High CPU Usage Mystery

[JGreg7]

I am working on an IBM Thinkpad T-30 for a student, and have a problem I have not seen before.

The CPU is running at a high rate 60~100%, (mostly 100%) but the task listing shows a different number. For example, the System Idle Process will show 97%, but the CPU usage will be at 100% (The graph will show high usage and the computer is unresponsive).

Even when the computer has been idle for some time (allowing all of the process to load and finish) it still has a high CPU usage. The task manager uses 40~50% of the CPU to run.

I have tried to disable various processes, but I can not find the culprit (AV, Update, etc.)

OS Windows XP SP2, Bitdefender 2010 AV, with the latest updates.

Any ideas? Is there a good tool to see if the CPU is dying?

 

[NYJimbo]

First, how much ram and how much is free during this usage. How much free disk space on the drive?

You also dont mention anything about checking thermals. Did you scan for rookits/mem res viruses ?

ps- I would tend to rule out a "dying" cpu.

 

[JGreg7]

The total ram is 1 Gb, with 450Mb free, the Page file is about 30% of its maximum value. The disk drive is 40Gb with 14Gb free.

I have tried all of the usual stuff, rootkit scan, full virus scan, spybot, etc.
We already deleted all the internet files, prefetch, old temp files, etc. performed a disk defrag.

Only the ACPI (50 degrees C nominal 74 degrees C maximum after long time at 100% cpu usage) and the HDD (46 dgrees C) show up in the thermal monitor. The fans all seem to be working normally and have been blown out with compressed air.

I searched Google for ideas on this, but could not find anything useful.

 

[NYJimbo]

Does this unit show disk I/O on any of the lights ? If so do you see alot of access during the peak cpu usage ? Trying to eliminate the question of disk I/O bogging down the system, or paging/swapping, which would slow down "housekeeping" I/O of all types until total system idle.

Not sure what you use for thermal monitoring, might need something different to get more granular checking. Just to be sure.

 

[JGreg7]

That is part of the mystery. The disk usage seems about normal; heavy when starting and the AV is running, then after some time it stablizes and the HDD light flashes periodically.

When the CPU is showing high usage, the HDD may have heavy, intermittant or low usage and seems to be unrelated. The last check showed 80~100% cpu usage and the HDD light showed no activity.

The CPU will drop down to minimal usage eventually, but even the smallest task runs it back up to maximum, and it stays there for an unusally long time.

For example, after a restart, with no programs started except task manager, it ran at 100% for about an hour before it started slowing down. During this time the AV was running some of the time, but after about 10 minutes it was split between task manager (~40%) and system idle processs (~60%).

 

[NYJimbo]

Sounds like some kind of housekeeping, but you might need some tools to track it down. Normally if its too little ram you get swapping/paging and that would explain it. If its not enough disk space ( I mean really tight space) or bad drive then any disk i/o will slow down any processing.

You could also check to see what the drives are set to in the control panel. It would be best if UDMA, but an older machine might be PIO4, but worse than that could also affect overall performance.

Thermals are always an issue, but without being able to trace more than ACPI and drives its hard to tell.

What about booting a UBCD4win disk and then slapping it around and seeing if the performance is the same?. This would elimnate O/S, virus, drivers, etc..

ps-

"The CPU will drop down to minimal usage eventually, but even the smallest task runs it back up to maximum"

This bothers me. I still dont think "cpu death", but thermals will do "throttling" on some machines, but the other issues mentioned earlier also need to be considered.

 

[JGreg7]

OK, sounds like I have more to do. I will let you tomorrow.
Thank you for your help.

 

[NYJimbo]

OK, sounds like I have more to do. I will let you tomorrow.
Thank you for your help.

In situations like this its often best to just go in "brute force". That is clone the drive and run the machine with the new drive and see if that helps, replace the ram see if that helps, boot with a different O/S and compare timings, etc.

This is an old machine and so much can go wrong, so you might end up wasting time on what should end up as a "You need to backup your data and get a new machine" solution.

 

[Galdorf]

By any chance is google desktop or file indexing turned on it will kill low ram/cpu combo laptops, use Process Explorer V12 and check what is using up the cpu cyles.

 

[JGreg7]

Update

I booted with the UBCD4Win and ran many of the diagnostics, but could not find anything that stood out as being faulty. All of the test results came back with no problems found or expected performance levels.

I checked the items mentioned in previous posts, drives are DMA, multiple virus scanners have removed any viruses. etc.

The suggestion of imaging the dirve and testing was a good one. I can copy the drive contents, but I do not have a hard drive old enough to fit into this computer (2.5" 40 Gb, IDE). I have a 120GB that fits, however it seems that larger drives will not work - the computer will not recognize them.

I will give it one more try with process explorer later today. If I can not find the issue by the end of today, I think it will be time to re-image it.

Thank you all for your help.

 

[rusty.nells]

I have a 120GB that fits, however it seems that larger drives will not work - the computer will not recognize them.

Check for a BIOS update that may fix that. If there's no fix, you can create a 40GB partition on the drive.

 

[Xander]

I've been having a few instances where the AV (used to be McAfee/Norton but lately with AVG) is the culprit. No active scans, or even showing high CPU but, when I turn off all the AV bits and reboot... back to normal speed.

Just saying that I've found it's worth checking 'cause running Autoruns and rebooting is faster than some other diagnostics.

 

[hardtoremember]

I had the same problem with AVG very recently on my own machine. Restarted without it and was golden. Give it a try. It'll take you five minutes.

 

[ATTech]

Check % Interrupt Time to see if any devices/drivers may have gone rogue.

 

[Galdorf]

This could be a few things one of them is a full printer queue under the spooler check that the directory is empty or rootkit there is a rootkit that is installed that is used for fake tuneup software that slows down system.

But more likely there are corrupt files in the spooler eating cpu cycles i have seen this many times.

go to C:\WINDOWS\system32\spool\PRINTERS and delete the files there. You may find some '00002.SHD' and '00020.SPL'. or something similar.

Use process explorer v12 to check to see what hidden stuff is running.

 

[othersteve]

Yes, I would certainly not rule out a rootkit in this scenario. An offline scan might be a good idea here, or GMER from within the OS, just to be certain.