I have an HP Pavilion (just 4 months old) operating in the living room (where the cable/ADSL delivery point is) as a very lightly loaded server to a small (3 laptops) home office network (mixed wifi and LAN).

'Server' is an exaggeration of its actual role as the server functionality is limited to a couple of very small shared database applications (individual company mortgage and insurance application software), a platform for a couple of shared programmes such as Quark which we open/run from the workstations plus back-up duties.

I have not yet even loaded the planned SAGE accounting system.

It uses the PC as a monitor (the little it is needed) and I had thoughts of recording TV programmes on it (and DVD movies) but have not got round to it

With 3GB RAM and a reasonably high spec dual core Intel processor (can't find the spec at the moment) it should make easy work of this and until recently has.

However it was accidentally turned off at the power switch recently and ever since it was recovered (safe mode etc) it has been painfully slow and indicating 100% CPU usage constantly.

I have run Regtool, Defrag etc (a bloody slow process), used a goback/restore to a date before the 'switch off' and everything is indicating healthy but still running like a snail.

Any ideas ?

Download Process Explorer from: Windows Sysinternals: Documentation, downloads and additional resources (http://technet.microsoft.com/en-us/sysinternals/default.aspx)
and that should tell you which program is being the hog, once you know that then you can deal with it.

ASSUMING we are talkng WINDOWS? XP? ????

Task Manager - processes, click on CPU column to get highest useage at the top and....................?

Thanks for those guys - Vista by the way

Have opened Task Manager (after a long wait) - and the mystery deepens.

Up to a maximum of 6 processes taking CPU capacity (but none of them showing more tha 01, 02, 03, 04, 05 or 06 (absolute maximum - and then only briefly) which I believe is %age per process. Therefore never more than 10% being used by active processes.

However the bottom bar shows a steady 100% usage for CPU - which reflects what I am seeing in the Google Toolbar monitor.

Another possible clue - lost the use of wireless mouse and keyboard in the 'accidental switch off'. Using wired devices until i can get it operating normal to investigate this.

About to try an earlier go-back/restore.

Try disconnecting the HP from its router and see if the CPU usage goes down. There is a possibility that there is an external source accessing your HP.

Just tried it Geoff (thanks) - no change

Make sure Task Manager is showing Kernel time as well as User time. (View menu, Show Kernel Times). If a kernel component is consuming the power, then it won't necessarily show up in the 'green' of User time. If it's mostly kernel, that's indicative of graphics, disk activity or memory activity (big simplification), and could indicate a problem with a device driver. Sorting the task manager columns by 'CPU time' might show more info, since the cumulative totals will be grouped together.

I'm not familiar with Vista, but in XP I'd next try Device Manager (in XP, it's right-click 'My Computer' select Manage then Device Manager). Look for any yellow question marks. Try right-clicking in DM & 'Scan for Hardware Changes' & see if your missing wireless etc. is re-detected. If it were me & if there was 'yellow' hardware, I'd probably use DM to remove it & then ask DM to rescan, hoping that it would correctly pick it up. However I'd be wary of advising someone else to follow my advice unseen, in case it made things worse! Perhaps best to create a Restore Point before you try any of these.

You could also look in event manager (eventmgr.exe from start/run) and see if there's anything odd there.

I would strongly second green granite's suggestion to download Process Explorer - it shows a great deal that the ordinary Task Manager does not.

Check your IDE controller in device manager to ensure that it hasn't fallen back to PIO mode instead of DMA.

SD

Thanks for the extra suggestions - am off to try these - back in an hour I guess (one way or another)

If no luck, look at Svchost.exe Using 100% CPU Resources in Vista – Identify Causing Services My Digital Life (http://www.mydigitallife.info/2007/11/13/svchostexe-using-100-cpu-resources-in-vista-identify-causing-services/)

More help/advice need I am afraid.

Couldn't locate sysinternals etc, but followed the excellent article linked by BOAC.

Found one svchost activity using considerably more RAM than any other (48,824K - over twice as much as any otehrs) but virtually no CPU activity (despite displaying 'all users').

Under 'Services' the process listed:

wudfsvc (Windows Driver Foundation - user mode Driver Framework)

WPDBusEnum (Portable Device Enumerator Service)

Wlansvc (Wlan Autoconfig)

WdiSystem (Diagnostic System Host)

UxSms (Desktop Window Manager Session Manager)

TrkWks (Distributed Link Tracking Client)

Tablet Input (Tablet PC Input Service)

Sysmain (Superfetch)

Pca Svc (Program Compatability Assistant Service)

Netman (Network Connections)

Hidserv (Human Interface Device Access)

EMDMgmt (Readyboost)

Audio Endpoint (Windows Audio Endpoint Builder)

All above show: PID1116 Running LocalSystemNetworkRestricted

Frankly mneans little to me - am moving well out of my comfort zone.

Any more ideas ?

Try this link for process explorer: Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)

Right Mr GG - have got the Process Explorer running on the machine - it clearly shows interrupts, SVChost and a couple of other processes taking the odd percent here and there but the total balance of 100% being absorbed by 'System' on PID4.

Any suggestions what I am supposed to do now ?

More Info ....

Highlight 'System' and select 'Properties' / 'Threads' are there are a number of threads listed with the same 'start address'.... ntkmlpa.exe!KeQuerySystemTime+DX50

The first four of these (and occasionally the fifth) are showing high values under CPU (totalling well over 90% all the time) and CSwitchDelta.

I suspect that this is the source of the problem - but have no idea what to do now.

That should be ntkrnlpa ( i.e r & n not an m) ...

Some Googling gives ...

Description

ntkrnlpa.exe is a process associated with Microsoft® Windows® Operating System from Microsoft Corporation.\r
Click to run a free scan for ntkrnlpa.exe related errors. (http://www.liutilities.com/products/campaigns/plib/rb/?s=ntkrnlpa.exe)


Recommendation

Not a critical component, but see the information above before disabling it. It is highly recommended to Run a Free Performance Scan (http://www.liutilities.com/products/campaigns/plib/sp/?s=ntkrnlpa.exe) to automatically optimize memory, CPU and Internet Settings..

If one of the core OS files is causing problems following an unexpected power outage, I would suspect corruptions that won't be easy to eliminate.

I suggest attempting a repair, and if that doesn't work, a re-installation.

See here (http://www.vistax64.com/tutorials/88236-repair-install-vista.html) for details of how to do a repair install for Vista.

You will need to BACKUP ALL YOUR DATA, SETTINGS, CONFIGURATION DETAILS FIRST!!!!!!

If you don't have an installation DVD, try restoring (destructive) from the restore / recovery partition (see your PC Manual).

SD

It is highly recommended to Run a Free Performance Scan to automatically optimize memory, CPU and Internet Settings..

My opinion, but whatever you do, do not install any software that offers to scan.
I'd still guess a device driver problem, a hardware problem, or malware. Try redetecting your hardware.

Try downloading this 'hot fix' from MS: Performance is slow on a multiprocessor computer that is running Windows Server 2008 or Windows Vista (http://support.microsoft.com/kb/969468/en-us)

I'm not saying it will work but it will update ntkrnlpa.exe

Other than that, what Saab says.

It sounds very much to me like the modus operandi of malware (especially since being initiated from a fresh boot).

Google for "superantispyware" and "malwarebytes antimalware", and scan the PC with each of those. You may find that the malware has been written to intercept the running of these though, but at least it should give an indication of the program not running properly (e.g. exiting immediately or not being able to start), which would further reinforce my hunch. Anyway, some ways around that are to rename the executable, and to boot in safe mode with command prompt (which doesn't execute any svchost processes usually), then run the program from the command prompt (not via explorer), and scan that way (remembering to update the package with the latest updates first).

Anyway, see how you go and report back? :ok:

Thank you gentlemen (I assume you are all boys).

I retired to the pub an hour ago in a fit of depression (whole day spent on this - no other work and office operating at a snails pace). Will play with those in the early hours rather than Stella influenced and report back either way.

A complete rebuild looks likely !

PS - my original assumption was Malware - but can find no trace (and whole issue moving beyond my knowledge level)

It sounds very much to me like the modus operandi of malware

I think it would be an extraordinary coincidence for malware to have occurred immediately after a hard-disk crash!

Why complicate the issue? Occam's razor applies here, I think.

SD

I think it would be an extraordinary coincidence for malware to have occurred immediately after a hard-disk crash!

Why complicate the issue? Occam's razor applies here, I think.


It's a server. It's been running reliably for ages until a reason comes to warrant a reboot. Code entered into HKLM/Software/Microsoft/Windows/CurrentVersion/Run is then initiated. Server starts virus payload and runs like a dog.

As indicated by the OP, he is considering a rebuild as an alternative. Therefore, an hour's work with an antimalware tool rather than that is a very cheap alternative, n'est ce pas?

Everything failed - reduced use of machine to holding email archive and local back-ups before backing up to offsite and confined whole issue to the 'too difficult file'.

Pending imminent visit of grandaughter (who was permitted to use machine under her own limited access user name only) who has winged about non-existance of "her computer" and kept scrounging one of our individual machine, I threw all work out yesterday and have spent last 36 hours trying to solve.

With the aid of google and mucho patience - identified a corrupt USB driver - disabled it and heh presto - machine flies.

Am posting to 1) to brag 2) to suggest anyone suffering from 100% CPU problems should look at working through the non-vital hardware list disabling one at a time - refer to these excellent articles/threads for further explanation .....

Svchost.exe Using 100% CPU Resources in Vista – Identify Causing Services My Digital Life (http://www.mydigitallife.info/2007/11/13/svchostexe-using-100-cpu-resources-in-vista-identify-causing-services/)

100% CPU Usage by NT Kernel & System - The Win Forums (http://thewinforums.com/topic/39980-100-cpu-usage-by-nt-kernel-system/)

Thanks to all for their help