Sign in with
Sign up | Sign in
Your question

Task Manager takes up 100% CPU

Last response: in Windows XP
Share
Anonymous
a b à CPUs
June 6, 2005 6:01:02 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Hi,
I have a new laptop with XP family edition. Recently it has been running
very slowly, and task manager shows the culprit using over 90% of the CPU
useage as... taskmgr.exe! Needless to say antivirus (Norton) and antispam
(various) are all upto date and show no anomalies (in safe and std mode).
There is no problem in safe mode, and I have tried to reduce things to a min
in std mode.
Any ideas would be great as I have spent the best part of 2 days on this and
my work is pilling up.
Ian
Anonymous
a b à CPUs
June 6, 2005 9:54:20 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Hi *Ian Brodie* :

> Hi,
> I have a new laptop with XP family edition. Recently it has been running
> very slowly, and task manager shows the culprit using over 90% of the CPU
> useage as... taskmgr.exe! Needless to say antivirus (Norton) and antispam
> (various) are all upto date and show no anomalies (in safe and std mode).
> There is no problem in safe mode, and I have tried to reduce things to a min
> in std mode.
> Any ideas would be great as I have spent the best part of 2 days on this and
> my work is pilling up.
> Ian

taskmgr.exe or taskmngr.exe or ...?

The first is the real Task Manager process and the other is the WormRBOT.Y
May be this worm or an other malware ...

"WormRBOT.Y"
http://de.trendmicro-europe.com/enterprise/vinfo/encycl...
or
"bereb" :
http://securityresponse.symantec.com/avcenter/venc/data...
or
"Start Page G":
http://securityresponse.symantec.com/avcenter/venc/data...

No Anti-virus are 100% reliable : double check with a scan online.
http://www.trendmicro.com

You can try also those "Mini Anti-virus" in safe-mode:

Stinger :
http://vil.nai.com/vil/stinger/

Avast cleaner :
http://www.avast.com/eng/avast_cleaner.html

MS:
http://www.microsoft.com/downloads/details.aspx?FamilyI...

Kaspersky:
ftp://ftp.kaspersky.ru/utils/clrav.com

Anti Root-Kits
F-Secure ( beta)
http://www.f-secure.com/blacklight/



:) 

--
Claude LaFrenière [MVP] :-)

«My Principal Design Was To Inform, Not To Amuse Thee.»
Lemuel Gulliver, The Travels (IV:12)
http://climenole.serendipia.net
Anonymous
a b à CPUs
June 7, 2005 3:21:01 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

No it's definetly taskmgr.exe. But thanks for the links.
My gut feeling is that it's a spamware of some kind trying to connect to the
internet, and as we are in the middle of the french country side we do not
have any high speed connexions.


"Claude LaFrenière" wrote:

> Hi *Ian Brodie* :
>
> > Hi,
> > I have a new laptop with XP family edition. Recently it has been running
> > very slowly, and task manager shows the culprit using over 90% of the CPU
> > useage as... taskmgr.exe! Needless to say antivirus (Norton) and antispam
> > (various) are all upto date and show no anomalies (in safe and std mode).
> > There is no problem in safe mode, and I have tried to reduce things to a min
> > in std mode.
> > Any ideas would be great as I have spent the best part of 2 days on this and
> > my work is pilling up.
> > Ian
>
> taskmgr.exe or taskmngr.exe or ...?
>
> The first is the real Task Manager process and the other is the WormRBOT.Y
> May be this worm or an other malware ...
>
> "WormRBOT.Y"
> http://de.trendmicro-europe.com/enterprise/vinfo/encycl...
> or
> "bereb" :
> http://securityresponse.symantec.com/avcenter/venc/data...
> or
> "Start Page G":
> http://securityresponse.symantec.com/avcenter/venc/data...
>
> No Anti-virus are 100% reliable : double check with a scan online.
> http://www.trendmicro.com
>
> You can try also those "Mini Anti-virus" in safe-mode:
>
> Stinger :
> http://vil.nai.com/vil/stinger/
>
> Avast cleaner :
> http://www.avast.com/eng/avast_cleaner.html
>
> MS:
> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
> Kaspersky:
> ftp://ftp.kaspersky.ru/utils/clrav.com
>
> Anti Root-Kits
> F-Secure ( beta)
> http://www.f-secure.com/blacklight/
>
>
>
> :) 
>
> --
> Claude LaFrenière [MVP] :-)
>
> «My Principal Design Was To Inform, Not To Amuse Thee.»
> Lemuel Gulliver, The Travels (IV:12)
> http://climenole.serendipia.net
>
>
Related resources
Anonymous
a b à CPUs
June 7, 2005 6:43:51 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Hi *Ian Brodie* :

> No it's definetly taskmgr.exe. But thanks for the links.
> My gut feeling is that it's a spamware of some kind trying to connect to the
> internet, and as we are in the middle of the french country side we do not
> have any high speed connexions.

Strange...

Are you sure that's the task manager itself, not somethings else ?

1) Double check with Process Explorer :
http://www.sysinternals.com/Utilities/ProcessExplorer.h...


2) Make a scan with HijackThis and post the copy of the scanning
log here so I 'll check it and tell you if you have to remove some
stuff there : malwares or useless stuff.
http://www.hijackthis.de/en

:) 
--
Claude LaFrenière [MVP] :-)

«My Principal Design Was To Inform, Not To Amuse Thee.»
Lemuel Gulliver, The Travels (IV:12)
http://climenole.serendipia.net
Anonymous
a b à CPUs
June 8, 2005 1:20:28 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Hi Claude,

Here is the Hijackthis log. There are a couple of this that look suspiceous
to me, those in exe in the system32 folder. One last point, I have created
another user profile on this PC and after some halse, and running spyware
etc... now works as it should do. However the first user profile is still
running very badly. I am able to work OK, but I want to clear everything up
as I can see that this new profile will also go down. The log was obviously
run on the bad profile.

Thanks Ian

Logfile of HijackThis v1.99.1
Scan saved at 16:56:08, on 08/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\Répertoire temporaire 1 pour
hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.euro.dell.com/countries/fr/fra/gen/default.h...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.euro.dell.com/countries/fr/fra/gen/default.h...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}
- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers
communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [ToolExe] C:\Program Files\Dell\TrayTool.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program
Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
/IMGSTART
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Explorateur Windows.lnk = C:\WINDOWS\explorer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers
communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program
Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0...
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers
communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega
Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe




"Claude LaFrenière" wrote:

> Hi *Ian Brodie* :
>
> > No it's definetly taskmgr.exe. But thanks for the links.
> > My gut feeling is that it's a spamware of some kind trying to connect to the
> > internet, and as we are in the middle of the french country side we do not
> > have any high speed connexions.
>
> Strange...
>
> Are you sure that's the task manager itself, not somethings else ?
>
> 1) Double check with Process Explorer :
> http://www.sysinternals.com/Utilities/ProcessExplorer.h...
>
>
> 2) Make a scan with HijackThis and post the copy of the scanning
> log here so I 'll check it and tell you if you have to remove some
> stuff there : malwares or useless stuff.
> http://www.hijackthis.de/en
>
> :) 
> --
> Claude LaFrenière [MVP] :-)
>
> «My Principal Design Was To Inform, Not To Amuse Thee.»
> Lemuel Gulliver, The Travels (IV:12)
> http://climenole.serendipia.net
>
>
Anonymous
a b à CPUs
June 8, 2005 6:45:16 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Hi *Ian Brodie* :

> Hi Claude,
>
> Here is the Hijackthis log. There are a couple of this that look suspiceous
> to me, those in exe in the system32 folder. One last point, I have created
> another user profile on this PC and after some halse, and running spyware
> etc... now works as it should do. However the first user profile is still
> running very badly. I am able to work OK, but I want to clear everything up
> as I can see that this new profile will also go down. The log was obviously
> run on the bad profile.

It was a very good idea to create an other user account for troubleshooting
:-)

This is the result of my analysis:

a) no malwares
b) indexation service useless #1 To be disabled ...
c) What is "\Talkway\vmtalk.exe" ? Found no information about this.
Usefull or not ? #2
d) Too much manufacturer utilities are runnings (as usual ;-) ).
Check if you really need them.

May be the problem with the task manager comes from the combination
of the indexing service and some of those utilities...

Also check the parameters of your anti-virus. Set it to the "default"
to see if there is a difference...

As you say in your post : an other user run with no problem.
The difference comes from utilities not loaded in the new account.
Isn't ?

Disable most of those utilities and check if there are really usefull.
Check also for some "personalisations" in this user account :
Screen Saver, Nice display, etc.

This tool will be easier than msconfig to *disabled* things
in the problematic user account:( only unchecked the suspect items...)

CodeStuff Starter:
http://codestuff.cjb.net/

1) ***

C:\WINDOWS\system32\cisvc.exe

This is the Indexation service.Takes a lot of resources and not really
efficent.
It can be used with the search assistant in the windows explorer
but you can disable this option.

To access the Indexation service and set it to a lower priority :
Start | Run | ciadv.msc
right click on Indexation service | all tasks | performances setup
choose minimum... to use lower system resources.

OR (better)

Set this service to disabled:
Start | Run | services.msc
select Indexation service | button "stop" and choose "disabled".

2) ***

What's this ???

C:\Program Files\Fichiers communs\Talkway\vmtalk.exe

3) ***

This is an additional configuration for TouchPad :
if you don't use it it can be in manual start
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

May be essential for the TouchPad.Leave it automatic.
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

4) ***

Updates for Sun Microsystem Java.It's important to keep Java up-to-date
but is it necessary to launched this every days ?
You can check the updates within the Java Applet in the Control Panel.

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

5) ***

Dell Media Experience software ...
Set it to manual start unless it is usefull for you
C:\Program Files\Dell\Media Experience\PCMService.exe


6) ***

This is the process related to the Indexation service...
C:\WINDOWS\system32\cidaemon.exe


7) ***

related to # 2 (???) ;-)
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers
communs\Talkway\vmtalk.exe

8) ***

Related to # 3
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

9) ***

Related to # 4
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe

10)***

Related to # 5
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"


Hope this help. Let us know.

:) 

--
Claude LaFrenière [MVP] :-)

«My Principal Design Was To Inform, Not To Amuse Thee.»
Lemuel Gulliver, The Travels (IV:12)
http://climenole.serendipia.net
Soon on www.msmvps.com
Bientôt sur www.msmvps.com
!