CPU running at 100%

[the K]

My CPU sometimes runs at 100% even after closing all programs. I've run both
ESET virus scanner and Windows Defender and neither found any spyware or
viruses. Looking at the Process Monitor application, there a lot of read file
and registry transactions generated by Winlogon.exe and lsass.exe. The
Winlogon entries look suspicious because they are accessing files with names
like tmghlmrb.dat and jaccaqad.dat. However, I checked the file's properties
and it looks like a legit file from Microsoft.

Can anyone diagnose this problem?

 

[Gerry]

The problem could well be malware. An anti-virus programme will not
detect malware and Windows Defender is not a strong player.

I suggest you download and run Spybot S & D (freeware version). There
is a freeware version buried in this link:
http://www.safer-networking.org/en/spybotsd/index.html

This programmes is getting good results -Malwarebytes' Anti-Malware
1.32 -freeware (if you upgrade you pay).
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Run Malwarebytes' in safe mode and turn off ESET before you do to avoid
a conflict. Disregard the invitation on the web site regarding the
Regostry Optimiser -a Registry Optimiser is not a helpful utitity.

Process Monitor is not so easy to use as it provides so much data.
Another utility to monitor CPU activity is Process Explorer.
Download Process Explorer (freeware).
For further information about Process Explorer see here:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx



--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Randem]

Check in Task Manager in Processes then sort on CPU by clicking on CPU
heading twice to see what process are taking up CPU cycles. If you have
Windows Search 4.0 it will hog CPU cycles and I would uninstall it.

Report back on your CPU cycle load numbers...

 

[Patrick Keenan]

My CPU sometimes runs at 100% even after closing all programs. I've run
both
ESET virus scanner and Windows Defender and neither found any spyware or
viruses. Looking at the Process Monitor application, there a lot of read
file
and registry transactions generated by Winlogon.exe and lsass.exe. The
Winlogon entries look suspicious because they are accessing files with
names
like tmghlmrb.dat and jaccaqad.dat. However, I checked the file's
properties
and it looks like a legit file from Microsoft.

Not to me they don't. They look completely bogus. Generated, random
names like that are a giveaway.

Can anyone diagnose this problem?

Yes. Your system is infected.

Attach the drive to another system and scan with up-to-date antivirus, after
locating and deleting the contents of all temp and temporary internet files
folders. Create a folder for tools, and download HijackThis to it.

Once the scan is done, move the drive back, do not connect to the network.
Run HijackThis, and remove undesired entries and files. This does require
some knowledge. Once that's done, reconnect to the network and run
HijackThis again. Some malware requires a network connection to launch,
and so it's harder to detect when there isn't one.

Run msconfig and carefully examine the startup entries. This will give you
strong clues as to where the malware launchers are located.

You will also need to uninstall and reinstall your antivirus program,
because it's been compromised. You may want to switch to something else
for a while.

HTH
-pk

 

[Gerry]

K

An addendum. In Google the file names you mention appear nowhere other
than your post. Whilst this is not conclusive it strongly suggests they
are part of a malware infestation.

This thread is being carried by a web site "www.pcreview.co.uk/forums".
Certain words, which appear in the the original, are highlighted in blue
e.g. "safe mode" and link to another page. These are unauthorised
alterations to my post and in no way do I wish to be associated with
what is said in the links.

The links I included in my post which were included in the original are:
http://www.safer-networking.org/en/spybotsd/index.html
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

To read a correct copy of my post you should read what is posted on:
microsoft.public.windowsxp.general


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Randem

The posts to this thread are appearing in a modified form on this site:
http://www.pcreview.co.uk/forums/thread-3711882.php
http://www.pcreview.co.uk/copyright.php

I have looked for a way to complain about unauthorised alterations but
it would seem you need to register to do so.


--



Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Gerry]

Patrick

The posts to this thread are appearing in a modified form on this site:
http://www.pcreview.co.uk/forums/thread-3711882.php
http://www.pcreview.co.uk/copyright.php

I have looked for a way to complain about unauthorised alterations but
it would seem you need to register to do so.


--



Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~