Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

CPU always stays at 100%

Started by locust1937 , Apr 22 2006 12:13 PM

Please log in to reply

#1
locust1937

Posted 22 April 2006 - 12:13 PM

Member

Member
14 posts

Hi,
My CPU is always at 100%. I have run various spyware programs and have had no luck getting CPU below 100%. The SYSTEM Image Name always makes up the remaining %, therefore, even if I delete all of the running programs, it still stays at 100% because SYSTEM will take up all of the CPU. Although I don't think I have any viruses (but I could be wrong), here is my HijackThis.log. I have searched many different forums for the last few weeks, but I have still not been able to find a solution.

Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 11:07:17 AM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BRENT\Local Settings\Temporary Internet Files\Content.IE5\DOUTALMU\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1139163552489
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#2
computerwiz12890

Posted 22 April 2006 - 12:33 PM

Fixer-upper guy

Retired Staff
1,807 posts

Hello locust1937,

This is not the malware forum, please do not post a HijackThis log here.

100% CPU can be cause by many different things. We will go through each possibility/solution until we find the right one. Please have patience with me as we do this, since it could take a while. But I will help you get this problem solved :whistling:

First possible cause could be a corrupted or full index.dat file. We will use CCleaner to fix that.

Download CCleaner from http://www.snapfiles...t/ccleaner.html

Install it. Then start the program.
In the area designated as "Cleaner Settings", Make sure the Windows tab is the selected tab.
Under the category of "Internet Explorer", UNcheck all boxes except for the first two boxes (Temporary Internet Files and Cookies) and the box called Delete Index.dat files.
UNcheck the box next to the category called "Windows Explorer."
Under the category of "System", UNcheck Empty Recycle Bin.
At the top, click on the tab that says Applications.
UNcheck EVERYTHING! If there is a category called "Firefox", then leave the Cookies option checked.
Now click on Analyze. When it is done analyzing (it could take several minutes since this is your first time using ccleaner), click on Run Cleaner.

After it is done deleting the junk files, including index.dat, restart your computer. After it has restarted, see if the problem still occurs.

If that didn't work, let's move on to Tune-up:

Download and install Tune Up 2006 Trial

Click on Clean up & Repair. Run TuneUp DiskCleaner. Delete all junk files. Afterwords, return to the Main Screen.

Click on Clean up & Repair. Run TuneUp RegistryCleaner. Fix all errors. Afterwords, return to the Main Screen.

Click on Optimize & Improve. Run TuneUp RegistryDefrag, which will take a few minutes and need a reboot.

After the reboot, start Tune Up again. Click on Optimize & Improve then click on TuneUp System Optimizer. Now click on Accelerate downloads and Internet surfing to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, start Tune Up again. Click on Optimize & Improve then click on TuneUp System Optimizer. In the menu to the left called "Wizards", choose System Advisor. Note some of the advice it tells you.

If neither of those 2 programs worked, do this:

Download Process Explorer from Sysinternals
http://www.sysintern...ssexplorer.html

Extract and run it. Go to VIEW > SHOW Fractional CPU usage
Make sure it is checked.

Look in the CPU column and relate what is consuming your CPU time

If you can, a screencapture would be useful.

#3
locust1937

Posted 22 April 2006 - 02:46 PM

Member

Topic Starter
Member
14 posts

Hi Computerwiz,
I followed the above instructions & the problem still continues. Below you will find a copy of the sysinternals. Thanks again.

Process PID CPU Description Company Name
System Idle Process 0
Interrupts n/a 9.09 Hardware Interrupts
DPCs n/a 28.79 Deferred Procedure Calls
System 4 54.55
smss.exe 404 Windows NT Session Manager Microsoft Corporation
csrss.exe 548 Client Server Runtime Process Microsoft Corporation
winlogon.exe 572 Windows NT Logon Application Microsoft Corporation
services.exe 620 1.52 Services and Controller app Microsoft Corporation
svchost.exe 776 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 824 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 888 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 948 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1036 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1360 Spooler SubSystem App Microsoft Corporation
SERVIC~1.EXE 1964 F-Secure Anti-Virus 2006 F-Secure Internet Security 2005
fspex.exe 1136 1.52 F-Secure Anti-Virus 2006 F-Secure Internet Security 2005
fsgk32st.exe 216 fsgk32st F-Secure Corporation
fsgk32.exe 252 Gatekeeper Handler II F-Secure Corp.
fssm32.exe 396 fssm32 F-Secure Corp.
fsbwsys.exe 248 fsbwsys F-Secure Corp.
FSMA32.EXE 276 F-Secure Management Agent F-Secure Corporation
FSMB32.EXE 492 F-Secure Message Broker F-Secure Corporation
FCH32.EXE 1264 F-Secure Configuration Handler F-Secure Corporation
FAMEH32.EXE 984 F-Secure Alert and Management Extension Handler F-Secure Corporation
fsqh.exe 988 F-Secure Quarantine Handler F-Secure Corporation
FSRW.exe 1908 F-Secure System Control F-Secure Corporation
FSAV32.exe 2252 FSAV Handler F-Secure Corporation
wdfmgr.exe 1060 Windows User Mode Driver Manager Microsoft Corporation
fsdfwd.exe 2480 F-Secure Anti-Virus Internet Shield daemon F-Secure Corporation
alg.exe 2700 Application Layer Gateway Service Microsoft Corporation
lsass.exe 632 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1268 Windows Explorer Microsoft Corporation
FSM32.EXE 1764 F-Secure Settings and Statistics F-Secure Corporation
FSAW.exe 3104 F-Secure Browser Control F-Secure Corporation
fsguidll.exe 3252 F-Secure GUI component F-Secure Corporation
daemon.exe 1800 Virtual DAEMON Manager DT Soft Ltd.
winampa.exe 1808
msmsgs.exe 1828 Windows Messenger Microsoft Corporation
iexplore.exe 2276 Internet Explorer Microsoft Corporation
WinRAR.exe 1672
procexp.exe 2796 4.55 Sysinternals Process Explorer Sysinternals
Integrator.exe 2860 TuneUp Utilities Start Center TuneUp Software GmbH

#4
TaNkZ101

Posted 22 April 2006 - 03:33 PM

Member

Member
327 posts

question: would setting the priority of a task to realtime cause the cpu to run at 100%? i didn't think i should make a topic just for a yes or no answer.

Edited by TaNkZ101, 22 April 2006 - 03:33 PM.

#5
computerwiz12890

Posted 22 April 2006 - 08:49 PM

Fixer-upper guy

Retired Staff
1,807 posts

@ TaNkZ101: Not quite sure what the realtime setting is. I know what you're talking about, but I've never researched it. Search with Google and see if you find the answer, and then, if you find it, post it so you will teach me something :whistling:

I just set 2 of my programs to realtime, no change in CPU. My guess is your situation is not normal.

@ locust1937: Amazing...let's find out what the heck your computer is doing when the CPU goes to 100%. Time for me to collect some technical information from you :blink:

Please download filemon. After downloading, unzip it to your desktop.

Before we get started, I want you to be familiar with the Capture button so you can find it quickly when we do this. Open Filemon. Note the button at the top that looks like a magnifying glass. Pressing that button will stop Filemon from recording (capturing) the activity of your computer. That is the button you will be pressing when I say to.

Now exit out of Filemon. Exit all non-essential programs (the ones in the taskbar next to the clock. Do this by right-clicking on them and selecting exit or close.)

Figure out how to cause the 100% CPU at will, unless it occurs all the time.

Now we will use Filemon.

We are going to do this fairly fast: Open Filemon and then immediately cause the 100% usage problem. Let the computer sit for about 10 seconds. Quickly return to Filemon and click on the magnifying glass button at the top. Now click on File > Save as... and save the log to your desktop. Attach that log to your reply to me.

NOTE: the only reason for doing this procedure so quickly is to minimize the size of the log so I can pinpoint the problem. Also, you may need to compress (zip) the log because of it's size.

Edited by computerwiz12890, 22 April 2006 - 08:52 PM.

#6
locust1937

Posted 24 April 2006 - 06:33 PM

Member

Topic Starter
Member
14 posts

Hi Computerwiz,
The CPU is always 100%. Attached is the filemon log.

Attached Files

Filemonlog042406.txt 9.38KB 295 downloads

#7
computerwiz12890

Posted 24 April 2006 - 07:16 PM

Fixer-upper guy

Retired Staff
1,807 posts

That was way too short of a log :whistling:

Did you let it run for at least 10 seconds? If so, are you sure the CPU was at 100% when it was running?

Note: you can minimize Task Manager to the system tray and the chart that you will see in the tray is the CPU usage.

#8
locust1937

Posted 24 April 2006 - 07:42 PM

Member

Topic Starter
Member
14 posts

sorry, I didn't let it go for the full 10 seconds. This file should be a bit larger. I am positive about the CPU of 100%. It never varies from 100% CPU, even if I get rid of all running processes.

Attached Files

Filemonlog042406.txt 32.58KB 201 downloads

#9
computerwiz12890

Posted 24 April 2006 - 08:02 PM

Fixer-upper guy

Retired Staff
1,807 posts

Very interesting...

It looks like you got some corruption of your OS. Your computer is accessing a bunch of different DLLs, ones that are legitimate, but it is accessing them when you don't need them.

Either
1 - They have become corrupted <or>
2- A program that uses them has become corrupted

My Suggestion
Go to Start, Run, type sfc.exe /scannow and press enter. You will need an XP CD for this. Let it run to the end. It will automatically replace critical Windows files that are corrupted without prompting you. If you have any problems running this, check out the following link: http://www.updatexp....cannow-sfc.html

Reboot when it is finished to see if it worked.

Edited by computerwiz12890, 24 April 2006 - 08:10 PM.

#10
locust1937

Posted 24 April 2006 - 09:34 PM

Member

Topic Starter
Member
14 posts

I ran the sfc.exe /scannow and, unfortunately, I am still having the same issues. As always, I notice that the CPU is always 100%. When I start deleting processes, the SYSTEM Image Name replaces the remaining CPU so it always is 100%. Thanks again for your help.

#11
computerwiz12890

Posted 24 April 2006 - 09:36 PM

Fixer-upper guy

Retired Staff
1,807 posts

Run filemon again, but let it run for 30 seconds this time...

And while I analyze it, restart the computer into Safe Mode and let me know if the 100% CPU occurs in Safe Mode.

#12
locust1937

Posted 24 April 2006 - 09:49 PM

Member

Topic Starter
Member
14 posts

Here is the latest filemon. I will now boot in Safe Mode.

Attached Files

Filemonlog0424062.txt 39.11KB 160 downloads

#13
computerwiz12890

Posted 24 April 2006 - 09:53 PM

Fixer-upper guy

Retired Staff
1,807 posts

Hmm...same results...

When exactly did this problem start occuring? Was it after a windows update? Installed new software? Power went out?

Before I make my next suggestion, answer those questions, and let me know how it ran in Safe Mode.

#14
locust1937

Posted 24 April 2006 - 10:34 PM

Member

Topic Starter
Member
14 posts

When I boot in safe mode, windows freezes so I am unable to get taskmanager to appear. I tried this 5 times and had the same results. I can get to the desktop in Safe Mode, but then it freezes.

I noticed this happening a few weeks ago, but it may have started earlier. My computer had to be rebuilt after motherboard, hard drive & power issues. Windows was reinstalled. Its been 2 months since I had it rebuilt but was not using it very much until the last 2-3 weeks and thats when I first noticed the issue. Like I said before, it could have started after windows was reinstalled a couple of months ago, but it may have happened after a windows update. I really am not sure.

#15
computerwiz12890

Posted 24 April 2006 - 10:37 PM

Fixer-upper guy

Retired Staff
1,807 posts

When windows was reinstalled, was it installed from a full XP CD? Or was it reinstalled from a Recovery CD?

If it was installed from a Recovery CD, then that is most likely your whole problem, since the MB was changed.

Find out what it was installed from, and I'll double-check to make sure that could be the cause.