Unusually hig CPU usage! Plz help!

[Kilobyte70]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:57:11, on 13/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

D:\Program Files\Antivirus\AnalyzeThis.exe

D:\Program Files\Internet Download Manager\IDMan.exe

D:\Program Files\Internet Download Manager\IEMonitor.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Window Streams - Home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html

O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SASWINLO.dll (file missing)

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

 

--

End of file - 7272 bytes

[maynardvdm]

Our malware experts will look at the log as soon as they are online.

[Kilobyte70]

No problem. Thanks

[Kilobyte70]

Any luck in finding what the problem is?

[Goku]

Any luck in finding what the problem is?

Sorry as we lost it in midst of things Praveen. Seth will be here and have a look at it soon. Sorry for the inconvenience. :)

 

-- Goku

[Seth]

I'm currently examining the log...

[Seth]

The log is fine.

 

Make sure Internet Explorer is working, then uninstall and reinstall Firefox.

 

If that doesn't help, see if the problem occurs in Safe Mode: Keep tapping the F8 key as soon as you turn on the computer.

[Kilobyte70]

That's all right. I thought that a reminder wouldn't do any harm. lol. And btw no inconvenience. As long as I get the thing fixed I will be happy but as they the sooner the better. And once thank YOU.

[Kilobyte70]

I am really sorry but I hadn't seen Seth's reply and only just noticed when I checked out of curiosity. I reinstalled and still flash sites use up as lot of cpu same as IE. And now I got the same problem when running large applications such as a video converter or games. The safe mode seems to be fine but cant be sure.

[Goku]

I am really sorry but I hadn't seen Seth's reply and only just noticed when I checked out of curiosity. I reinstalled and still flash sites use up as lot of cpu same as IE. And now I got the same problem when running large applications such as a video converter or games. The safe mode seems to be fine but cant be sure.

Hello Praveen, have you tried to open Mozilla Firefox in safe mode that is to say that open it without any add-ons. You can achieve this by performing the following instructions.

 

1) Click Start.

2) Point to All Programs.

3) Expand the folder named Mozilla Firefox.

4) Select Mozilla Firefox (Safe Mode).

 

See if the usage is still high or the metre decreases. Let us know the results as soon as possible. :)

 

-- Goku

[Kilobyte70]

It seems ok enough (abt 30%) but the usage stays at 100% when I use applications with which I had no problems before. Even low spec games takes up a lot of the memory. Oh and btw how do u know my real name:confused:

[Goku]

It seems ok enough (abt 30%) but the usage stays at 100% when I use applications with which I had no problems before. Even low spec games takes up a lot of the memory. Oh and btw how do u know my real name:confused:

When you posted your Task Manager picture, I saw the processes were running under the account name Praveen and so I took a guess.

 

Anyways, this is unusually strange behavior for a computer that has not been infected with any form of Malware. Can you please wait till Seth comes online so that he may review your condition and advise you accordingly. :)

 

-- Goku

[Kilobyte70]

Lol, good guess. yeah sure, no prob.

[Goku]

Thank you for your patience and co-operation. Another thing I want to ask is that does the CPU usage shoots up only when Firefox is running and specifically at the times when you are using a Flash site. If this is the problem, then you might find this article from the MozillaZine Knowledge Base interesting.

 

Firefox CPU usage

 

Try the solutions suggested there and see if they work or not. Good Luck. :)

 

-- Goku

[Kilobyte70]

No it's not confined to flash sites, it shoots up when I am running scans and multitasking as well.

[Goku]

Multitasking should shoot up the CPU usage but since you said that you started experiencing the problems recently, I would recommend you to wait and let Seth have another look at the log. :)

 

-- Goku

[Seth]

Please test out the system using a "Clean Boot":

 

How to Clean Boot Windows XP

 

BTW-Is the computer noticeably slower when the cpu percentage is very high?

[Kilobyte70]

I did the clean boot and system started up superfast. No the computer doesnt seem slower but the cpu starts noticeably overheating. i am starting to think it's problem with the cooling fan or the heatsink. Edited June 17, 2008 by Kilobyte70

[Goku]

Same guess here. Can you buy a can of compressed air so that you can clean out the jammed dust from your fan and the heatsink?

 

-- Goku

[Kilobyte70]

Lol, foolish question, i know, but where do i get a can of compressed air from?

[Goku]

Lol, foolish question, i know, but where do i get a can of compressed air from?

Not a foolish question. You will be able to obtain a can of compressed air from your local hardware shop or any online sites you prefer. I would recommend the former option seeing that the latter could take days to reach you. Whenever, you have the time, just go and buy one. They have a pipe like end that helps you in cleaning coreners that are normally unreachable. :)

 

-- Goku

[Kilobyte70]

lol thanks. I just found one on amazon.com. Before I order I will go and look if they have one in the hardware store. thanks.

[Seth]

Remember to keep the can upright, and use short bursts.

[Dalo Harkin]

Take the fan and heatsink off and use a new paintbrush to get all the dust out - compressed air is only needed in places you cannot get to easily like GPU fan units

[Seth]

Take the fan and heatsink off and use a new paintbrush to get all the dust out - compressed air is only needed in places you cannot get to easily like GPU fan units

 

I think it's safer to use the compressed air, as it will suffice and do so without any risk of ripping out the cpu when the heatsink is pulled.