robcrazee
asked on
What could be causing 100% cpu usage on a windows tablet pc when all non-microsoft services are disabled and all startup entries are disabled?
We have a MOTION COMPUTING tablet pc running MS WINDOWS XP TABLET PC 2005 W/SP3.It is a 1 Ghz machine with 1gb ram.It has AVG Network Edition antivirus(version 9).It is used by a doctor and he has some medical programs, ms office.We have removed AVG completely.We have disabled startup items and non microsoft services one by one and ALL altogether.Still cpu usage is 100%.The tablet APPEARS to run ok for the most part but it locks up when the medical program is accessed on a server.The tablet is used wirelessly AND wired.It does not lock up all the time.It is virus/spyware free.
There is another tablet that "locked" up as well but there are other desktop pc's that are not locking up when accessing the medical program.
These motion pc's do not APPEAR to be overheating.(ac adapter and tablet only WARM to the touch and they arent powering down). What else can we check? Thanks in advance..
There is another tablet that "locked" up as well but there are other desktop pc's that are not locking up when accessing the medical program.
These motion pc's do not APPEAR to be overheating.(ac adapter and tablet only WARM to the touch and they arent powering down). What else can we check? Thanks in advance..
Hi.
It should be better if you can list all process that still running and show CPU usage.
It should be better if you can list all process that still running and show CPU usage.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry.BEFORE i stopped certain processes and services the only process in task manager using double digit numbers(48% at time) was EXPLORER.EXE. The cpu usage was at 100%.But even after shutting down ALL startup items and ALL NON-MICROSOFT SERVICES then rebooting tablet, the cpu usage was STILL 100%! After doing this though the EXPLORER.EXE process was only at 4% and there was a process SVCHOST.EXE running at 97%.I'll have to post tomorrow the SPECIFIC services/processes as i'm very tired and going to bed.Not feeling well.Thanks for responses so far.
i've seen windows updates (service: automatic updates) cause this on a badly outdated machine
you might also try defragging the hard drive, it might help on older machines too
if it is windows updates, you'll have to suck it up and COMPLETE all the updates, then it should be quiet - or you can alternatively disable them too
as thepanch said, most viruses run as svchost.exe, as well as most windows processes do too.
process explorer/monitor can help you determine which service is running it up, and we can go from there
http://live.sysinternals.com/Procmon.exe
you might also try defragging the hard drive, it might help on older machines too
if it is windows updates, you'll have to suck it up and COMPLETE all the updates, then it should be quiet - or you can alternatively disable them too
as thepanch said, most viruses run as svchost.exe, as well as most windows processes do too.
process explorer/monitor can help you determine which service is running it up, and we can go from there
http://live.sysinternals.com/Procmon.exe
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
where did you copy/paste that from
I would recommend you to use a sysinternals utility called process explorer. It will tell you exactly what you want. you can download it from here
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Now move on to safe mode and run following
Antivirus (use any one)
1. Eset Nod32
2. Symantec End point
3. Kaspersky
4. Norton 360
Antimaleware and antispyware ( use all of these after updating them)
1. Malewarebytes >> http:www.malwarebytes.org
2. Superantispyware >> http://www.superantispyware.com/
3. Hitmanpro's Surfright >> http://www.surfright.nl/en/hitmanpro
4. Hijack this >> http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
5. Combofix >> http://www.bleepingcomputer.com/combofix/how-to-use-combofix
6. Bitdefender >> http://kb.bitdefender.com/site/KnowledgeBase/consumer/#627
7. SPybot http://www.filehippo.com/download_spybot_search_destroy/
8. CCleaner http://www.filehippo.com/download_ccleaner/
9. Registry Cleaner http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
10. Defraggler http://www.filehippo.com/download_defraggler/
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Now move on to safe mode and run following
Antivirus (use any one)
1. Eset Nod32
2. Symantec End point
3. Kaspersky
4. Norton 360
Antimaleware and antispyware ( use all of these after updating them)
1. Malewarebytes >> http:www.malwarebytes.org
2. Superantispyware >> http://www.superantispyware.com/
3. Hitmanpro's Surfright >> http://www.surfright.nl/en/hitmanpro
4. Hijack this >> http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
5. Combofix >> http://www.bleepingcomputer.com/combofix/how-to-use-combofix
6. Bitdefender >> http://kb.bitdefender.com/site/KnowledgeBase/consumer/#627
7. SPybot http://www.filehippo.com/download_spybot_search_destroy/
8. CCleaner http://www.filehippo.com/download_ccleaner/
9. Registry Cleaner http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
10. Defraggler http://www.filehippo.com/download_defraggler/
ASKER
Thanks to all who replied.Shoutout to BRYON.What's up buddy?
I wanted to give you all some updated information. I went into SAFE MODE and the CPU USAGE is 100% as well! Only PROCESSES that are running with a percentage number are TASKMGR.EXE(40%) and EXPLORER.EXE(60%).Does this "TYPICALLY" indicate a virus/spyware? Let me know guys/girls.THANK YOU
I wanted to give you all some updated information. I went into SAFE MODE and the CPU USAGE is 100% as well! Only PROCESSES that are running with a percentage number are TASKMGR.EXE(40%) and EXPLORER.EXE(60%).Does this "TYPICALLY" indicate a virus/spyware? Let me know guys/girls.THANK YOU
i think your explorer process is corrupt, i have seen it some times when you install and uninstall it, that windows does something, and the process get all the procesor available to "work" on something that doesnt exist anymore.
I really have bad news for you, but i think it might be better for you to reinstall the windows OS.
I really have bad news for you, but i think it might be better for you to reinstall the windows OS.
ASKER
Sorry everyone, was out of town for over a week! Here is an update of what i've done.
I've tried ALL of the things you all suggested with no luck.CPU usage is still at 100%!?Please
keep in mind that Procmon and Process Explorer did not show any unusual processes running
and EXPLORER.EXE and SVCHOST.EXE are the only ones with double-digit percentages.
Could it be that it's OK that it's running at 100%?It doesnt APPEAR to running slow or locking up.
Reminder:
Motion Computing LS800 Tablet pc
Windows XP Tablet Edition 2005 SP3
1GB RAM / 60GB HDD - 30GB FREE
AVG Network Edition
Tablet has been scanned and it is clean(avg, malwarebytes, advanced system care)
Original USER PROFILE was DELETED after running FILES AND SETTINGS TRANSFER WIZARD.
NEW USER PROFILE was created and FSTW brought back.
Any other help would be appreciated.THANKS!
I've tried ALL of the things you all suggested with no luck.CPU usage is still at 100%!?Please
keep in mind that Procmon and Process Explorer did not show any unusual processes running
and EXPLORER.EXE and SVCHOST.EXE are the only ones with double-digit percentages.
Could it be that it's OK that it's running at 100%?It doesnt APPEAR to running slow or locking up.
Reminder:
Motion Computing LS800 Tablet pc
Windows XP Tablet Edition 2005 SP3
1GB RAM / 60GB HDD - 30GB FREE
AVG Network Edition
Tablet has been scanned and it is clean(avg, malwarebytes, advanced system care)
Original USER PROFILE was DELETED after running FILES AND SETTINGS TRANSFER WIZARD.
NEW USER PROFILE was created and FSTW brought back.
Any other help would be appreciated.THANKS!
ASKER
Some more information that's interesting:
100% cpu usage when booted normally to user profile.
"NORMAL" cpu usage when booted normally to ADMINISTRATOR profile.
100% cpu usage when booted to user profile in SAFE MODE!?
"NORMAL" cpu usage in ADMINISTRATOR profile in safe mode.
***when i say "normal" for cpu usage i mean that it fluctuates depending on what's going on
for example: 50%, then it will go to 7%, etc..***
***when i say normal for the profile, i mean STANDARD BOOTUP TO DESKTOP***
***when i say "user" it's really the name of the user profile(GEORGE)***
*BASICALLY, WHEN I BOOT TO THE THE USER PROFILE IN EITHER NORMAL BOOT OR SAFE MODE
THE CPU USAGE IS 100% BUT WHEN I BOOT USING THE ADMINISTRATOR PROFILE IN EITHER MODE
THE CPU RUNS "NORMAL"
100% cpu usage when booted normally to user profile.
"NORMAL" cpu usage when booted normally to ADMINISTRATOR profile.
100% cpu usage when booted to user profile in SAFE MODE!?
"NORMAL" cpu usage in ADMINISTRATOR profile in safe mode.
***when i say "normal" for cpu usage i mean that it fluctuates depending on what's going on
for example: 50%, then it will go to 7%, etc..***
***when i say normal for the profile, i mean STANDARD BOOTUP TO DESKTOP***
***when i say "user" it's really the name of the user profile(GEORGE)***
*BASICALLY, WHEN I BOOT TO THE THE USER PROFILE IN EITHER NORMAL BOOT OR SAFE MODE
THE CPU USAGE IS 100% BUT WHEN I BOOT USING THE ADMINISTRATOR PROFILE IN EITHER MODE
THE CPU RUNS "NORMAL"
Question... us there a network printer installed, and how is it installed. Is it installed for both the administrator and the normal user in the same way.
I have frequently found network printers slow browsing (eg in MS office applications looking for a file to open or to set a path to save a file), and the problem can be intermittent, and bring the machine to a halt when it occurs. Try removing network printers. If that helps, try reinstalling as a local printer using and IP address port so you can still print across the network.
I have frequently found network printers slow browsing (eg in MS office applications looking for a file to open or to set a path to save a file), and the problem can be intermittent, and bring the machine to a halt when it occurs. Try removing network printers. If that helps, try reinstalling as a local printer using and IP address port so you can still print across the network.
it sure sounds like the george profile has some software running at startup which is running amok
compare what starts from administrator with what starts from george:
c:\docume~1\george\startm~
with
c:\docume~1\administrator\
regedit as george > hkey current user > software > microsoft > windows > current version > run
with
regedit as administrator > hkey current user > software > microsoft > windows > current version > run
or run hijackthis and post a log
compare what starts from administrator with what starts from george:
c:\docume~1\george\startm~
with
c:\docume~1\administrator\
regedit as george > hkey current user > software > microsoft > windows > current version > run
with
regedit as administrator > hkey current user > software > microsoft > windows > current version > run
or run hijackthis and post a log
ASKER
HELPNET - there are over a dozen printers that he uses at his practice and two hospitals(the user is a doctor).In BOTH profiles the printers are setup the same.
BRYON - Here is an attached Hijackthis file my friend.Hope you guys can make something out of it! Thanks..
dr-george.txt
BRYON - Here is an attached Hijackthis file my friend.Hope you guys can make something out of it! Thanks..
dr-george.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey BRYON-
Thanks for response.Unfortunately my friend, it did not work! None of those of entries
were needed by doc and i fixed them in HiJackThis and also did LSPFIX(we've used this before
and its a nice tool for those LSP layer problems) but outcome still same.100percent cpu usage.
We dont have MS WINDOWS XP TABLET EDITION cd's so we cant do repair install but i wonder if THAT would even solve it huh? Sounds like COMPLETE REDO sound in order yeah? I'm gonna try a CLEAN USER PROFILE CREATION and see what happens as did new user profile i created was with FILES SETTINGS coming over.Let me know if you have any other things i can try.THANKS!!
Thanks for response.Unfortunately my friend, it did not work! None of those of entries
were needed by doc and i fixed them in HiJackThis and also did LSPFIX(we've used this before
and its a nice tool for those LSP layer problems) but outcome still same.100percent cpu usage.
We dont have MS WINDOWS XP TABLET EDITION cd's so we cant do repair install but i wonder if THAT would even solve it huh? Sounds like COMPLETE REDO sound in order yeah? I'm gonna try a CLEAN USER PROFILE CREATION and see what happens as did new user profile i created was with FILES SETTINGS coming over.Let me know if you have any other things i can try.THANKS!!
ASKER
Well everyone, thank you all for your responses.It really sucks that i couldn't figure out EXACTLY what was wrong but i created a totally new user profile(WITHOUT bringing what came in FILES SETTINGS TRANSFER WIZARD)and just copied DESKTOP icons over from old profile and now the cpu usage is 'NORMAL'.It will dip into 100% but go back down after that particular process finishes.In the other profile it would not change from 100% even though nothing is running except the AVG antivirus. The interesting part is the tablet SEEMS to run "ok" when this condition existed!? It would run "SLOW" at times but nothing major.
The other strange-ness : 100% CPU USAGE in SAFE MODE under the original profile only but not in ADMINISTRATOR or a newly created USER!
Anyways, i have stuff from all of you i can try in the future!
I'm not going to award the points to myself.
THANKS AGAIN..
The other strange-ness : 100% CPU USAGE in SAFE MODE under the original profile only but not in ADMINISTRATOR or a newly created USER!
Anyways, i have stuff from all of you i can try in the future!
I'm not going to award the points to myself.
THANKS AGAIN..
ASKER
These steps all HELPED in troubleshooting but not a PARTICULAR one step solved issue.
Let me know here, i'll guide you through.