Task Manager>CPU Usage 100% all the time!

[boom2709]

My CPU Usage listed under Performance in the Task Manager is at 99-100% all the time! and my comp runs awfully slow
I'ev formatted my comp thrice, i installed and updated the latest ESET NOD32 antivirus and scanned my computer and found no virus, is there anything im missing.

Please let me know if there is any solution to this!?!

 

[mad_max]

see what's the process thats eating up ur cpu cycles maybe its the antivirus cuz i used to get that problem occasionally with kis 8,uhh what an awesome[NOT] upgrade that was:S

 

[Gowt1ham]

Try using NIS 2009 trial, its good and consumes less memory

 

[boom2709]

i have attached a screenshot here, now u see there are about 10 of these chrome processes and thats when i have opened only 6 tabs in chrome.
and i have done tabbed browsing before but it never was so resource intensive!

*i420.photobucket.com/albums/pp281/boom667/untitled-2.jpg

i guess theres a virus on my comp that NOD32 cannot detect, can anyone suggest me a better anti-virus ?!

 

[alexanderthegreat]

But there is no "Google Chrome" written on the taskbar.
This might be the fabled chrome.exe virus.Disable the autorun feature on all drives using the group policy editor. Try running a full system boot time scan with avast antivirus. Run a Hijackthis scan and post the log here.

If you can, go for an online scan.

One more thing, that "ekrn.exe" may be a malware. The legit version of that file collects and sends info over a network, but some malwares have been caught masquerading as "ekrn.exe". Do run that scan quickly.

 

[dheeraj_kumar]

^^ Look carefully, Chrome is running.

regsvr.exe, two instances of it, taking up 80% cpu time, thats a virus, mostly.

 

[furious_gamer]

^^ Look carefully, Chrome is running.

regsvr.exe, two instances of it, taking up 80% cpu time, thats a virus, mostly.

Confirmed. Virus.. Try installing ur fav AV and do a complete scan. If still the problem persists, get replaced the HDD...

 

[boom2709]

But there is no "Google Chrome" written on the taskbar.

its right there, the gree-yellow-red circle saying Digit's Technology..

This might be the fabled chrome.exe virus.

i really dont think so because they appear only when i start chrome and if i terminate any of these chrom.exe processes google chrome window crashes

Disable the autorun feature on all drives using the group policy editor.

can u please explain briefly how im supposed to do that.

If you can, go for an online scan.

which is the best online scan ?

 

[Disc_Junkie]

The best option is to download Noob Killer and do a 8-X Kill. You can try it once, it can clear out all the malware.

Link: www.freewarefiles.com/Noob-Killer_program_42299.html

 

[boom2709]

@Gowt1ham heres the log file that u asked for


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:12 PM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\regsvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\regsvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe regsvr.exe
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Msn Messsenger] C:\WINDOWS\system32\regsvr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2B7EB1-2B10-49B5-9B72-0C35D3BCBD6F}: NameServer = 59.144.127.16,59.144.127.17
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4549 bytes
-----------------------------------------
Posted again:
-----------------------------------------
@Gowt1ham heres the log file that u asked for


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:12 PM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\regsvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\regsvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe regsvr.exe
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Msn Messsenger] C:\WINDOWS\system32\regsvr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE2B7EB1-2B10-49B5-9B72-0C35D3BCBD6F}: NameServer = 59.144.127.16,59.144.127.17
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4549 bytes

 

[boom2709]

thanks for all the help guys, specially
Disc_Junkie
rajkumar_pb
dheeraj_kumar
alexanderthegreat

.. just one last question, im using ESET NOD32 4 and clearly its not good enough so which is the best anti-virus then?

a few of my friends have suggested Avast, how good is it ? and can i use it along side NOD32 and if can run only one then which one should i go for.

 

[furious_gamer]

^^IMO KIS2009....I am using it currently and not yet faced any threats, it just wipe them off...

 

[boom2709]

@rajkumar is it very resource intensive coz i got a pretty slow computer!

 

[furious_gamer]

^^ All AV's were Resource Hoggers... I find it better than others..But still wait to see what other suggest?

 

[boom2709]

how good do u think are Avast and BitDefender ?

and now that i have ur attention, i have another small problem


when i type msonfig in run and execute it the msconfig window opens fr like a fraction of a second and then just vanishes!

.. its this also because of the same virus ??

 

[furious_gamer]

IMO Avast isn't that good. Dunno abt BitDefender as i never used it before.

Will u plz tell me some other popular AVs name? I got one in my mind but forgot the name..

And yes, thatz a problem with the virus.I experienced it before.Mine was even worst. When i type msconfig and enter, system gets restarted...

 

[Disc_Junkie]

Avast is good in detecting but poor is deleting the virus. And Bit Defender is not that good.

Download Noob-Killer, it is a small file only used for deleting viruses and malware forcibly. You may find it useful. Once my computer was infected by a boot.com virus, when I downloaded a exe file from dailykeys.com. As soon as it got executed my whole computer was shut down. After I restarted, I could find an Autoplay option when I right-click a drive. I had asked the question in Tech. QnA in this site, they told me delete the autorun.inf from the root of the drives. I searched them but could find them. I could see a folder named 'resycled' where the file was stored but neither the folder could be opened nor could it be deleted. Then I learnt about Noob Killer from a site. I downloaded it....There I could find a lot of options to wipe out the virus...
I tried to manually remove the folder from within there and it worked...
The folder was deleted and my computer was free from the Autorun virus. I could have used the 8-X kill option but I didn't use it coz I knew where the virus was located.

Therefore as you see, Noob-Killer is the best. Otherwise you could block the worm from getting started. Install a firewall such as Comodo or Zone Alarm and block it. I personally suggest Zone Alarm Internet Security Suite because it has also got Integrated Antivirus and Antispyware which are a boon for a firewall......

 

[alexanderthegreat]

First things first! Your Hijackthis log clearly shows presence of a virus. Your registry editor is disabled.
Your log shows presence of two instances of regsvr.exe. I agree with dheeraj. It appears to be the culprit. What's put me in a right state is that you are able to use the task manager without problems.

Nevertheless, locate the following entries in the log in Hijackthis. Place a check next to them and click on fix checked:-

O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 //this one is weird. If you've disabled regedit intentionally, leave it.

To disable autorun in order to prevent spreading of viruses, do this:-
1>Go to Start>Run> type in "gpedit.msc" without the quotes and press enter.
2>Expand Administrative templates by clicking on the little plus/arrow next to it.
3>In the bunch of folders that dropped down, find out "System" and click on it.
4>In the right side pane, find out the entry called Turn off Autoplay and double click it.
5>Check the "Enabled" radio button. Select "All drives" from the drop down list below the radio button. Click on OK.
6>Reboot the PC.

Regarding Bitdefender: I reckon Avast is better than bitdefender. Simply run a full system boot time scan using avast home edition and see if it detects anything. If you DO want to go for an online scan, try: *www.mcafee.com/freescan.
Also, try Malwarebytes' Antimalware or the noob killer suggested by Disc Junkie.

One more thing, that ekrn.exe appears to be from NOD32.

@Disc_Junkie, OFFTOPIC: Man, you speak of noob killer just like those hair growing/ height increasing/floor cleaning/Impact Tool kit-like ads. . No offence meant, mate!

 

[Disc_Junkie]

@Disc_Junkie, OFFTOPIC: Man, you speak of noob killer just like those hair growing/ height increasing ads. . No offence meant, mate!

lolwut?...........

 

[dheeraj_kumar]

heh, i agree with alexie. disk junkie recommends noob killer for almost anything!!! last week someone asked for a good washing machine and i thought he was gonna recommend it there too!!!