CPU Usage

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Afriend has a problem with a PC. The CPU Usage runs constantly at 100%.
explorer runs at 60%. This has only been happening recently.

I need help in reducing this down to a normal level to which she is able to
run basic tasks, as going to a webpage for example makes her computer restart
itself.
 
From: "Katus" <[email protected]>

| Afriend has a problem with a PC. The CPU Usage runs constantly at 100%.
| explorer runs at 60%. This has only been happening recently.
|
| I need help in reducing this down to a normal level to which she is able to
| run basic tasks, as going to a webpage for example makes her computer restart
| itself.


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
Katus

As David has suggested an attack on Spyware may alleviatethe problem but
after running Adaware and Spybot and you still have the problem you get into
more complicated areas.

When dealing with a persistent virus / trojan you need to delete system
restore points and not use them as they will contain the virus and put
it back into your system. Turn off System Restore and then turn it back
on so that you only have one restore point until cleaning is
finished. Also run your anti-virus with updated definitions in safe
mode. Sometimes you need to run an anti-virus from a floppy and Trend
offer one that can be used.

Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
just a desktop folder).
Download Sysclean.com (http://www.trendmicro.com/download/dcs.asp) and
place it in this folder.

Download the latest Controlled Pattern Release zip
(http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
extract its contents to the same folder. See the Readme text file for
additional instructions.

Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of all TEMP folders and then your Recycle Bin.

Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.

If the scan shows any infections in System Restore files and you're
running WinXP, create a new Restore Point
(Start>Programs>Accessories>System Tools>System Restore), then delete
all but the most recent Restore Point (Start>Programs>Accessories>System
Tools>Disk Cleanup>More options).

Work through the spyware removal programmes etc in turn in safe mode
until you get no results.

Afterwards, update your own anti-virus application and perform another
full system scan.

Install and run HijackThis:
Download HijackThis (Freeware)
http://tomcoyote.com/hjt/

Finally run HijackThis and post the HijackThis log to the HijackThis
forum here:
http://aumha.net/

You will need to register with Aumha to be able to post.

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
 
From: "Gerry Cornell" <[email protected]>

< snip >

|
| Create a new folder named Sysclean (e.g., C:\Program files\Sysclean, or
| just a desktop folder).
| Download Sysclean.com (http://www.trendmicro.com/download/dcs.asp) and
| place it in this folder.
|
| Download the latest Controlled Pattern Release zip
| (http://www.trendmicro.com/download/pattern.asp, e.g., lpt123.zip) and
| extract its contents to the same folder. See the Readme text file for
| additional instructions.

< snip >

The Multi AV Scanning Tool that I suggested (which I am the author of) includes the Trend
Micro Syysclean utility and three other commnad line anti virus scanners. All run behind a
user friendly front end that simplifies the downloading if the needed files and the
execution of the respective AV scanners.
 
David

I think we have visited this one before. I need to look at your simplified
procedure before I can recommend it.

--

Regards.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
From: "Gerry Cornell" <[email protected]>

| David
|
| I think we have visited this one before. I need to look at your simplified
| procedure before I can recommend it.
|

Please do so.

It is even suggested for use by a German speaking website when it is only written in
English.

http://virus-protect.net/multiavtool.html

The Multi AV Scanning Tool is also suggested for use by some MS MVPs.
Examples: Jim Byrd and Malke.
 
Thank you for those suggestions, I'll make sure she does those and I'll get
back to you
Katus
 
Ok, I'm back. I'm going to post as much as I can about whats going on

After installing your suggestions and scanning, we found nothing, yet we're
still experiencing problems.

The only thing I found was a MyWebsearch toolbar, which we removed.

The CPU Usage is very unstable on her machine. She can be running nothing at
all and her explorer.exe will have a while of calm running between 0-2%, then
will start up running at anything between 60-100%.

She uses AOL to connect to the internet and waol.exe also runs high at times
even when the system is idle but logged on. She can even be not logged on to
the internet, and just running a Norton scan and the pc will restart

In October Norton picked up on the Hacktool.rootkit which was around the
time she started experiencing these problems, but it was only occasional, it
is only this week that it is constant. We followed their instructions to
remove it, and it hasn't been detected again, yet would this be the cause?

She likes to play at pogo.com and so do I. She is now often unable to play a
lot of the games because she will play for a few minutes, then her pc will
restart. This used to be no problem at all.
anymore ideas?

Katus
 
From: "Katus" <[email protected]>

| Ok, I'm back. I'm going to post as much as I can about whats going on
|
| After installing your suggestions and scanning, we found nothing, yet we're
| still experiencing problems.
|
| The only thing I found was a MyWebsearch toolbar, which we removed.
|
| The CPU Usage is very unstable on her machine. She can be running nothing at
| all and her explorer.exe will have a while of calm running between 0-2%, then
| will start up running at anything between 60-100%.
|
| She uses AOL to connect to the internet and waol.exe also runs high at times
| even when the system is idle but logged on. She can even be not logged on to
| the internet, and just running a Norton scan and the pc will restart
|
| In October Norton picked up on the Hacktool.rootkit which was around the
| time she started experiencing these problems, but it was only occasional, it
| is only this week that it is constant. We followed their instructions to
| remove it, and it hasn't been detected again, yet would this be the cause?
|
| She likes to play at pogo.com and so do I. She is now often unable to play a
| lot of the games because she will play for a few minutes, then her pc will
| restart. This used to be no problem at all.
| anymore ideas?
|
| Katus
|

Disconnect PC from Internet.
Disable *all* Norton services.
If the PC works properly and is stable, remove Norton and install Kaspersky or NOD32 AV.
 
Sorry the last post has been amended, it doesn't restart it puts up the going
to sleep messgae and shuts down. I am trying to figure out the root of the
problem from another country, so am unable to see what is actually going on
 
New Info.

When she starts up her pc an error message comes up which says"The hardware
monitor found an error. Go to Advanced Power for details" and to press F1
for set up
 
Katus


Look in the System and Application logs in Event Viewer for Warning and
Error Reports.and post copies here.

You can access Event Viewer by selecting Start, Administrative Tools, Event
Viewer. When researching the meaning of the error, information regarding
Event ID, Source and
Description are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;enus;308427&Product=winxp

A tip for posting copies of Error Reports! Run Event Viewer and double click
on the error you want to copy. In the window, which appears is a button
resembling two pages. Double click the button and close Event Viewer. Now
start your message(email) and do a paste into the body of the message. This
will paste the info from the Event Viewer Error Report
complete with links into the message. Make sure this is the first paste
after exiting from Event Viewer.


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
Heres an error log. Hope i got this right

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/27/2005
Time: 12:44:02 AM
User: N/A
Computer: YOUR-XHTR8HVC4P
Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module
urlmon.dll, version 6.0.2900.2753, fault address 0x00039146.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 72 6c 6d 6f in urlmo
0038: 6e 2e 64 6c 6c 20 36 2e n.dll 6.
0040: 30 2e 32 39 30 30 2e 32 0.2900.2
0048: 37 35 33 20 61 74 20 6f 753 at o
0050: 66 66 73 65 74 20 30 30 ffset 00
0058: 30 33 39 31 34 36 0d 0a 039146..
 
In Internet Explorer what items are listed in Tools, Manage Add-ons?

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
I looked under the add ons currently loaded into internet explorer. Should I
look at the "have been" list too?

she has:

acroIEHlprobj class, adobe systems inc, browers helper object,
acroIEhelper.dll
aol toolbar, america onlineinc, toolbar, tollbar.dll
aol toolbar, americaonlineinc, browser extension, toolbar.dll
CNavExtBho Class, symantec corp, browser helper object, NAv Sh Ext.dll
google, google.inc, toolbar, googletoolbar2,dll
google toolbar helper, google.inc, browser helper object,
googletoolbar2.dll
HP view, Hewlett-Pacard, toolbar, hpdtlk02.dll
money slide, unverified, browser extension
money slide controls, Microsoft.corporation, browser helper object,
mnyside.dll
norton antivirus, symantec corp, toolbar, NavShExt.dll
UberButton Class, Yahoo! inc, browser helper object, yiesrvc.dll
Windows Messenger, Microsoft, Browser extension
Yahoo! services, Yahoo! inc, browser helper extension, yiesrvc.dll
yahoo Toolbar, Yahoo! inc, toolbar, yt.dll
Yahoo TaggedBM Class, yahoo! inc, browser helper object, YIeTagBM.dll

Katus
 
and what does this warning mean?

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 12/12/2005
Time: 4:28:11 PM
User: NT AUTHORITY\SYSTEM
Computer: YOUR-XHTR8HVC4P
Description:
Windows saved user YOUR-XHTR8HVC4P\Owner registry while an application or
service was still using the registry during log off. The memory used by the
user's registry has not been freed. The registry will be unloaded when it is
no longer in use.

This is often caused by services running as a user account, try configuring
the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Katus
 
Katus

I am thinking about your earlier post.

This error may most likely be disposed of with due dispatch.

Download and install the User Profile Hive Cleanup Service
Download details: User Profile Hive Cleanup Service
http://snipurl.com/5b61

UPHClean v1.5e readme.txt
http://snipurl.com/ko8m

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
She cleaned out her fanthis morning, which was full of dust. Things are
better. Her fan is quieter, the CPU Usage is lower, and she hasn't had any
problems so far today. I hope it stays that way.

Katus
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need help! Cpu usage at 100% after startup 8
syncservicesbasic.exe 1
Process being throttled every 5 minutes, why? 0
CPU Usage very high 3
CPU Usage 3
100% CPU usage 18
CPU problem 8
100% CPU usage 5

Back
Top