CPU @100%

  • Thread starter Thread starter aaleem
  • Start date Start date
A

aaleem

computer is 2.4 p4 with 512 ram running at 47c.rest of the hardware seems to
be working fine.cpu goes into 100% territory as soon i go internetting on
sbc dsl..If not on internet their is no problem works normally.i have
trolled the drives with spybot,zone alarm,norton anti virus cannot figure
out what service or program is causing it malfuntion..The page file usage
goes up steadily even though i am not using the comp,in two three days the
page file is full with 1.2gig.One program that is not on the list is
rundll.exe,can somebody solve the puzzle


ogfile of HijackThis v1.97.7
Scan saved at 1:30:07 AM, on 12/27/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\tbctray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\gearsec.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
D:\Program Files\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("0.aim.session.autologin", false);
user_pref("0.aim.session.connectionname", "AIM");
user_pref("0.aim.session.password", "0");
user_pref("0.aim.session.storepassword", false);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "0");
user_pref("aim.session.screenname", "0");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history.last_page_visited",
"http://www.chicago.il.org/smi/calendar.cfm");
user_pref("browser.search.defaultengine",
"engine://d%3A%5CProgram%20Files%5Cnetscape%5Csearchplugins%5CSBWeb_01.src")
;
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("intl.charsetmenu.mailview.cache", "DEFAULT_CHARSET, windows-1252,
ISO-8859-1")
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("0.aim.session.autologin", false);
user_pref(0.aim.session.connectionname", "AIM");
user_pref("0.aim.session.password", "0");
user_pref("0.aim.session.storepassword", false);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "0");
user_pref("aim.session.screenname", "0");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history.last_page_visited",
"http://www.chicago.il.org/smi/calendar.cfm");
user_pref("browser.search.defaultengine",
"engine://d%3A%5CProgram%20Files%5Cnetscape%5Csearchplugins%5CSBWeb_01.src")
;
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("intl.charsetmenu.mailview.cache", "DEFAULT_CHARSET, windows-1252,
ISO-8859-1")
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program
Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} -
C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {1903C33E-4CAF-40A7-A370-134799DB3541} -
C:\WINDOWS\System32\hnetmodn.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
D:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -
{601ED020-FB6C-11D3-87D8-0050DA59922B} - d:\Program Files\WS_FTP
Pro\wsbho2k0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro -
{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - D:\Program Files\Panicware\Pop-Up
Stopper Pro\popuppro.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P
NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
 
Download Adaware from http://www.lavasoftusa.com/support/download/ and use it to remove parasites.

It is normal to have a number of Svchost.exe process entries appearing in Task Manager. For the process generating the high usage how is the User described? Next whilst Task Manager is showing high usage change from the Process Tab to the Application Tab. Then select each running Application in turn, right click and select "Go to Process" and see if you can identify the application causing the high usage.

Next select Start, Administrative Tools, Services. Compare the list of services with those shown as Started and for each in turn stop the service and observe the effect. If the CPU usage in Task Manager continues or something stops working restart the service. When you have found the likely cause i.e. the CPU usage stops then post details of what you have found.


~~~~~~


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
(e-mail address removed)
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.

~~~~~~~~~~~~~~~~~~~~~~~~



aaleem said:
computer is 2.4 p4 with 512 ram running at 47c.rest of the hardware seems to
be working fine.cpu goes into 100% territory as soon i go internetting on
sbc dsl..If not on internet their is no problem works normally.i have
trolled the drives with spybot,zone alarm,norton anti virus cannot figure
out what service or program is causing it malfuntion..The page file usage
goes up steadily even though i am not using the comp,in two three days the
page file is full with 1.2gig.One program that is not on the list is
rundll.exe,can somebody solve the puzzle


ogfile of HijackThis v1.97.7
Scan saved at 1:30:07 AM, on 12/27/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\tbctray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\gearsec.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
D:\Program Files\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
about:blank
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("0.aim.session.autologin", false);
user_pref("0.aim.session.connectionname", "AIM");
user_pref("0.aim.session.password", "0");
user_pref("0.aim.session.storepassword", false);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "0");
user_pref("aim.session.screenname", "0");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history.last_page_visited",
"http://www.chicago.il.org/smi/calendar.cfm");
user_pref("browser.search.defaultengine",
"engine://d%3A%5CProgram%20Files%5Cnetscape%5Csearchplugins%5CSBWeb_01.src")
;
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("intl.charsetmenu.mailview.cache", "DEFAULT_CHARSET, windows-1252,
ISO-8859-1")
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("0.aim.session.autologin", false);
user_pref(0.aim.session.connectionname", "AIM");
user_pref("0.aim.session.password", "0");
user_pref("0.aim.session.storepassword", false);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "0");
user_pref("aim.session.screenname", "0");
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history.last_page_visited",
"http://www.chicago.il.org/smi/calendar.cfm");
user_pref("browser.search.defaultengine",
"engine://d%3A%5CProgram%20Files%5Cnetscape%5Csearchplugins%5CSBWeb_01.src")
;
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("intl.charsetmenu.mailview.cache", "DEFAULT_CHARSET, windows-1252,
ISO-8859-1")
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program
Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} -
C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {1903C33E-4CAF-40A7-A370-134799DB3541} -
C:\WINDOWS\System32\hnetmodn.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
D:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -
{601ED020-FB6C-11D3-87D8-0050DA59922B} - d:\Program Files\WS_FTP
Pro\wsbho2k0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro -
{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - D:\Program Files\Panicware\Pop-Up
Stopper Pro\popuppro.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P
NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
Click to expand...
 
Mine is just the opposite, mine is 100% after bootup( mssys.exe and svchost.exe) until I go online (dialup) then the usage is normal till I disconnect, at which time it goes back to 100% even though no other programs are running.
 
Back
Top