PC Pals Forum

Technical Help & Discussion => Self Building, Upgrading & General Hardware Help => Topic started by: geordie77 on March 27, 2004, 16:50

Title: CPU usage 100%
Post by: geordie77 on March 27, 2004, 16:50

Hi

I need help.  2 weeks ago I touched in inside of my pc when it was turned on.  The pc switched off straight away.  I took it to a shop and when i got it back they said i had only blown the power pack so they replaced it.  Now though my pc does not work properly it is really slow and the CPU is nearly always at 100% usage. I mainly only run emule for downloading and also browse the internet.  This is all my computer gets used for but last 2 weeks it has been a nightmare.  My basic spec is P4 2.5ghz, 512ddr ram, 2x120 gig hard drives, dvd writer, cd writer.

I run windows XP home edition and the windows task manager shows most of the CPU is the SVHOST about 70% and the system 30%

I would really appreciate any help. Thanks in advance.

Edit:  Clive has removed e-mail address for security reasons.

Title: Re:CPU usage 100%
Post by: Serenity on March 27, 2004, 16:52

Hi Geordie77  :welcome:

We have great "techies" on this forum  but there are'nt anyof them around at the moment, hang on in there, someone should be around soon and hopefully help with your problem  :)

Title: Re:CPU usage 100%
Post by: Clive on March 27, 2004, 16:56

Hi Geordie and  :welcome:

I suspect that you have picked up some sort of trojan which is using your computer for its own purposes.  It might be a good idea to download and run Ad-Aware which will detect these type of things and remove them.  I am assuming that you have already checked for viruses?  Please let us know how you get on.

Title: Re:CPU usage 100%
Post by: geordie77 on March 27, 2004, 17:30

Hi

Downloaded ad-aware 6.0 and it removed 31 items but still 100% cpu usage   svchost 100%.  If i end task box comes up and a timer counts down from 60 and closes computer.  Tried running my AVG to check for viruses and it's all clear

Title: Re:CPU usage 100%
Post by: Clive on March 27, 2004, 17:46

I'm afraid that you will have to wait until one of our techies come online then Andy.  One thing I can suggest is that you run Ad-Aware in Safe Mode and turn off system restore.  But don't forget to turn it back on again afterwards!  You could also run your virus checker in Safe Mode and system restore disabled at the same time.  The reason for this is that some trojans and viruses are very hard to get rid of as they use system restore to reinstall themselves.  Make sure also that you have downloaded all the latest updates for Ad-Aware and your virus checker.  

I'm sorry we are a bit thin on the ground as far as techies are concerned today but they will be back tomorrow evening.

Title: Re:CPU usage 100%
Post by: Simon on March 27, 2004, 18:57

You could also download and run Spybot (http://download.com.com/3000-8022-10194058.html?tag=lst-0-1), which is similar to Ad Aware, but sometimes finds different things.  Don't forget to check for updates before you run these programs, as they are next to useless without the latest definitions.

If you're still having problems after that, you might like to download and run Hijack This (http://tomcoyote.com/hjt/), which gives a list of running programs.  If you post the list on here (copy log to notepad), one of our techies will have a look and may be able to spot something for you.  


Oh, and  (https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fwww.apax34.dsl.pipex.com%2Fsmileys%2Fwelcome.gif&hash=05644ab4fbfa7c9585f756e9a79aab0a53d0e346)

Title: Re:CPU usage 100%
Post by: geordie77 on March 27, 2004, 19:14

thanks to everyone who is trying to help me

Logfile of HijackThis v1.97.7
Scan saved at 19:14:01, on 27/03/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
G:\PROGRA~1\Grisoft\AVG7\avgcc.exe
G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
G:\WINDOWS\Mixer.exe
G:\WINDOWS\System32\RUNDLL32.EXE
G:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
G:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
G:\WINDOWS\System32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
G:\Program Files\blueyonder IST\bin\mpbtn.exe
G:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
G:\WINDOWS\System32\hpoipm07.exe
G:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
G:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
G:\WINDOWS\System32\explore.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\wuauclt.exe
C:\eMule\emule.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\andrew\hijackthis\HijackThis.exe
G:\WINDOWS\System32\msiexec.exe
G:\WINDOWS\System32\MsiExec.exe
G:\WINDOWS\System32\MsiExec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35A08068-A303-6C98-485F-067C480C31A5} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [siService.exe] "G:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] G:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Monitor] explore.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Monitor] explore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: blueyonder Instant Support Tool.lnk = G:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = G:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38066.4566666667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Title: Re:CPU usage 100%
Post by: Simon on March 27, 2004, 20:12

Hmmm... no expert, me, but you do seem to have one or two toolbars running, which often contain spyware.  try getting rid of that Omega Searchbar, and see if that helps.  Also, no guarantees, but this one (below) could be suspicious, as we had this appear with someone else recently, and removing it helped, but that one was slightly different as yours has no file name.  the other one was a randomly generated .dll file, so not sure about that.

Quote

O2 - BHO: (no name) - {35A08068-A303-6C98-485F-067C480C31A5} - (no file)

Dack is our Hijack This expert, so hopefully he might shed a bit more light on things later on.

Oh, just one more thing, do you have e-mule running in the background?  Try closing it and see if that helps.  I use Limewire Pro, and WinMX, and I have occasionally noticed them drawing on resources, as  can Messenger, if it feels like it.

Title: Re:CPU usage 100%
Post by: Sandra on March 27, 2004, 22:09

Quote from: geordie77 on March 27, 2004, 17:30

 If i end task box comes up and a timer counts down from 60 and closes computer.

Isnt that what the msblast worm used to do ?

See here for removal :

http://support.microsoft.com/default.aspx?scid=kb;en-us;833330 (http://support.microsoft.com/default.aspx?scid=kb;en-us;833330)

Title: Re:CPU usage 100%
Post by: Clive on March 27, 2004, 22:34

Our old friend MSBlast again!  Well spotted Sandra.  Make sure you keep your patches up to date.

Title: Re:CPU usage 100%
Post by: Simon on March 27, 2004, 23:18

If it's MSBlast, why didn't it show in his Hijack This list?   ???

Title: Re:CPU usage 100%
Post by: geordie77 on March 27, 2004, 23:37

I always update my xp and also when I first started getting this problem with the timer I ran various virus checkers and they removed some stuff but this seems to be hard to find.

Title: Re:CPU usage 100%
Post by: Sandra on March 28, 2004, 00:05

Its maybe because it does remove it but if system restore isnt off then it can reload itself again  ???

Title: Re:CPU usage 100%
Post by: geordie77 on March 31, 2004, 20:17

Thanks to everyone who is trying to help me but totally stuck.

Nothing seems to be working out so i thought i would start from scratch.  Formatted both hard drives and started again but is no better.
1. I get a blue screen each night stating "A problem has been detected and windows has been shut down to prevent damage to your computer.  Multiple IRP complete request
***stop: 0X00000044C(0X81CEB2C8,0,00000D60,0,00000000,0X000000000

then a counter counts down closes my computer and as it tries to re boot i get a message saying "Error loading operating system"
I then have to turn off computer and then back on.  This always happens if i restart the computer.  I always have to just shut the computer down totally then turn it back on.

2. I also keep getting a box up which counts down from 60 and states "Remote procedure call (RPC) service terminated unexepectedly" then restarts computer then i get the error loading operating system.  Also once i have had this up i cannot use microsoft outlook without shutting down the computer and restarting it as i get "The operation failed" when i try to get my new emails.

I now have on a checking my computer AVG antivirus, VCOM antivirus, Ad Aware, Spybot, XP firewall and did have Zone Alarm but was conflicting.

Any ideas?

Title: Re:CPU usage 100%
Post by: Sandra on March 31, 2004, 20:28

It definately sounds like the msblaster worm, did you get and run the removal tool in safe mode with sytem restore off and then apply the patch to prevent reinfection  ???

Title: Re:CPU usage 100%
Post by: ketamininja on March 31, 2004, 20:59

The blaster worm affected the RPC event and changed this service setting - if stopped, then reboot machine basically.

If you go to services, and check the RPC service, you can see the options there.

Not that the information above really helps...


WOW @ that error message on the BSOD... thats a new one.
Here's some info I found:

Quote

This message means WinXP crashed because it was asked by a driver to complete an I/O operation which had already been completed. This is usually a software configuration problem, e.g. you may have a problematic driver on your system that needs to be removed or updated. But sometimes this can be caused by hardware corruption.

Do you use a program called FOLDER SHIELD?? This may be related it seems - unistall!

Microsoft link (for 2000, but relative to XP):
http://support.microsoft.com/?kbid=294876

Seriously thought, it sounds like you damaged something when you touched the inside. When the PSU blew, it may have damaged a component (a small resistor or anything like ram or gfx), its likely to be a hardware issue, which basically means getting someone to fault find it, or do it yourself by removing non-critical hardware piece by piece...

good luck!