HIGH CPU Usage ???

[Katmandu]

I have an system running XP Pro, AMD XP1800+ w/512MB Ram. It was built on a
refreshly (< 2 weeks) formatted 80GB HD.

I'm having a very difficult time with this system since it is continually
running a 100% CPU utilization. I've installed and scanned using AGV and
Ad-Ware to NO avail.

I'm behind Windows Firewall and a router as well.

I've tried locating the culprit using Task Mgr and that will NO show what
program is causing this.

I'm suspecting a virus/trojan at this point, but the system is very fresh
and HAS been protected via AVG from the get go.

Where do I go from here ?


TIA!!

 

[JS]

You need to find the specific sub-process or application that's taking all
the CPU resources and slowing down your PC.

To do this try Process Explorer:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

Once you have Process Explorer installed and running:
In the taskbar select View and check 'Show Process Tree' and 'Show Lower
Pane' options.
Then expand the process named 'Explorer' (click on the + sign)
In the column on the left named 'CPU', look for any high CPU usage.
Next click on the CPU column to sort the processes by %CPU usage (Highest to
Lowest).
Then click on the process that's using most or all the CPU % the highlight
it,
Now that it's highlighted, right click and from the options listed select:
Search Online
This should display what out there on the web about that process.
You can also double click on any process to open up a more detailed
'Properties' window.

Note: some entries like Explorer and System/Services may need to be expanded
to show the detail,
(sub processes), in this case click on the + located to the left of the
entry.

JS

 

[Katmandu]

Ok. I'll download PE and see what I get.

In the meantime, here's the latest HiJackThis Log from the PC.

Anyone see the culprit in here ????



--------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:23:23 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSNBC -
MSNBC - Breaking World and US News Stories & Headlines - Get the Latest
Business, Health, Entertainment, Sports, & Technology updates from around
the world Front Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live
Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: MSI -- MICRO-STAR INT'L CO.,LTD.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -
http://liveupdate.msi.com.tw/autobio...ne/install.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program
Files\Speed Disk\nopdb.exe

 

[Katmandu]

You need to find the specific sub-process or application that's taking all

the CPU resources and slowing down your PC.

To do this try Process Explorer:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

OK, I've done this and discovered under the System Idle Process....

- INTERRUPTS are running around 60%
and
- DPCs are running around................40%

 

[JS]

Found this info:
An interrupt storm that is generated by the ACPI driver
http://support.microsoft.com/kb/834631/en-us

Also if you have a NVIDIA 6800 card there is a known issue (6800 DPC Storm).
Some have had success by uninstalling there existing video drivers and then
installing the latest drivers from NVIDIA.
Note that the un-install is required to totally remove the old drivers!

JS

 

[Kayman]

In the meantime, here's the latest HiJackThis Log from the PC.

Anyone see the culprit in here ????

You should not post you HJT scan log to this or any newsgroups!

BTW, your log indicates a couple of nasty applications

Download and run LATEST VERSION of HijackThis.

Once done run HJT save a scan log and post it to any of the following
(expert) fora for analysis.

Registration *is* required prior to posting a log.

(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=hijackthis)
(http://aumha.net/viewforum.php?f=30)
(http://forums.spywareinfo.com/index.php?&showforum=18)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://forum.malwareremoval.com/viewforum.php?f=11)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.techmonkeys.co.uk/forums/viewforum.php?f=8)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.spywaretimes.com/index.php?showforum=2)
(http://www.bluetack.co.uk/forums/index.php?showforum=172)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)
(http://www.malwarebytes.org/forums/index.php?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=170)
(http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29)