CPU Usage high, No Processes using more than 0%

[akshay_leo]

Whenever I start my PC, it takes ages to start up. On checking the Task Manager, I see that despite no processes taking more than 0-5%, the CPU Usage is around 40-60%. Also, in the same window, at the bottom, it says SYSTEM IDLE PROCESS: 95-99%.
Sometimes, this problem gets solved after 10-15 minutes, sometimes it continues to happen. I am also using Avast.

I have not installed any new software or hardware.

System specs are:
P-4, 2.6 GHz, 512 MB RAM
OS: XP, SP2

They did not let me post my HJT log because of some counter issue so I have attached the log. Pls check it and let me know.

PLEASE HELP

 

[CCT]

Usually, System Idle Process is 99% with NO background apps running.

I note you have 3 Auto-Updaters running - try setting them to manual.

I believe you also have some nasties: go here; https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[akshay_leo]

what do you mean by "setting it to manual" and how do i do it..

 

[CCT]

what do you mean by "setting it to manual" and how do i do it..

Since I don't have Avast, Google Toolbar or a HP comp, I have no idea. Usually there is a setting to turn OFF an auto-updater either within the program itself or in Windows Services.

 

[Rage_3K_Moiz]

FYI, System Idle Process usage is supposed to be 99%, since it shows you that your system resources aren't being used. So I'm not sure what you meant by its usage being 95-99% in Task Manager.

 

[akshay_leo]

i'll try and upload a pic for you to see..

 

[gbhall]

heres one case

what do you mean by "setting it to manual" and how do I do it..

find the place to untick 'update automatically'. This can apply to Java, browsers, anti-virus, firewalls, games, office suites, video drivers, pdf viewers, hardware utilities.........etc. All a waste of time. If something works, leave it alone. Unless you learn of a discovered vulnerability, when you can update manually. For this purpose, add yourself to the CERT advisory email listings.

By the way, you are doing a VERY thorough virus scan from MORE than one package?. A high, unexplained CPU usage can mean your PC is acting as a spam relay. On the other hand, in your HijAck log you have two anti-virus packages. That alone can cause your symptoms, as each could be constantly checking the virus signatures of the other one !

Finally, HP printer monitoring software is absolutely hopeless, and many, many cases causes crippling overheads by checking like every 2 microseconds to see if you're low on ink.....Remove it.

 

[SpiritWind]

Avast, etc

Hi :

I have Avast and at times help out on their Support Forums and do NOT
recommend setting their "Auto Updater" to "Manual" . Concerning Avast & your
HJT Log, generally speaking, your HJT "Items" match mine, except I do not have
the "Outlook/Exchange" Provider "activated" as you apparantly do . What is
different is that your HJT log does NOT show any "04" Entry for "ashDisp", which
is for displaying the Avast Icon in your System Tray ; do you have the "a" icon in
your System Tray ?

Also, I noticed an out-of-date Sun Java, a serious security risk . You MAY also be
NOT using the "corrrect" Series for your Operating System !? At a minimum, you
should uninstall ALL "Versions/Updates" you have for this program and the latest,
usually correct version for your Operating System is at www.java.com . IF this
Version does NOT work "correctly" on your computer, let me know and I will
provide a link to the earlier Series ( which I happen to be using ) .

And I noticed you have Adobe Reader, as serious security risk, since recently,
Researchers found a new hackertoolkit that uses nothing but Adobe securityleaks in order to infect systems. "PDF Xploit Pack" ( http://www.trustedsource.org/blog/153/Rise-Of-The-PDF-Exploits )adds all kind of exploits to PDF-files. When a certain exploit has successfully infected the OS, the IP address is sent to the attackers, so they need to try again. This to reduce the time it takes to manage the bots.

Use of PDF-files is becoming more and more popular among malcreants, this because other toolkits also have PDF exploits now. A year ago only 3% of the exploits were PDF directed.

So I recommend you uninstall Adobe and get the safer "Foxit Reader" .

 

[SpiritWind]

2 antivirus programs !?

Hi GB :

I hope you do not consider AVG antiSPYWARE as an AV program !? The only
other possibility is the Bit Defender that apparently was the result of using their
Online Scanner that would not be a "conflict" .

 

[LookinAround]

The first question is what is
O2 - BHO: VirtualNetwork module - {6C517674-DE1C-4493-977C-34A1BFAB35BA} - C:\Program Files\VirtualNetwork\VirtualNetwork.dll

Note that Castle Cops report the CSID as a potential issue

VirtualNetwork Class {6C517674-DE1C-4493-977C-34A1BFAB35BA} X BHO VirtualNetwork.dll Parasite installed alongside Bit_Accelerator - detected by Kaspersky antivirus as AdTool.Win32.VirtualNetwork.d

You also certainly have things starting not needed. You can use this link for how-to try disabling much of what's not needed and renabling to determine the impact (and which one or ones) are giving you grief

 

[akshay_leo]

after reading all your replies, i think there are 4 changes i need to make..

1. set auto-update for java to OFF - done
2. remove HP monitoring on start-up - no idea how to do this
3. remove adobe and use foxit reader - will that really effect? but, can be done
4. HJT log shows 2 anti-virus - i was using avg before, and avast now, but avg is uninstalled, why does it show 2 antivirus.. what to do there?

 

[SpiritWind]

"Services"

Hi Leo :

As I said in an earlier Post, you do NOT have 2 antiVIRUS programs "running";
AVG AntiSPYWARE is NOT an antiVIRUS program . However, AVG AntiSPYWARE
is currently NOT a top antiSPYWARE program and you would be wise to uninstall
it and get the better FREE Ver of "SUPERAntiSpyware" from
www.superantispyware.com AND/OR the "Free" Ver of "Malwarebytes' Anti-
Malware" from www.malwarebytes.org/mbam.php .

Since your "Processes" seem ok, perhaps you should be looking at your
"Services", by changing some from "Automatic" to "Manual" and even possibly
"Disable" . One of the best Experts in this field is Charles Sparks, better known as
"Black Viper" in the malware-fighting "community" . I used the Info he provides at
www.blackviper.com/WinXP/Archive/servicecfg.htm to "match" his
Recommendations to my Settings; perhaps you should do likewise !?

And for some unknown reason you did NOT answer my question about IF
you have Avast's "a" icon in your System Tray !?

 

[akshay_leo]

hey

i used to see that 'a' icon, but now the icon does not come..

as for the rest, will try what u sed once i go home, in office right nw..

 

[akshay_leo]

The 'a' icon for avast has disappeared.. now what to do about that??

and I have also attached the screenshot of the cpu usage..
u will see system idle at 99% and at the bottom cpu usgae over 15%

 

[LookinAround]

Helloooooo? :wave:

Has anyone Googled VirtualNetwork.dll i pointed out from CastleCops yesterday?????

virtualnetwork.dll - Dangerous

 

[LookinAround]

Plus, while it's fine if one wants to reduce startups but some of them have almost negligible impact against the delays the OP is reporting.

Suggest first look at VirtualNetworks.dll and then let the OP use this How to perform advanced clean-boot troubleshooting in Windows XP.

While it's geared towards trying to find corrupt programs the method and usage is the same for simply disabling startup of most everything. The re-enable in a controlled fashion and startup again to assess which one(s) are causing the big dealys

/**************EDIT********************/
Actually, as part of "looking at VirtualNetworks.dll" unless there's a good and known reason for it being there, OP should look at and go through UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instruction


/**************EDIT2********************/
VirtualNetworks.dll issue would be top priority. But also, suggest use Process Explorer to see what's happening. CPU symptoms as reported may also be a side affect hardware generating alot of spurious interrupts.

 

[SpiritWind]

Hi Leo :

It is IMPORTANT to try & get the Avast "a" icon back into your System Tray . A 1st
and hopefully last attempt to do so, would be to Try a repair of avast. Go to "Add Remove Programs", select 'avast! Anti-Virus,' click the "Change/Remove" button and scroll down to "Repair", click "next" and go from there . Let me know IF that
put the 'a" icon back in your System Tray !? You MAY need to reboot the
computer for the "Repair" to take place !?

You are using an outdated version of the HijackThis program; you should
uninstall it, then go to www.filehippo.com/download_hijackthis and get the 2.0.2
Version . Run another Scan, and IF
"O2 - BHO: VirtualNetwork module - {6C517674-DE1C-4493-977C-34A1BFAB35BA} - C:\Program Files\VirtualNetwork\VirtualNetwork.dll " is in the
Log, put a checkmark in the box to its left, then click the "Fix" button, as
recommended by "LookinAround" .

As I mentioned before, I do not think you have a "processes" problem !? Since I
have a small monitor screen, I was unable to view your screenshot .

 

[akshay_leo]

1. i got the avast 'a' back..

2. i removed the virtual class thing..
this is how the log looks lik now..

edit: removed log. Logs should be attached, not copy pasted.

wat now??

 

[SpiritWind]

Hi Leo :

You still have NOT uninstalled Adobe Reader and installed "Foxit Reader" and
have NOT uninstalled AVG AntiSpyware and installed "SUPERAntiSpyware" &
"Malwarebytes' Anti-Malware" like I suggested several days ago .

 

[LookinAround]

Sorry, but if i may step back in thread?

A couple things. Most important is that akshay_leo's HJT log is showing several entries that "don't look good", like this thing as just one example (there are more)
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt

i think it wise if akshay_leo refers to the thread UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instruction and walk through each step of the entire cleaning process. Then please report with the logs it requests.

Also if you could please put the logs in .txt files and then attach them to posts makes it easier. Thanks

 

[momok]

Judging from your HJT log, you have got yourself quite a bit of a problem with malware.

Do follow the instructions as LookinAround suggested. Visit that thread and post the required logs. When you post your logs, do remember to attach them in either .log or .txt format. This is to prevent risk of infection to other users in the community.

 

[akshay_leo]

hi

1. i removed adobe, installed foxit
2. i removed avg antispyware, installed the 'super anti spyware'
3. my computer hangs alot, so it is almost impossible for me to complete those 8 steps. whenevr the computer is scanning the files, it hangs somewhere and i haveto do the whole process again, so basically i am unable to do all those 8 steps.

the HJT log has been attached. pls go through it..

 

[momok]

These entries need to be fixed.

O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKCU\..\Policies\Explorer\Run: [{24869047-0A6B-1033-0624-050513200001}] "C:\Program Files\Common Files\{24869047-0A6B-1033-0624-050513200001}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{24869047-0A6B-1033-0624-050513200001}] "C:\Program Files\Common Files\{24869047-0A6B-1033-0624-050513200001}\Update.exe" te-110-12-0000059 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{24869047-0A6B-1033-0624-050513200001}] "C:\Program Files\Common Files\{24869047-0A6B-1033-0624-050513200001}\Update.exe" te-110-12-0000059 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

That said, I need to check if your geographical location - is it New Delhi? Is your ISP Airtel?

 

[CCT]

Post #2 4 days ago by me:

"I believe you also have some nasties: go here; https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/ "

If so many other people hadn't jumped on the bandwagon the poster would have been getting the needed help earlier than now.

 

[akshay_leo]

My computer hangs alot, so it is almost impossible for me to complete those 8 steps. whenevr the computer is scanning the files, it hangs somewhere and I have to do the whole process again, so basically I am unable to do all those 8 steps.

as for the mentioned 'fix-it' items in HJT log, that has been done..the new HJT log has been attached..

guys, could this be a RAM issue?

also,

yes my location is new delhi, india and my ISP is airtel..