Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Process SYSTEM Brings CPU Usage to 100%, Making Machine Unusably Slugg

Started by Burnt Norton , Aug 19 2006 04:24 AM

  • Please log in to reply

#16
Guest_rushin1nd_*
Posted 21 August 2006 - 11:57 AM

Guest_rushin1nd_*
  • Guest
heres another one you can get rid of

uninstall it from your add and remove programs

bit defender


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

cant have too many antivirus programs running there are in conflict with each other

Edited by rushin1nd, 21 August 2006 - 12:01 PM.

  • 0

Advertisements

#17
aero05
Posted 21 August 2006 - 11:58 AM

aero05

    Member

  • Member
  • PipPip
  • 75 posts
yea thats exactly what i meant....
try this go in through safe mode, to acces safe mode simply turn on the computer and rapidly tap the F8 button. you will see a list of options that will appear, i sugest you select safe mode with networiking this way you have a chance to go online and keep posting for anything you need, any way once you are in safe mode go to the control panel and open the user accounts applet... and let me know what exactly you see there
  • 0

#18
computerwiz12890
Posted 21 August 2006 - 11:59 AM

computerwiz12890

    Fixer-upper guy

  • Retired Staff
  • 1,807 posts
rushin1nd...are you trying to leave this user defenseless???

Do more research before making suggestions! I think you're headed in the wrong direction. And when you do make a suggestion, such as removing an AV program, give them something to replace it with so they don't sit there helpless! :whistling:

EDIT: rushin1nd...Those bitdefender entries are for the online scanner...Bitdefender isn't actually installed on the computer. So it is not running! Take your time when making suggestions and read thoroughly & do research. It looks like we're dealing with driver problems here, or possibly, like aero05 is headed towards, a user account corruption.

In addition, why are you trying to use HJT to uninstall non-malware items??

Edited by computerwiz12890, 21 August 2006 - 12:11 PM.

  • 0

#19
Guest_rushin1nd_*
Posted 21 August 2006 - 12:23 PM

Guest_rushin1nd_*
  • Guest
i didnt relize he had posted 2 hijack logs

but if bit defender works with file missing
that was the only concern i had in mind

well your here now computerwiz no need to crowd him or confuse him any more
typical monday....cest la vie
  • 0

#20
Burnt Norton
Posted 21 August 2006 - 12:47 PM

Burnt Norton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's the eventwvr report. There were a ton of them, so the first bunch is just the latest. After a few of them, I just printed earlier ones that seemed different from the others.

I'll get to work on disconnecting the USB devices. Thanks.

Application Errors:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1068
Date: 8/19/2006
Time: 4:38:37 PM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
Windows ended GPO processing because the computer shut down or the user logged off.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 8/19/2006
Time: 3:35:37 AM
User: N/A
Computer: PSTEP
Description:
Hanging application TeaTimer.exe, version 1.4.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 54 65 61 54 69 6d TeaTim
0018: 65 72 2e 65 78 65 20 31 er.exe 1
0020: 2e 34 2e 30 2e 32 20 69 .4.0.2 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000


[/color][color=#000000]System Errors:[color=#000000]

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/21/2006
Time: 1:31:10 PM
User: PSTEP\Peter
Computer: PSTEP
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service MDM with arguments "" in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.


Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/21/2006
Time: 12:56:33 PM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service DPFUSMgr with arguments "" in order to run the server:
{A5F087F1-543B-11D5-87D4-00010242D7FF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/21/2006
Time: 12:56:00 PM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service DPFUSMgr with arguments "" in order to run the server:
{A5F087F1-543B-11D5-87D4-00010242D7FF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/21/2006
Time: 12:47:10 PM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service DPFUSMgr with arguments "" in order to run the server:
{A5F087F1-543B-11D5-87D4-00010242D7FF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/21/2006
Time: 12:41:27 PM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service DPFUSMgr with arguments "" in order to run the server:
{A5F087F1-543B-11D5-87D4-00010242D7FF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/21/2006
Time: 12:40:20 PM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service DPFUSMgr with arguments "" in order to run the server:
{A5F087F1-543B-11D5-87D4-00010242D7FF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/21/2006
Time: 12:26:03 PM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service DPFUSMgr with arguments "" in order to run the server:
{A5F087F1-543B-11D5-87D4-00010242D7FF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/21/2006
Time: 12:25:33 PM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service DPFUSMgr with arguments "" in order to run the server:
{A5F087F1-543B-11D5-87D4-00010242D7FF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 8/21/2006
Time: 10:58:11 AM
User: N/A
Computer: PSTEP
Description:
The ZipToA service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 8/21/2006
Time: 10:58:11 AM
User: N/A
Computer: PSTEP
Description:
Timeout (30000 milliseconds) waiting for the ZipToA service to connect.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 8/21/2006
Time: 10:47:53 AM
User: N/A
Computer: PSTEP
Description:
The ZipToA service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 8/21/2006
Time: 10:47:53 AM
User: N/A
Computer: PSTEP
Description:
Timeout (30000 milliseconds) waiting for the ZipToA service to connect.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.



[There were a whole bunch more like the above. Below are the ones that appeared different to me.]

Event Type: Error
Event Source: Print
Event Category: None
Event ID: 19
Date: 8/20/2006
Time: 6:02:48 AM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
Sharing printer failed + 1722, Printer www.instantpublisher.com share name Printer.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.


Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/19/2006
Time: 5:25:10 AM
User: PSTEP\Peter
Computer: PSTEP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/19/2006
Time: 5:24:45 AM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.


Event Type: Error
Event Source: Print
Event Category: None
Event ID: 19
Date: 8/19/2006
Time: 2:03:17 AM
User: NT AUTHORITY\SYSTEM
Computer: PSTEP
Description:
Sharing printer failed + 1722, Printer Quicken PDF Printer share name Printer4.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 8/18/2006
Time: 10:17:26 PM
User: PSTEP\Peter
Computer: PSTEP
Description:
The server {A02ED9E9-8D36-473A-98ED-C253A40765DE} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
  • 0

#21
Burnt Norton
Posted 21 August 2006 - 01:26 PM

Burnt Norton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
When I open the user account applet in safe mode, I pretty much what I see in regular mode: the names of the four accounts, each named after one of my four family members, with their icons next to them. Under each account name is "Computer," beneath that is "Administrator," and beneath that is "Password protected." There is also a guest account with a gray suitcase beside it. Beneath "Guest" is "Guest account is off."

Please let me know if I didn't cover something...
  • 0

#22
aero05
Posted 21 August 2006 - 01:32 PM

aero05

    Member

  • Member
  • PipPip
  • 75 posts
when you log on in safe mode did you see a Administrator acount or was there only the accounts of your family members
  • 0

#23
aero05
Posted 21 August 2006 - 01:33 PM

aero05

    Member

  • Member
  • PipPip
  • 75 posts
i just want to see if the SYSTEM account you talked about earlier is hidden or it totaly doesent exist
  • 0

#24
Burnt Norton
Posted 21 August 2006 - 02:02 PM

Burnt Norton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
There is no administrator account or system account listed in either safe or regular mode. Just the five I mentioned (if I include the guest account). Everything in safe mode reads the same as everything in regular mode in the user account applet.

Is that significant?

I disconnected all things USB. Things are still sluggish and CPU usage still steady at 100%.

Thank you all very much for your help!
  • 0

#25
aero05
Posted 21 August 2006 - 02:32 PM

aero05

    Member

  • Member
  • PipPip
  • 75 posts
your case is kind of dificult because of the very litle evidence ........ just hold on im doing some research
  • 0

Advertisements

#26
aero05
Posted 21 August 2006 - 02:46 PM

aero05

    Member

  • Member
  • PipPip
  • 75 posts
are you sure you unpluged any device attached to your pc like computerwiz said earlier
  • 0

#27
aero05
Posted 21 August 2006 - 02:49 PM

aero05

    Member

  • Member
  • PipPip
  • 75 posts
make sure there are no external hardware attached to your pc..... and you know what it would also be helpful if you open up your pc and check that the CPU fan is running and its not full of dust...... if it is i sugest you clean it up.... if you do so make sure that the pc is off and unpluged and make sure you are careful so you dont damage your system
  • 0

#28
computerwiz12890
Posted 21 August 2006 - 03:06 PM

computerwiz12890

    Fixer-upper guy

  • Retired Staff
  • 1,807 posts
Burnt Norton...please do the following:

Go to Start --> Run and type msconfig

Press enter.

Click on the circle next to Normal Startup. Restart your computer and do a scan with HijackThis. Attach the log, do NOT post it out. In order to attach it, you will either need to change the .log extension to .txt, or you will have to put the log into a compressed (zipped) folder.

We do not like to post hijackthis logs in sections other than the malware forum as we do not want to encourage people to post malware issues in this forum.

I am not looking for malware. I am looking for what programs or combinations of programs might cause this behavior. If I notice any malware, I will redirect you to the malware forum.

But I do have a feeling, because of the amount of DCOM errors, that you may have a rootkit infection.

Before we go that route, however, I would like to see what SYSTEM is doing that makes it go to 100%.


In addition to the HijackThis log, do the following:

Download filemon. After downloading, unzip it to your desktop.

Before we get started, I want you to be familiar with the Capture button so you can find it quickly when we do this. Open Filemon. Note the button at the top that looks like a magnifying glass. Pressing that button will stop Filemon from recording (capturing) the activity of your computer. That is the button you will be pressing when I say to.

Now exit out of Filemon. Exit all non-essential programs (the ones in the taskbar next to the clock. Do this by right-clicking on them and selecting exit or close.) Now we will use Filemon.

We are going to do this fairly fast: Open Filemon and then immediately open one of the programs that are giving you the 100% usage problem (unless it is occurning all the time, then you won't have to open a program). Let the computer sit for about 30 seconds. Return to Filemon (if it is not visible) and click on the magnifying glass button at the top. Now click on File > Save as... and save the log to your desktop. Attach that log to your reply to me.

NOTE: The log will be EXTREMELY long. So please attach it rather than post it out. If necessary, you may even have to compress it by putting it a zipped (compressed) folder.


Hope I haven't given you too much to do. :blink: But don't worry, we'll get to the bottom of this! :whistling:
  • 0

#29
aero05
Posted 21 August 2006 - 03:17 PM

aero05

    Member

  • Member
  • PipPip
  • 75 posts
i was doing some research and realized it might be a driver error. try uninstalling a reinstalling the drivers over again ...... hopefully that helps
  • 0

#30
Burnt Norton
Posted 21 August 2006 - 03:19 PM

Burnt Norton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Nothing is attached to the PC except for a mouse (non-USB) and the flatscreen. The only USB attached is the mouse. I swapped it out with the only other mouse I have, which also is a USB. The system wasn't working well with either one... CPU still at 100% and laboring.

I thought it might be a fan issue because the machine has been so quiet ever since it has gotten so slow. Both fans are working, but they seem to blow stronger when the box is open. Though, open or closed, the box ain't right.

I've got a can of air and will now go to work on the fans.
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP