Sponsor for PC Pals Forum

Author Topic: CPU usage 100%  (Read 3392 times)

Offline geordie77

  • New Member
  • *
  • Posts: 8
CPU usage 100%
« on: March 27, 2004, 16:50 »
Hi

I need help.  2 weeks ago I touched in inside of my pc when it was turned on.  The pc switched off straight away.  I took it to a shop and when i got it back they said i had only blown the power pack so they replaced it.  Now though my pc does not work properly it is really slow and the CPU is nearly always at 100% usage. I mainly only run emule for downloading and also browse the internet.  This is all my computer gets used for but last 2 weeks it has been a nightmare.  My basic spec is P4 2.5ghz, 512ddr ram, 2x120 gig hard drives, dvd writer, cd writer.

I run windows XP home edition and the windows task manager shows most of the CPU is the SVHOST about 70% and the system 30%

I would really appreciate any help. Thanks in advance.

Edit:  Clive has removed e-mail address for security reasons.

Offline Serenity

  • Loyal Member
  • *****
  • Posts: 4386
Re:CPU usage 100%
« Reply #1 on: March 27, 2004, 16:52 »
Hi Geordie77  :welcome:

We have great "techies" on this forum  but there are'nt anyof them around at the moment, hang on in there, someone should be around soon and hopefully help with your problem  :)

Offline Clive

  • Administrator
  • *****
  • Posts: 75152
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Re:CPU usage 100%
« Reply #2 on: March 27, 2004, 16:56 »
Hi Geordie and  :welcome:

I suspect that you have picked up some sort of trojan which is using your computer for its own purposes.  It might be a good idea to download and run Ad-Aware which will detect these type of things and remove them.  I am assuming that you have already checked for viruses?  Please let us know how you get on.

Offline geordie77

  • New Member
  • *
  • Posts: 8
Re:CPU usage 100%
« Reply #3 on: March 27, 2004, 17:30 »
Hi

Downloaded ad-aware 6.0 and it removed 31 items but still 100% cpu usage   svchost 100%.  If i end task box comes up and a timer counts down from 60 and closes computer.  Tried running my AVG to check for viruses and it's all clear

Offline Clive

  • Administrator
  • *****
  • Posts: 75152
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Re:CPU usage 100%
« Reply #4 on: March 27, 2004, 17:46 »
I'm afraid that you will have to wait until one of our techies come online then Andy.  One thing I can suggest is that you run Ad-Aware in Safe Mode and turn off system restore.  But don't forget to turn it back on again afterwards!  You could also run your virus checker in Safe Mode and system restore disabled at the same time.  The reason for this is that some trojans and viruses are very hard to get rid of as they use system restore to reinstall themselves.  Make sure also that you have downloaded all the latest updates for Ad-Aware and your virus checker.  

I'm sorry we are a bit thin on the ground as far as techies are concerned today but they will be back tomorrow evening.

Online Simon

  • Administrator
  • *****
  • Posts: 77921
  • First to score 7/7 in Quiz of The Week's News 2017
Re:CPU usage 100%
« Reply #5 on: March 27, 2004, 18:57 »
You could also download and run Spybot, which is similar to Ad Aware, but sometimes finds different things.  Don't forget to check for updates before you run these programs, as they are next to useless without the latest definitions.

If you're still having problems after that, you might like to download and run Hijack This, which gives a list of running programs.  If you post the list on here (copy log to notepad), one of our techies will have a look and may be able to spot something for you.  


Oh, and  
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline geordie77

  • New Member
  • *
  • Posts: 8
Re:CPU usage 100%
« Reply #6 on: March 27, 2004, 19:14 »
thanks to everyone who is trying to help me

Logfile of HijackThis v1.97.7
Scan saved at 19:14:01, on 27/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
G:\PROGRA~1\Grisoft\AVG7\avgcc.exe
G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\Mixer.exe
G:\WINDOWS\System32\RUNDLL32.EXE
G:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
G:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
G:\WINDOWS\System32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
G:\Program Files\blueyonder IST\bin\mpbtn.exe
G:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
G:\WINDOWS\System32\hpoipm07.exe
G:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
G:\WINDOWS\System32\explore.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\wuauclt.exe
C:\eMule\emule.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\andrew\hijackthis\HijackThis.exe
G:\WINDOWS\System32\msiexec.exe
G:\WINDOWS\System32\MsiExec.exe
G:\WINDOWS\System32\MsiExec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35A08068-A303-6C98-485F-067C480C31A5} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [siService.exe] "G:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] G:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Monitor] explore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Monitor] explore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: blueyonder Instant Support Tool.lnk = G:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = G:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38066.4566666667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Online Simon

  • Administrator
  • *****
  • Posts: 77921
  • First to score 7/7 in Quiz of The Week's News 2017
Re:CPU usage 100%
« Reply #7 on: March 27, 2004, 20:12 »
Hmmm... no expert, me, but you do seem to have one or two toolbars running, which often contain spyware.  try getting rid of that Omega Searchbar, and see if that helps.  Also, no guarantees, but this one (below) could be suspicious, as we had this appear with someone else recently, and removing it helped, but that one was slightly different as yours has no file name.  the other one was a randomly generated .dll file, so not sure about that.
Quote
O2 - BHO: (no name) - {35A08068-A303-6C98-485F-067C480C31A5} - (no file)


Dack is our Hijack This expert, so hopefully he might shed a bit more light on things later on.

Oh, just one more thing, do you have e-mule running in the background?  Try closing it and see if that helps.  I use Limewire Pro, and WinMX, and I have occasionally noticed them drawing on resources, as  can Messenger, if it feels like it.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Re:CPU usage 100%
« Reply #8 on: March 27, 2004, 22:09 »

 If i end task box comes up and a timer counts down from 60 and closes computer.


Isnt that what the msblast worm used to do ?

See here for removal :

http://support.microsoft.com/default.aspx?scid=kb;en-us;833330

Offline Clive

  • Administrator
  • *****
  • Posts: 75152
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Re:CPU usage 100%
« Reply #9 on: March 27, 2004, 22:34 »
Our old friend MSBlast again!  Well spotted Sandra.  Make sure you keep your patches up to date.

Online Simon

  • Administrator
  • *****
  • Posts: 77921
  • First to score 7/7 in Quiz of The Week's News 2017
Re:CPU usage 100%
« Reply #10 on: March 27, 2004, 23:18 »
If it's MSBlast, why didn't it show in his Hijack This list?   ???
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline geordie77

  • New Member
  • *
  • Posts: 8
Re:CPU usage 100%
« Reply #11 on: March 27, 2004, 23:37 »
I always update my xp and also when I first started getting this problem with the timer I ran various virus checkers and they removed some stuff but this seems to be hard to find.

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Re:CPU usage 100%
« Reply #12 on: March 28, 2004, 00:05 »
Its maybe because it does remove it but if system restore isnt off then it can reload itself again  ???

Offline geordie77

  • New Member
  • *
  • Posts: 8
Re:CPU usage 100%
« Reply #13 on: March 31, 2004, 20:17 »
Thanks to everyone who is trying to help me but totally stuck.

Nothing seems to be working out so i thought i would start from scratch.  Formatted both hard drives and started again but is no better.
1. I get a blue screen each night stating "A problem has been detected and windows has been shut down to prevent damage to your computer.  Multiple IRP complete request
***stop: 0X00000044C(0X81CEB2C8,0,00000D60,0,00000000,0X000000000

then a counter counts down closes my computer and as it tries to re boot i get a message saying "Error loading operating system"
I then have to turn off computer and then back on.  This always happens if i restart the computer.  I always have to just shut the computer down totally then turn it back on.

2. I also keep getting a box up which counts down from 60 and states "Remote procedure call (RPC) service terminated unexepectedly" then restarts computer then i get the error loading operating system.  Also once i have had this up i cannot use microsoft outlook without shutting down the computer and restarting it as i get "The operation failed" when i try to get my new emails.

I now have on a checking my computer AVG antivirus, VCOM antivirus, Ad Aware, Spybot, XP firewall and did have Zone Alarm but was conflicting.

Any ideas?

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Re:CPU usage 100%
« Reply #14 on: March 31, 2004, 20:28 »
It definately sounds like the msblaster worm, did you get and run the removal tool in safe mode with sytem restore off and then apply the patch to prevent reinfection  ???


Show unread posts since last visit.
Sponsor for PC Pals Forum