. However, yesterday, (when the problem was constant), when rebooting, windows started up very slowly and the system was very slow once I was logged in, even without the network adapter plugged in (I have a Belkin F5D5050uk USB to ethernet adapter ). I originally thought the problem was being caused by a Netgear WG121 wireless adapter as other people on various forums seemed to be having a similar problem - apparently their problem was being caused by an incompatibility between the chipset in the WG121 and Athlon processors (guess what processor I have?!). However, this has now been uninstalled and I'm using the Belkin. Could the Netgear still be causing problems if it didn't uninstall completely? Or maybe the Belkin also has an incompatible chipset?

Any other suggestions?

Sal
0
 

Author Comment

by:Sal_Laz
ID: 12680921
Further info:

Checked the event viewer and there are a set of 4 errors which have been occuring regularly recently. The system has just tied up again, so when I manage to reboot I will check if these errors coincided with the problem.. The errors are, in order:

Perfdisk
Perfnet
Perfnet
Rasctrs

It took about 5 mins to respond to ctrl-alt-del. It was connected to the network at the time, but the internet lock was engaged on zone alarm. The only windows open were Admin tools and Event Viewer

Sal
0
 
LVL 4

Expert Comment

by:rubiconx
ID: 12682652
Eo sort the Perfdisk error try this:

http://www.jsiinc.com/SUBI/tip4000/rh4065.htm
0
 
LVL 4

Expert Comment

by:rubiconx
ID: 12682659
0
 
LVL 4

Expert Comment

by:rubiconx
ID: 12682664
0
 
LVL 4

Expert Comment

by:rubiconx
ID: 12682685
Perfnet is probably being caused by the Perfdisk problem and will probably disappear when it has been fixed.

Good luck,

Dave
0
 

Author Comment

by:Sal_Laz
ID: 12695779
These errors seem to have fixed themsleves?! I spent some time deleting program fragments from the registry using Reg Supreme Pro. There was an error occurring that told me that Panda Process Protection Driver failed to start, but that hasn't happened the last couple of days. Panda was (supposedly) uninstalled weeks ago. Could this have been causing problems? I deleted all refererences to Panda that show up in Reg Supreme Pro, but using regedit, there still seem to be a lot of references to panda drivers - shldrv.sys PavPrSrv, PAVDRV, PAVSRV. Trying to uninstall the Program via Reg Supreme results in it reappearing straight away. I started the Panda installer to see if it would give me a chance to uninstall the remaining fragments, but it seemed to reinstall several files including shlddrv.sys and PavPrSrv despite the fact that the installation was cancelled early on. There are references to the panda files in "Legacy" in the registry - what do the Legacy entries do? Is there any way I can get rid of all these pesky entries? They have a security key that is not accessible. Does anyone know if  Panda have a removal tool and if so where I can get it?

Another error that has been occuring is NetBT Eventid 4319 - A duplicate name has been detected on the TCP network. Could this be causing the computer freeze? Also MRxSmb Eventid 8003 - the master browser received a server announcement from the computer FRODO that beleives it is the master browser for the domain... Could this cause a freeze? (The freeze has also happened with no other computers on the network)

Any suggestions?

Sal
0
 

Author Comment

by:Sal_Laz
ID: 12727764
Currently looking into the possibility that there is some conflict with Zone Alarm or a Zone Alarm setting  causing the freeze. (Doing a google search shows that other people have had similar problems with ZA). Any comments?

Thanks

Sal
0
 

Accepted Solution

by:
Sal_Laz earned 0 total points
ID: 14306670
This problem turned out to be caused by a faulty motherboard

Sal
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Loops Section Overview
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question