CPU Usage total NOT 100%

[Richard H]

I am running Windows XP SP2 and have noticed that the Windows Task Manager
seems to be broken; in the list of processes, the total is usually (but not
always) 100%. However, the System Idle Process + CPU Usage listed in the
grey line at the bototm usually total more than 100%. For example, they are
showing 99% and 8% at the moment.

I have searched deeply, but cannot find the problem. Hopefully someone can
help I have downloaded the WindowsXP--SupportTools(KB838079), but pinfo
does not give any extra information. .The tools I have used so far are:
netstat -ano
tasklist
tasklist /svc
pinfo
pstat

Any ideas as to what I should do net? I have used a network sniffer and do
not appear to be spamming anybody, but I am receiving a lot of communication
attempts by assorted machines at dialog.net.pl

Here is the output from pinfo
Memory: 523704K Avail: 197068K PageFlts: 993 InRam Kernel: 1784K
P:23632K
Commit: 251036K/ 196364K Limit:1279044K Peak: 428628K Pool N:12440K
P:23908K

Mem Mem Page Flts Commit Usage Pri Hnd Thd Image
CPU CpuTime Usage Diff Faults Diff Charge NonP Page Cnt Cnt Name

79488 -8 2471844 432 File
Cache
92 5:41:49 16 0 0 0 0 0 0 0 0 1 Idle
Process
0 0:01:13 216 0 6829 0 36 0 0 8 410 50 System
0 0:00:00 372 0 215 0 172 0 4 11 19 3 smss.exe
0 0:00:51 5000 0 26763 0 1852 4 23 13 446 11 csrss.exe
0 0:00:24 2808 0 18100 0 8064 8 51 13 578 20
winlogon.exe
0 0:00:06 4156 0 1555 0 2052 4 30 9 274 15
services.exe
0 0:00:07 592 0 17504 0 3692 6 35 9 347 18 lsass.exe
0 0:00:00 3708 0 1148 0 1444 3 33 8 132 5
svchost.exe
0 0:00:01 4140 0 1334 0 1776 12 33 8 279 10
svchost.exe
0 0:00:44 25056 0 38508 0 15128 17 79 8 1497 58
svchost.exe
0 0:00:00 3260 0 1976 0 1280 4 28 8 89 5
svchost.exe
0 0:00:00 4748 0 1922 0 3160 4 37 8 124 11
spoolsv.exe
0 0:00:00 3416 0 937 0 1244 2 32 8 103 4
svchost.exe
0 0:01:05 13840 0 1957945 288 10444 39 45 8 498 20
kpf4ss.exe
0 0:00:00 2652 0 4278 0 640 2 19 8 58 3
nvsvc32.exe
0 0:00:03 8636 0 212955 87 5524 5 35 8 172 7
Service.exe
0 0:00:12 5644 0 121959 0 2396 174 32 8 82 5
kpf4gui.exe
0 0:00:00 3480 0 950 0 1160 4 32 8 102 5 alg.exe
1 0:01:25 28280 0 64608 41 16468 14 88 8 564 12
explorer.exe
0 0:01:07 21056 0 27927 0 13080 10 61 8 316 9
kpf4gui.exe
0 0:00:05 5176 0 1443 0 1616 3 34 8 73 1
Apoint.exe
0 0:00:01 3452 0 62466 80 2092 3 30 8 69 3
pctspk.exe
0 0:00:01 18252 0 5156 0 14576 3 37 8 62 4
ClamTray.exe
0 0:00:00 6684 0 2514 0 4212 4 43 8 189 3
SiteAdv.exe
0 0:00:00 3224 0 926 0 880 2 30 8 68 1
ctfmon.exe
0 0:00:00 2264 0 606 0 600 1 27 8 29 1
PAGEANT.EXE
0 0:00:09 1996 0 560 0 496 1 17 8 37 2
ApntEx.exe
0 0:00:00 1484 0 409 0 444 1 18 8 17 1
soffice.exe
0 0:00:00 15776 0 4211 0 5240 6 69 8 142 5
soffice.bin
0 0:00:15 21028 0 8045 0 11540 7 67 8 372 8
helpctr.exe
0 0:00:00 2676 0 722 0 2004 2 30 8 31 1 cmd.exe
0 0:00:00 2844 0 822 0 2040 2 30 8 30 1 cmd.exe
0 0:00:03 2136 0 1888 0 1492 3 33 13 66 3
taskmgr.exe
0 0:00:25 44904 0 99848 0 35308 9 56 8 347 12
firefox.exe
0 0:00:01 3636 0 1004 0 1084 2 31 8 46 1
notepad.exe
0 0:00:08 23608 0 9066 0 12968 9 70 8 349 8 msimn.exe
4 0:01:15 12780 0 23906 65 9772 5 40 8 136 6
NetPryer.exe
0 0:00:00 884 0 230 0 388 0 7 13 7 1 pmon.exe

and tasklist /svc /fi "imagename eq svchost.exe"
Image Name PID Services
========================= ======
=============================================
svchost.exe 852 DcomLaunch
svchost.exe 912 RpcSs
svchost.exe 948 AudioSrv, CryptSvc, Dhcp, ERSvc,
EventSystem, helpsvc, lanmanworkstation,
Netman, Nla, RasMan, Schedule, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv, WZCSVC
svchost.exe 1008 Dnscache
svchost.exe 1296 WebClient

 

[Guest]

I am running Windows XP SP2 and have noticed that the Windows Task Manager
seems to be broken; in the list of processes, the total is usually (but not
always) 100%. However, the System Idle Process + CPU Usage listed in the
grey line at the bototm usually total more than 100%. For example, they are
showing 99% and 8% at the moment.

I have searched deeply, but cannot find the problem. Hopefully someone can
help I have downloaded the WindowsXP--SupportTools(KB838079), but pinfo
does not give any extra information. .The tools I have used so far are:
netstat -ano
tasklist
tasklist /svc
pinfo
pstat

Any ideas as to what I should do net? I have used a network sniffer and do
not appear to be spamming anybody, but I am receiving a lot of communication
attempts by assorted machines at dialog.net.pl

Here is the output from pinfo
Memory: 523704K Avail: 197068K PageFlts: 993 InRam Kernel: 1784K
P:23632K
Commit: 251036K/ 196364K Limit:1279044K Peak: 428628K Pool N:12440K
P:23908K

Mem Mem Page Flts Commit Usage Pri Hnd Thd Image
CPU CpuTime Usage Diff Faults Diff Charge NonP Page Cnt Cnt Name

79488 -8 2471844 432 File
Cache
92 5:41:49 16 0 0 0 0 0 0 0 0 1 Idle
Process
0 0:01:13 216 0 6829 0 36 0 0 8 410 50 System
0 0:00:00 372 0 215 0 172 0 4 11 19 3 smss.exe
0 0:00:51 5000 0 26763 0 1852 4 23 13 446 11 csrss.exe
0 0:00:24 2808 0 18100 0 8064 8 51 13 578 20
winlogon.exe
0 0:00:06 4156 0 1555 0 2052 4 30 9 274 15
services.exe
0 0:00:07 592 0 17504 0 3692 6 35 9 347 18 lsass.exe
0 0:00:00 3708 0 1148 0 1444 3 33 8 132 5
svchost.exe
0 0:00:01 4140 0 1334 0 1776 12 33 8 279 10
svchost.exe
0 0:00:44 25056 0 38508 0 15128 17 79 8 1497 58
svchost.exe
0 0:00:00 3260 0 1976 0 1280 4 28 8 89 5
svchost.exe
0 0:00:00 4748 0 1922 0 3160 4 37 8 124 11
spoolsv.exe
0 0:00:00 3416 0 937 0 1244 2 32 8 103 4
svchost.exe
0 0:01:05 13840 0 1957945 288 10444 39 45 8 498 20
kpf4ss.exe
0 0:00:00 2652 0 4278 0 640 2 19 8 58 3
nvsvc32.exe
0 0:00:03 8636 0 212955 87 5524 5 35 8 172 7
Service.exe
0 0:00:12 5644 0 121959 0 2396 174 32 8 82 5
kpf4gui.exe
0 0:00:00 3480 0 950 0 1160 4 32 8 102 5 alg.exe
1 0:01:25 28280 0 64608 41 16468 14 88 8 564 12
explorer.exe
0 0:01:07 21056 0 27927 0 13080 10 61 8 316 9
kpf4gui.exe
0 0:00:05 5176 0 1443 0 1616 3 34 8 73 1
Apoint.exe
0 0:00:01 3452 0 62466 80 2092 3 30 8 69 3
pctspk.exe
0 0:00:01 18252 0 5156 0 14576 3 37 8 62 4
ClamTray.exe
0 0:00:00 6684 0 2514 0 4212 4 43 8 189 3
SiteAdv.exe
0 0:00:00 3224 0 926 0 880 2 30 8 68 1
ctfmon.exe
0 0:00:00 2264 0 606 0 600 1 27 8 29 1
PAGEANT.EXE
0 0:00:09 1996 0 560 0 496 1 17 8 37 2
ApntEx.exe
0 0:00:00 1484 0 409 0 444 1 18 8 17 1
soffice.exe
0 0:00:00 15776 0 4211 0 5240 6 69 8 142 5
soffice.bin
0 0:00:15 21028 0 8045 0 11540 7 67 8 372 8
helpctr.exe
0 0:00:00 2676 0 722 0 2004 2 30 8 31 1 cmd.exe
0 0:00:00 2844 0 822 0 2040 2 30 8 30 1 cmd.exe
0 0:00:03 2136 0 1888 0 1492 3 33 13 66 3
taskmgr.exe
0 0:00:25 44904 0 99848 0 35308 9 56 8 347 12
firefox.exe
0 0:00:01 3636 0 1004 0 1084 2 31 8 46 1
notepad.exe
0 0:00:08 23608 0 9066 0 12968 9 70 8 349 8 msimn.exe
4 0:01:15 12780 0 23906 65 9772 5 40 8 136 6
NetPryer.exe
0 0:00:00 884 0 230 0 388 0 7 13 7 1 pmon.exe

and tasklist /svc /fi "imagename eq svchost.exe"
Image Name PID Services
========================= ======
=============================================
svchost.exe 852 DcomLaunch
svchost.exe 912 RpcSs
svchost.exe 948 AudioSrv, CryptSvc, Dhcp, ERSvc,
EventSystem, helpsvc, lanmanworkstation,
Netman, Nla, RasMan, Schedule, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv, WZCSVC
svchost.exe 1008 Dnscache
svchost.exe 1296 WebClient

Did you scan for Viruses and Malwares on your computer from another vendor
like these but not limited:
http://www.pandasecurity.com
http://www.sophos.com
http://www.avast.com
http://www.trendmicro.com

and for malwares software:
http://www.lavasoft.com
http://www.safer-networking.org

These machines pre-mentioned from that ISP can make unsolicited connection
and may controlling your machine remotely and they drop packets and make
your machine as their next hub (all that a theory yet to be true?).
What your ISP name is it the above, sometimes the trace can show you hoops
and points where your ISP reside or your ISP server traffics can go through
and sometimes a Random Hits from other servers and machines (good or bad).
I notice you have Keiro Firewall what Anti-virus you have installed?.
HTH.
Regards,
nass

 

[Zilbandy]

I am running Windows XP SP2 and have noticed that the Windows Task Manager
seems to be broken; in the list of processes, the total is usually (but not
always) 100%. However, the System Idle Process + CPU Usage listed in the
grey line at the bototm usually total more than 100%. For example, they are
showing 99% and 8% at the moment.

The processor is always doing something and the task manager is
updated over some time interval. In reality, the cpu usage at any time
can't be more than 100%. But, the task manager can't measure
everything at exactly the same time. So, one process when it was
measured may be using 50% and a second process might say it's using
55%. In reality, when the second process was measured, the first
process has actually dropped to well below 50%, but that won't be
reflected until the next task manager display update.

 

[Ken Blake, MVP]

The processor is always doing something and the task manager is
updated over some time interval. In reality, the cpu usage at any time
can't be more than 100%. But, the task manager can't measure
everything at exactly the same time. So, one process when it was
measured may be using 50% and a second process might say it's using
55%. In reality, when the second process was measured, the first
process has actually dropped to well below 50%, but that won't be
reflected until the next task manager display update.

Good post. Well and clearly explained!

 

[Guest]

I was getting hit by various around new year & complained to ISP who said
that it was normal which is not true. It has dropped off since. You can hit
back: The following ping will loop until you close command prompt.

ping nnn.nnn.nnn.nnn -t -l1000 -f

 

[Richard H]

I was running AVG Free 7.5, but am now running ClamAV (WinClam) as AVG had
missed 67 viruses. All of these viruses were in my spam folder (and hence
unopened) except for one which was in an old (unused) WinXP installation.
Clamwin found the following virii on my computer:

Exploit.IFrame.Gen
HTML.Phishing.Pay-110
Trojan.Dropper.JS.Zerolin-6
Trojan.Spy.DeskAd-2 <<-- This was in retired installation
Worm.Gibe.F-1

No spyware was found by either Hijack This nor Lavasoft

 

[Richard H]

Surely the kernel records amount of time (number of ticks) that each process
is running and then divides this by total time to record percentage? At
least that is the way I did it when writing operating systems many years
ago.

Total time (slice) = 100%
Each process consumes a proportion of this slice.

It is possible (with rounding errors) to get more than 100%, but this is not
a constant. Also, this does not explain why the error is there when
connected to thye internet, and not when disconnected.

 

[Guest]

Hi Richard,
Well try to scan again from another vendor like Trendmicro or sophos by
runing a scan on line to be sure thee are any left behind script files that
can recreate the troj again.

Delete or find out any zip (Tar) files and see what they belonhg to or
delete them from your system, places to look at C:\, C:\Winmdows,
C:\Windows\System32.

Also in the registry:
HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Run = look in the right
pane for the running processes and remove the bad entry by the Troj.
HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run = the same here on
this Key.

After all clean try to locate the Bad HTML meessage been sent to you
containing this Worm/Troj and delete from your Folder and the Server.

Try to run Repait/Reinstall for the Operating system or the command sfc
/scannow to repair any corrupt/damaged files/folder belong to the system core.
HTH.
Regards,
nass