Computer/Internet Issues & TroubleshootingAnyone with questions about the terribly complex world of computers or the internet should try here. We will also try and help with troubleshooting any technical problems you may have with the forums.
I have an HP Pavilion (just 4 months old) operating in the living room (where the cable/ADSL delivery point is) as a very lightly loaded server to a small (3 laptops) home office network (mixed wifi and LAN).
'Server' is an exaggeration of its actual role as the server functionality is limited to a couple of very small shared database applications (individual company mortgage and insurance application software), a platform for a couple of shared programmes such as Quark which we open/run from the workstations plus back-up duties.
I have not yet even loaded the planned SAGE accounting system.
It uses the PC as a monitor (the little it is needed) and I had thoughts of recording TV programmes on it (and DVD movies) but have not got round to it
With 3GB RAM and a reasonably high spec dual core Intel processor (can't find the spec at the moment) it should make easy work of this and until recently has.
However it was accidentally turned off at the power switch recently and ever since it was recovered (safe mode etc) it has been painfully slow and indicating 100% CPU usage constantly.
I have run Regtool, Defrag etc (a bloody slow process), used a goback/restore to a date before the 'switch off' and everything is indicating healthy but still running like a snail.
Have opened Task Manager (after a long wait) - and the mystery deepens.
Up to a maximum of 6 processes taking CPU capacity (but none of them showing more tha 01, 02, 03, 04, 05 or 06 (absolute maximum - and then only briefly) which I believe is %age per process. Therefore never more than 10% being used by active processes.
However the bottom bar shows a steady 100% usage for CPU - which reflects what I am seeing in the Google Toolbar monitor.
Another possible clue - lost the use of wireless mouse and keyboard in the 'accidental switch off'. Using wired devices until i can get it operating normal to investigate this.
About to try an earlier go-back/restore.
Last edited by Senior Paper Monitor : 9th July 2009 at 13:44.
Try disconnecting the HP from its router and see if the CPU usage goes down. There is a possibility that there is an external source accessing your HP.
Make sure Task Manager is showing Kernel time as well as User time. (View menu, Show Kernel Times). If a kernel component is consuming the power, then it won't necessarily show up in the 'green' of User time. If it's mostly kernel, that's indicative of graphics, disk activity or memory activity (big simplification), and could indicate a problem with a device driver. Sorting the task manager columns by 'CPU time' might show more info, since the cumulative totals will be grouped together.
I'm not familiar with Vista, but in XP I'd next try Device Manager (in XP, it's right-click 'My Computer' select Manage then Device Manager). Look for any yellow question marks. Try right-clicking in DM & 'Scan for Hardware Changes' & see if your missing wireless etc. is re-detected. If it were me & if there was 'yellow' hardware, I'd probably use DM to remove it & then ask DM to rescan, hoping that it would correctly pick it up. However I'd be wary of advising someone else to follow my advice unseen, in case it made things worse! Perhaps best to create a Restore Point before you try any of these.
You could also look in event manager (eventmgr.exe from start/run) and see if there's anything odd there.
Couldn't locate sysinternals etc, but followed the excellent article linked by BOAC.
Found one svchost activity using considerably more RAM than any other (48,824K - over twice as much as any otehrs) but virtually no CPU activity (despite displaying 'all users').
Under 'Services' the process listed:
wudfsvc (Windows Driver Foundation - user mode Driver Framework)
WPDBusEnum (Portable Device Enumerator Service)
Wlansvc (Wlan Autoconfig)
WdiSystem (Diagnostic System Host)
UxSms (Desktop Window Manager Session Manager)
TrkWks (Distributed Link Tracking Client)
Tablet Input (Tablet PC Input Service)
Sysmain (Superfetch)
Pca Svc (Program Compatability Assistant Service)
Netman (Network Connections)
Hidserv (Human Interface Device Access)
EMDMgmt (Readyboost)
Audio Endpoint (Windows Audio Endpoint Builder)
All above show: PID1116 Running LocalSystemNetworkRestricted
Frankly mneans little to me - am moving well out of my comfort zone.
Right Mr GG - have got the Process Explorer running on the machine - it clearly shows interrupts, SVChost and a couple of other processes taking the odd percent here and there but the total balance of 100% being absorbed by 'System' on PID4.
Highlight 'System' and select 'Properties' / 'Threads' are there are a number of threads listed with the same 'start address'.... ntkmlpa.exe!KeQuerySystemTime+DX50
The first four of these (and occasionally the fifth) are showing high values under CPU (totalling well over 90% all the time) and CSwitchDelta.
I suspect that this is the source of the problem - but have no idea what to do now.
Not a critical component, but see the information above before disabling it. It is highly recommended to Run a Free Performance Scan to automatically optimize memory, CPU and Internet Settings..
It is highly recommended to Run a Free Performance Scan to automatically optimize memory, CPU and Internet Settings..
My opinion, but whatever you do, do not install any software that offers to scan.
I'd still guess a device driver problem, a hardware problem, or malware. Try redetecting your hardware.
It sounds very much to me like the modus operandi of malware (especially since being initiated from a fresh boot).
Google for "superantispyware" and "malwarebytes antimalware", and scan the PC with each of those. You may find that the malware has been written to intercept the running of these though, but at least it should give an indication of the program not running properly (e.g. exiting immediately or not being able to start), which would further reinforce my hunch. Anyway, some ways around that are to rename the executable, and to boot in safe mode with command prompt (which doesn't execute any svchost processes usually), then run the program from the command prompt (not via explorer), and scan that way (remembering to update the package with the latest updates first).
Linear Mode
