Uknown CPU Hog

[Guest]

I'm running XP SP2. Increasingly I find my system running with the fans
running at full (very noisy) and when I investigate with task manager the CPU
is running 100%. However, when I look at the process list, task manager does
not identify any process at running more than a couple %, and in total
they're nowhere near 100%. The system idle process only shows 1% or 2% at
most.

While task manager shows the CPU at 100% it does not account for where the
time is going. Invariably I have to restart my system to clear the problem.

I've run full virus scans with McAfee serveral times, but it doesn't find
anything.

Has anyone seen this before?

 

[JS]

You need to find the specific process or application that's taking all
the CPU resources and slowing down your PC.

To do this try Process Explorer:
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Once you have Process Explorer installed and running:
In the taskbar select View and check 'Show Process Tree' and 'Show Lower
Pane' options.
(This will provide the detailed info you need)
Next click on the CPU column to sort processes by %CPU usage.
Then click on the process that's using most or all the CPU %,
once it's highlighted, right click and from the options listed select:
google
This should display what out there on the web about that process.

Note: some entries like Explorer and svchost may need to be expanded to show
the detail,
(sub processes), in this case click on the + located to the left on the
entry.

JS

 

[Guest]

Hello,

Can't offer you a solution (yet) but just to let you know that I have the
same problem - XP SP2 - sudden inexplicable jumps to 100% CPU, often
(seemingly) triggered by menial requests (eg right-clicking for properties of
(eg) jpeg)

This is a recent development. System clean and healthy. No new applications
except auto updates from Microsoft. I am going to try a system restore and
will post results - or any other ideas I come up with.

Browsing the net, I see others are experiencing this. Fingers crossed for an
easy answer.
Regards, slig

 

[NewScience]

Have you tried sorting the list based on CPU? CLick on the CPU column
header. It's probably svchost.exe

You need to find the specific process or application that's taking all
the CPU resources and slowing down your PC.

To do this try Process Explorer:
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Once you have Process Explorer installed and running:
In the taskbar select View and check 'Show Process Tree' and 'Show Lower
Pane' options.
(This will provide the detailed info you need)
Next click on the CPU column to sort processes by %CPU usage.
Then click on the process that's using most or all the CPU %,
once it's highlighted, right click and from the options listed select:
google
This should display what out there on the web about that process.

Note: some entries like Explorer and svchost may need to be expanded to
show the detail,
(sub processes), in this case click on the + located to the left on the
entry.

JS

 

[MHPNW STAFF]

Microsoft need's to address this problem ASAP, Seems alot of people are
having this problem , and it is not resolved with system restore , or a
fresh reload. ,

I did find a Knowledge artical that cam out 10/16/ 2006 # 916089 that may
address the problem, but there are many for the svchost 100% cpu problem.

Dennis

 

[Guest]

Hi again,

Thanks for replies. Yes, you were right, Dennis, system restore did not work.

I did find a solution offered in another forum (but over two years old, so
may not apply anymore) which listed Trojan W32.DiDer as the culprit. It
(apparently) avoids detection by using the file name explorer.exe (same name
as the legitimate Windows file).

I notice in my task manager, processes, that I have two explorer.exe files
running. Is this usual? Could one of them be an impostor? How can I tell
which (if any) are fake? (I also have six svchost.exe files running!)

When PC is idle, CPU usage will stabilise at between 0% and 4% - but every
20 seconds (approx) it blips up to 80%/90%, then stabilises again.

I must say that, even though this is a worrying new development, the PC is
still working smoothly on the whole. Im grateful for my small mercies.

Will forward any info I find. Stay happy, Shouderhead

 

[Guest]

Ahh yes - good old sysinternals. OK now I'm all set to go hog hunting.

Thanks, Eric

 

[Guest]

Yes, I've tried that many times. For some reason Windows Task Manager is
unable to show what process is actually hogging all the CPU.

I'll launch Process Explorer next time the problem happens.

 

[Guest]

Yes, I've only noticed this problem in the last 6 - 12 months.

I'll keep an eye on explorer.exe but I'm pretty sure I don't ever see any
task using a lot of CPU which is the real mystery.

The part that bugs me is it causes my system fans to full and makes a lot of
noise.

So far I haven't seen the problem happen under Vista, but I don't run Vista
all that often on my system.

--
Eric Kolotyluk
Software Developer

Hi again,

Thanks for replies. Yes, you were right, Dennis, system restore did not work.

I did find a solution offered in another forum (but over two years old, so
may not apply anymore) which listed Trojan W32.DiDer as the culprit. It
(apparently) avoids detection by using the file name explorer.exe (same name
as the legitimate Windows file).

I notice in my task manager, processes, that I have two explorer.exe files
running. Is this usual? Could one of them be an impostor? How can I tell
which (if any) are fake? (I also have six svchost.exe files running!)

When PC is idle, CPU usage will stabilise at between 0% and 4% - but every
20 seconds (approx) it blips up to 80%/90%, then stabilises again.

I must say that, even though this is a worrying new development, the PC is
still working smoothly on the whole. Im grateful for my small mercies.

Will forward any info I find. Stay happy, Shouderhead

 

[Guest]

OK, I finally found the culprit - MGHTML.EXE

This is some McAfee program. Process Explorer showed it was using almost all
the CPU and I noticed it was running under my spouse's login, so I switched
users, logged her off, and the problem went away.

I'll have to keep an eye on this a see if it only happens when she logs in
or if it happens under my login as well.

Anyway, this is yet another reason I'm not too impressed with McAfee.

--
Eric Kolotyluk
Software Developer

You need to find the specific process or application that's taking all
the CPU resources and slowing down your PC.

To do this try Process Explorer:
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Once you have Process Explorer installed and running:
In the taskbar select View and check 'Show Process Tree' and 'Show Lower
Pane' options.
(This will provide the detailed info you need)
Next click on the CPU column to sort processes by %CPU usage.
Then click on the process that's using most or all the CPU %,
once it's highlighted, right click and from the options listed select:
google
This should display what out there on the web about that process.

Note: some entries like Explorer and svchost may need to be expanded to show
the detail,
(sub processes), in this case click on the + located to the left on the
entry.

JS

 

[wingman]

My CPU Usage goes to 100% for an unknown reason. What I have found at this
point is that there in an excessive number of USERS listed in the registry. I
did a registry fix using Advance System Care, a free program. It showed 201
registry entries that need fixed. The majority of these entries are USERS
with no other entry. As soon as I remove all the USERS the CPU usage drops
down immediatly to a normal range of 5% or less.

My real question is what software or malware might be creating all these
excessive USERS? My scans show no malicious malware or otherwise.

Any help would be appreciated.

Ted

Hi again,

Thanks for replies. Yes, you were right, Dennis, system restore did not work.

I did find a solution offered in another forum (but over two years old, so
may not apply anymore) which listed Trojan W32.DiDer as the culprit. It
(apparently) avoids detection by using the file name explorer.exe (same name
as the legitimate Windows file).

I notice in my task manager, processes, that I have two explorer.exe files
running. Is this usual? Could one of them be an impostor? How can I tell
which (if any) are fake? (I also have six svchost.exe files running!)

When PC is idle, CPU usage will stabilise at between 0% and 4% - but every
20 seconds (approx) it blips up to 80%/90%, then stabilises again.

I must say that, even though this is a worrying new development, the PC is
still working smoothly on the whole. Im grateful for my small mercies.

Will forward any info I find. Stay happy, Shouderhead

 

[Jose]

My CPU Usage goes to 100% for an unknown reason. What I have found at this
point is that there in an excessive number of USERS listed in the registry. I
did a registry fix using Advance System Care, a free program. It showed 201
registry entries that need fixed. The majority of these entries are USERS
with no other entry. As soon as I remove all the USERS the CPU usage drops
down immediatly to a normal range of 5% or less.

My real question is what software or malware might be creating all these
excessive USERS? My scans show no malicious malware or otherwise.

How did you determine that there were an excess number of USERS in the
registry?

Did you let/pay for Advance System Care to remove the USERS or did you
do it yourself somehow?

Usually, those kinds of scan your system for free programs will
certainly scan for free and then either find, report or create things
and convince you to pay to fix them (scareware). Sure... we'll scan
for outdated drivers, scan for virus, scan your registry... Do you
think the free scan would ever come up and say everything is fine? I
would avoid such well known folly.

Here are some reputable malicious software tools that really are
free. There is no single tool that knows about everything, so you
should use a couple good ones (at least).

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

 

[wingman]

Thanks Jose for your response.

The program I paid for, and from what I can determine it does a reputable
job. I am aware of others that will scan for free and then want you to buy.
This is not the case. If you care to take a look at this software, got to
http://www.iobit.com/

The program found an excessive number of just USERS in the registry. Nothing
specific is tied to these USERS. So I just let the program fix them. That
solved my problem immediatly.

My guess is that it is tied to some malware that is not being found. Or
someone is accessing my cumputer.

I will try your suggestion on the other softwares available and see what I
can find and let you know.

Many thanks.

Ted

My CPU Usage goes to 100% for an unknown reason. What I have found at this
point is that there in an excessive number of USERS listed in the registry. I
did a registry fix using Advance System Care, a free program. It showed 201
registry entries that need fixed. The majority of these entries are USERS
with no other entry. As soon as I remove all the USERS the CPU usage drops
down immediatly to a normal range of 5% or less.

My real question is what software or malware might be creating all these
excessive USERS? My scans show no malicious malware or otherwise.

Has anyone seen this before?

How did you determine that there were an excess number of USERS in the
registry?

Did you let/pay for Advance System Care to remove the USERS or did you
do it yourself somehow?

Usually, those kinds of scan your system for free programs will
certainly scan for free and then either find, report or create things
and convince you to pay to fix them (scareware). Sure... we'll scan
for outdated drivers, scan for virus, scan your registry... Do you
think the free scan would ever come up and say everything is fine? I
would avoid such well known folly.

Here are some reputable malicious software tools that really are
free. There is no single tool that knows about everything, so you
should use a couple good ones (at least).

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.
.

 

[Jose]

Thanks Jose for your response.

The program I paid for, and from what I can determine it does a reputable
job. I am aware of others that will scan for free and then want you to buy.
This is not the case. If you care to take a look at this software, got tohttp://www.iobit.com/

The program found an excessive number of just USERS in the registry. Nothing
specific is tied to these USERS. So I just let the program fix them. That
solved my problem immediatly.

My guess is that it is tied to some malware that is not being found. Or
someone is accessing my cumputer.

I will try your suggestion on the other softwares available and see what I
can find and let you know.

Many thanks.

Ted

While waiting, I downloaded and ran the ASC on a test system and it
reported a lot of things (2000+ registry!), but this is a test system
- lots of install, uninstall, etc. I followed some of the registry
stuff to the very end and some I really thought should not be there if
things went well in the past (who knows) but it was very interesting.
I let ASC fix things and so far the box is still working after a
reboot, a rescan turned up only 4 registry items and I know what those
are and don't care.

Too many things here start with "I ran this registry cleaner and
now...", so personally, I am a little gun shy.

ASC does add an automatic startup program which will slow things down,
perhaps imperceptibly but anything extra running will not speed your
system up. I did not pursue it, I just told it not to run on
startup.

MBAM and SAS are my first choice for malicious software scanners -
free or unfree. Running them once in a while will not hurt anything.

Well, good for you and am glad your problem is resolved.