Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU Usage and PF Usage very high for 45 mins after startup


  • Please log in to reply
37 replies to this topic

#1 DallasFrog

DallasFrog

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 12 April 2010 - 04:46 PM

Every time I start my computer in the morning, my CPU usage and PF usage are very high, slowing down the system, for about 45 mins to 1 hour.

I have included images of the Performance Tab and Processes tab of Task Manager. The image of the Performance Meter is not a totally accurate reflection of the issue, because usually the CPU usage bounces between 60% and 100%.
Posted Image
Posted Image

I am using Windows XP Home Edition
Version 2002
Service Pack 3
Intel Pentium D CPU 2.80 GHz
1.5 GB RAM

I have already used CCLeaner and Uniblue. I have scanned with MS Defender and AVG Free version. That is the current AV software I am running. I am also using Norton Ghost to maintain a backup of my computer. I want to try and fix the problem before I reformat and reload EVERYTHING.

Is this a sign of spyware/malware or is my system finally too old?

BC AdBot (Login to Remove)

 


#2 DallasFrog

DallasFrog
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 12 April 2010 - 04:47 PM

One more thing. Networking is always at or close to zero.

#3 webdr

webdr

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 12 April 2010 - 05:34 PM

Hello,

Could you download updated process explorer from here.

Run it and please right click on the process which uses cpu much more than others.
Then select properties, a dialog window with multiple tabs will be opened.
Please choose threads tab and tell us here which thread uses it more than others.

Edited by webdr, 12 April 2010 - 05:34 PM.


#4 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:28 AM

Posted 12 April 2010 - 05:41 PM

just some information and facts on registry cleaners:


Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat too! |


#5 DallasFrog

DallasFrog
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 12 April 2010 - 05:56 PM

Do you want me to run the process explorer right after I reboot and the CPU usage is high?

Edited by DallasFrog, 12 April 2010 - 05:56 PM.


#6 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:28 AM

Posted 12 April 2010 - 06:54 PM

yes he does that way we can find out which is pulling so much cpu also let it idol and do the same thing.

sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat too! |


#7 DallasFrog

DallasFrog
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 12 April 2010 - 08:13 PM

I have attached a screen shot of what you asked for. This was taken 10 minutes after restart.

Attached File  Service_Thread.jpg   36.73KB   25 downloads

If you want the same screen shot after it has calmed down, then I will have to wait a while becuase I didn't think to do it before I restarted. Sorry.

#8 DallasFrog

DallasFrog
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 April 2010 - 09:38 AM

This is what it looks like after everything has calmed down.
Attached File  Process_when_calm.jpg   90.1KB   23 downloads

#9 webdr

webdr

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 April 2010 - 09:50 AM

I am not sure what the services.exe, could you please scan it at virustotal.com? And post the results?

#10 DallasFrog

DallasFrog
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 April 2010 - 10:07 AM

When I did a search for services.exe, several files showed up with the same name. Which one would you like for me to scan?
Attached File  servicesexe.jpg   21.34KB   18 downloads

#11 DallasFrog

DallasFrog
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 April 2010 - 10:24 AM

This is the result from the 4th one on the list:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.12 -
AhnLab-V3 5.0.0.2 2010.04.12 -
AntiVir 7.10.6.64 2010.04.12 -
Antiy-AVL 2.0.3.7 2010.04.12 -
Authentium 5.2.0.5 2010.04.12 -
Avast 4.8.1351.0 2010.04.12 -
Avast5 5.0.332.0 2010.04.12 -
AVG 9.0.0.787 2010.04.12 -
BitDefender 7.2 2010.04.12 -
CAT-QuickHeal 10.00 2010.04.12 -
ClamAV 0.96.0.3-git 2010.04.12 -
Comodo 4578 2010.04.12 -
DrWeb 5.0.2.03300 2010.04.12 -
eSafe 7.0.17.0 2010.04.12 Win32.Banker
eTrust-Vet 35.2.7421 2010.04.12 -
F-Prot 4.5.1.85 2010.04.12 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.12 -
Ikarus T3.1.1.80.0 2010.04.12 -
Jiangmin 13.0.900 2010.04.12 -
Kaspersky 7.0.0.125 2010.04.12 -
McAfee 5.400.0.1158 2010.04.12 -
McAfee-GW-Edition 6.8.5 2010.04.12 -
Microsoft 1.5605 2010.04.12 -
NOD32 5022 2010.04.12 -
Norman 6.04.11 2010.04.12 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.12 -
PCTools 7.0.3.5 2010.04.12 -
Prevx 3.0 2010.04.12 -
Rising 22.43.00.04 2010.04.12 -
Sophos 4.52.0 2010.04.12 -
Sunbelt 6167 2010.04.12 -
Symantec 20091.2.0.41 2010.04.12 -
TheHacker 6.5.2.0.259 2010.04.12 -
TrendMicro 9.120.0.1004 2010.04.12 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.12.2272 2010.04.12 -
VirusBuster 5.0.27.0 2010.04.12 -
Additional information
File size: 108544 bytes
MD5 : 0e776ed5f7cc9f94299e70461b7b8185
SHA1 : cb5a33cec4c7b8ef4bd5dc8c241005b66b26cbbf
SHA256: 22750b3829133d1d4bb3ce2fa6247be2373b5d15a6ed1c8a71673aa1ce7d9530
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xC15B
timedatestamp.....: 0x48025B9A (Sun Apr 13 21:14:34 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18F35 0x19000 6.26 bed3e26782956f737fabacb625fa10f1
.data 0x1A000 0xA30 0xC00 1.78 486e711917101f0eb3dc0d8986335fee
.rsrc 0x1B000 0x7A0 0x800 3.13 37626f0277e3ec55e3e5d0b205b00964

( 0 imports )


( 0 exports )

TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...99e70461b7b8185
ssdeep: 3072:moK+l4lDQ+Anfn0LcsBhuvIg2fPCaGzh:m/lE+E0LNhDfPhG
sigcheck: publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Services and Controller app
original name: services.exe
internal name: services.exe
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD : -
RDS : NSRL Reference Data Set

#12 DallasFrog

DallasFrog
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 April 2010 - 10:33 AM

This is the 2nd on one the list:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.12 -
AhnLab-V3 5.0.0.2 2010.04.12 -
AntiVir 7.10.6.64 2010.04.12 -
Antiy-AVL 2.0.3.7 2010.04.12 -
Authentium 5.2.0.5 2010.04.12 -
Avast 4.8.1351.0 2010.04.12 -
Avast5 5.0.332.0 2010.04.12 -
AVG 9.0.0.787 2010.04.12 -
BitDefender 7.2 2010.04.12 -
CAT-QuickHeal 10.00 2010.04.12 -
ClamAV 0.96.0.3-git 2010.04.12 -
Comodo 4578 2010.04.12 -
DrWeb 5.0.2.03300 2010.04.12 -
eSafe 7.0.17.0 2010.04.12 Win32.Banker
eTrust-Vet 35.2.7421 2010.04.12 -
F-Prot 4.5.1.85 2010.04.12 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.12 -
Ikarus T3.1.1.80.0 2010.04.12 -
Jiangmin 13.0.900 2010.04.12 -
Kaspersky 7.0.0.125 2010.04.12 -
McAfee 5.400.0.1158 2010.04.12 -
McAfee-GW-Edition 6.8.5 2010.04.12 -
Microsoft 1.5605 2010.04.12 -
NOD32 5022 2010.04.12 -
Norman 6.04.11 2010.04.12 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.12 -
PCTools 7.0.3.5 2010.04.12 -
Prevx 3.0 2010.04.12 -
Rising 22.43.00.04 2010.04.12 -
Sophos 4.52.0 2010.04.12 -
Sunbelt 6167 2010.04.12 -
Symantec 20091.2.0.41 2010.04.12 -
TheHacker 6.5.2.0.259 2010.04.12 -
TrendMicro 9.120.0.1004 2010.04.12 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.12.2272 2010.04.12 -
VirusBuster 5.0.27.0 2010.04.12 -
Additional information
File size: 108544 bytes
MD5 : 0e776ed5f7cc9f94299e70461b7b8185
SHA1 : cb5a33cec4c7b8ef4bd5dc8c241005b66b26cbbf
SHA256: 22750b3829133d1d4bb3ce2fa6247be2373b5d15a6ed1c8a71673aa1ce7d9530
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xC15B
timedatestamp.....: 0x48025B9A (Sun Apr 13 21:14:34 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18F35 0x19000 6.26 bed3e26782956f737fabacb625fa10f1
.data 0x1A000 0xA30 0xC00 1.78 486e711917101f0eb3dc0d8986335fee
.rsrc 0x1B000 0x7A0 0x800 3.13 37626f0277e3ec55e3e5d0b205b00964

( 0 imports )


( 0 exports )

TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...99e70461b7b8185
ssdeep: 3072:moK+l4lDQ+Anfn0LcsBhuvIg2fPCaGzh:m/lE+E0LNhDfPhG
sigcheck: publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Services and Controller app
original name: services.exe
internal name: services.exe
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD : -
RDS : NSRL Reference Data Set

#13 DallasFrog

DallasFrog
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 April 2010 - 10:41 AM

None of the other service.exe files show any red results.

#14 webdr

webdr

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 April 2010 - 11:05 AM

That services.exe uses nearly %30 CPU at start up of your computer. The weird thing is, there is services.exe in services.exe anyway we would figure it out.

How you would find, at that threads tab, click on services.exe and choose "Module" button, a dialog window will be opened, at that window you would see exact location of that file.

Have you configured your security applications to make a scan at windows start up?

Edited by webdr, 13 April 2010 - 11:06 AM.


#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:28 PM

Posted 13 April 2010 - 12:52 PM

In your process Explorer screenshots can you expand anything?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users