100% cpu usage problem

[jai6638]

Hey... i noticed that my cpu usage is constantly at 100% thus increasing my CPU temperatures.. do u guys know what the problem could be? i've got some some toshiba junk installed that came along with my laptop but i dont think thats whats causing the problem. fyi, my OS is Windows Xp Home

Hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 11:39:57 AM, on 3/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TDispVol.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jai\Desktop\Downloaded Internet Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [cPadFstR] C:\Program Files\Synaptics\SynTP\CPad\cPadFstR.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Acti...iveLauncher.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcams.mtu.edu/webcam7/AxisCamControl.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yah...utocomplete.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/downloa...abasetup156.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEBC1019-FA37-4484-80FC-40FC6E022E1A}: NameServer = 195.229.241.222 213.42.20.20
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

thanks

 

[PurdueRy]

I don't recognize a lot of your process names. Google them. If it says they are not needed disable them. If they are spyware, white I bet some are. you found your problem

 

[fuzzynavel]

you could just press Ctrl-Alt-Del when you notice slowdown....go to the processes tab and you will see CPU usage.....If you upload torrents etc you will notice ur client going mental if you have a lot of uploads/downloads...

From this I can see that you like burning DVDs....a couple of programs tell me that.....you have an Ipod by any chance?

You have a DSL monitor (SPDSTRM.EXE) do you really need it?

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

not sure about this one....I know a little about wild tangent in that it can be used for screensaver graphics and stuff like that.....but I also know that the first and last time i installed it, it loaded my computer with crap without asking...

O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)

this is a toolbar service and some sites say it may have malicious thoughts! i.e spyware!

Otherwise I don't see anything out of the ordinary!

Try going to the start menu run command and type "msconfig" (without quotes obviously)

go along to the startup tab and make sure that you recognise evrything that is starting up.....if not then do a google search for it and if still unsure then uncheck it and go to apply.....

Hope this helps

 

[jai6638]

You have a DSL monitor (SPDSTRM.EXE) do you really need it?

yes. i need it for my DSL to work..

not sure about this one....I know a little about wild tangent in that it can be used for screensaver graphics and stuff like that.....but I also know that the first and last time i installed it, it loaded my computer with crap without asking...

i cant seem to find the folder for wild tangent using the path that hijackthis lists..

you could just press Ctrl-Alt-Del when you notice slowdown....go to the processes tab and you will see CPU usage.....If you upload torrents etc you will notice ur client going mental if you have a lot of uploads/downloads...

From this I can see that you like burning DVDs....a couple of programs tell me that.....you have an Ipod by any chance?

cpu usage is 100% while idling.. hence, its constantly at 100% regardless of what i do.... i currently have only 1 internet explorer window open along with msn and its still at 100% .

this is a toolbar service and some sites say it may have malicious thoughts! i.e spyware!

cant find angelx.exe

Running spybot and adaware didnt fix this problem


thanks much for help guys.. appreciate it

 

[jai6638]

Damn!!! turns out spoolsv.exe was using my cpu ( didnt realize the CPU column indicates how much each process uses in terms of percentage) .... it seems to be related to printers... not sure if i should remove it? what do u guys think?

 

[RelaxTheMind]

oh lord...

hmm try completely uninstalling your printers. Download the latest printer drivers off the manufacturers website and use them to reinstall them. Do you have the latest service pack?

 

[fuzzynavel]

Found this which may be of interest!!!!

spoolsv - spoolsv.exe - Process Information

Process File: spoolsv or spoolsv.exe
Process Name: Microsoft Printer Spooler Service

Description:
spoolsv.exe is a Microsoft Windows system executable which handles the printing process to your local printers. Note: spoolsv.exe is also a process which is registered as the Backdoor.Ciadoor.B Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. the problem with this file is that it is also a valid windows app

I have seen other people on other sites who list your problem with spoolsv.exe.......some say to check for queued print and fax jobs in the control panel......

One thing I would try to check if it is a backdoor or not is to tell your firewall (I presume that you have one) to block your internet connection for a few minutes......check your cpu usage during this time......you may get some alerts saying that spoolsv.exe is trying to access the internet....I don't believe that spoolsv.exe should need net access depending on how your printer is attached.....

You could also try shutting down(end task) spoolsv.exe from the task manager....the worst that will happen if it is a valid windows app is that windows will restart spoolsv.exe when you try and print.....give it a go!

 

[meltdown75]

If you do scans with AdAware, Spybot, & your antivirus prg (I like AVG) with all the latest defs and the problem persists... hmm. Also definitely ensure you are running with all the latest Microsoft update offerings.

Try going into msconfig and make sure nothing strange is running @ startup and also ensure no suspicious 'services' are running.

 

[jai6638]

Originally posted by: fuzzynavel
Found this which may be of interest!!!!

.................

You could also try shutting down(end task) spoolsv.exe from the task manager....the worst that will happen if it is a valid windows app is that windows will restart spoolsv.exe when you try and print.....give it a go!

I ended the spoolsv.exe process.... it restarted for 1-2 times but thas about it.... It's fine now after ending it 2-3 times...

I'm currently on vacation but back home, i was having problems with my printer so i had a lot of print tasks queued.. However, I am pretty sure that i deleted all of them from my print queue so dunno how they could cause problems..

Try going into msconfig and make sure nothing strange is running @ startup and also ensure no suspicious 'services' are running.

nothing suspicious...

hmm try completely uninstalling your printers. Download the latest printer drivers off the manufacturers website and use them to reinstall them.

shall try to do so when i get back ..

 

[Goopster]

Last night i had the similar problem. This is how it started: My printer Brother HL-1440 was not printing anything so to trouble shoot printing i uninstalled and reinstalled printer software from scratch and since it was still not working i typed in some commands in command prompt to check connection between printer and computer and since then everytime i restart my computer i get spoolsv.exe error that some memory locations cannot be accessed and click ok to terminate this program. I have windows XP Professional SP2. I am not sure what to do now, CPU usage in to too high in task manager and not too many processes running either.
I needed to work on microsoft powerpoint and it does not open with a double click anymore and is jamming when i try to work with it. Does Spoolsv.exe gets used by these microsoft products.

 

[jai6638]

powerpoint must probably be trying to print stuff while ur trying to open it thus conflicting?


i read on symantecs site that in order to fix the problem ( if its a virus ) you would have to mess with the registry.. i tried doing that but i couldnt find certain folders that it mentioned ... so dunno what to do ...

 

[fuzzynavel]

lol I love it when other people have problems.....keeps me amused.....

sorry...but on a more serious note...I have some free time later on.....will have a hunt around for more info!