Hello!

PROBLEM: My CPU usage is running at 100% all the time and 90% is taken up by "System" (NOT system idle process), even with no apps running.

SPECS: P4 2Gig with 512Megs and 80GB hard drive with XP. Few programs installed (mainly used for net and media).

TRIED:
- ran Norton AV 2004, Adaware, Spydot; they did remove some spyware but didn't resolve high usage
- defraged the hard drive (less than 50% full) but it didn't help either.
- uninstalled Norton Internet Security, still at 100% (then reinstalled)
- System Restore to before installation of WINDVD (only recent software install)

QUESTION:
Did a lot of searches on Google, read a lot of forums but I can find anything relevant or tips on troubleshooting. I don't know what else to try or how to procede: Can anyone help?!

THANKS IN ADVANCE!

Welcome to windrivers redball. Please download and run hijackthis and post the log.

Thanks hudsonsmith. Here it is.


Logfile of HijackThis v1.97.7
Scan saved at 12:42:20 AM, on 27/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TV\My Documents\My Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kingstoncomputerplanet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Regx10EXE] <REMOTEPATH_HERE>\ATIX10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.kingstoncomputerplanet.com/
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37676.5378356481
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/autocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{661A4745-C681-4DE8-9B25-B2783B0BB6CC}: NameServer = 206.47.244.53 206.47.244.105

Nothing obvious jumps out at me, although these are questionable:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kingstoncomputerplanet.com/
O14 - IERESET.INF: START_PAGE_URL=http://www.kingstoncomputerplanet.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{661A4745-C681-4DE8-9B25-B2783B0BB6CC}: NameServer = 206.47.244.53 206.47.244.105

My guess is that the problem is one of the Norton applications you have installed. These are notorious resource hogs. The AV should be OK, but you could try disabling some of the others and see if it stops your problem.

Hey hudsonsmith,

the suspect site is just from the shop I bought the system. I disabled NIS (left AV running) and although "system" usage is still very high it does seem to respond a little quicker.

Thanks.

Redball
O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab

This is a problem...the cab file contains
OfotoDND.dll

Atl.dll=Atl.dll
boot to safe mode - turn off system restore.
search for them in registry and make a note of the file path then delete any keys you find. Then go find the dll's and delete them.


unregister them

NooNoo,

I used Hijackthis to fix OfotoDND.dll, rebooted and here is the new Hijackthis scan. Looks like it took care of the file but CPU is still at 100% due to high system?

Thanks!


Logfile of HijackThis v1.97.7
Scan saved at 5:01:04 PM, on 27/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TV\My Documents\My Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kingstoncomputerplanet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Regx10EXE] <REMOTEPATH_HERE>\ATIX10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.kingstoncomputerplanet.com/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37676.5378356481
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/autocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{661A4745-C681-4DE8-9B25-B2783B0BB6CC}: NameServer = 206.47.244.53 206.47.244.105

Its likely we are looking then at a corrupt driver. use this tool to narrow down what is taking up the cpu (http://www.sysinternals.com/ntw2k/freeware/pslist.shtml)

NooNoo,

I ran pslist and it showed "system"@25-50% and "system idle"@75-50%
WHILE task manager is showing "system" @80% and "system idle"@0-10%?
I have to say I am a little confused...? Where do I go from here?

Thanks for tips!


Name Pid CPU Thd Hnd VM WS Priv
Idle 0 65 1 0 0 20 0
System 4 35 46 331 1840 216 0
smss 472 0 3 21 3760 464 172
csrss 616 0 12 476 25164 1684 1700
winlogon 672 0 16 416 45192 5284 5576
services 716 0 18 326 21072 3192 1536
NAVAPSVC 304 0 11 221 40684 6528 6032
SAVScan 532 0 7 62 46380 664 7224
svchost 892 0 9 298 16964 3376 1220
svchost 996 0 79 1553 119816 22896 15948
SMAgent 1020 0 2 30 21372 1828 464
svchost 1160 0 4 58 12064 1928 648
svchost 1172 0 16 138 27356 3596 1252
svchost 1208 0 5 110 16496 3104 820
symlcsvc 1308 0 4 75 20580 880 812
ccSetMgr 1320 0 7 211 29520 4396 2644
ccEvtMgr 1420 0 23 332 57264 2992 3428
spoolsv 1680 0 10 113 23924 3828 2552
alg 1924 0 6 127 30012 4128 1128
ati2evxx 1964 0 3 35 15572 1668 360
CCPROXY 2000 0 11 217 48968 2564 3540
lsass 728 0 20 309 35844 820 3256
explorer 1548 0 10 411 75564 17308 13540
HOTSYNC 148 0 2 40 40408 4680 2112
atiptaxx 1796 0 1 60 29560 3392 1516
SMTray 1824 0 1 26 25412 2436 584
pslist 2008 0 3 82 22412 3532 972
ccApp 2012 0 36 512 94236 14744 8048
ctfmon 2020 0 1 55 15460 2368 452
msmsgs 2028 0 13 350 74256 5080 10780
IEXPLORE 2308 0 9 434 86492 21036 9384
IEXPLORE 2528 0 9 424 90008 7460 13296

nowhere, was on the wrong track....must learn not to answer posts when tired

I still think you have a possible driver problem. Do you have any usb devices? If you safely remove them and reboot without them, do things improve?

NooNoo,

It's like I just bought a new computer!

Unplug all the USBs and it worked! Tried plugging in one by one and they all worked. Found that when a wireless logitech game pad receiver was plugged through the USB hub: usage spiked! But the hub is fine with all other devices.....

Incedently, after trying numerous media players and drivers I had all but given up on reading DVDs with my computer (plugged to TV) without skipping or freezing. With all that spare capacity it now rocks.

I guess it's KISS for me (Keep It Simple Stu...)

Thanks for your help.

Great! Try getting a driver update for the culprit

btw... I noticed this

O14 - IERESET.INF: START_PAGE_URL=http://www.kingstoncomputerplanet.com/

you want to get hijack this to fix it and then find iereset.inf and delete it