A friend's comp (XP sp3) is running very slowly. I believe it to be virus and malware free - checked with AVG, Malwarebytes and superAntiSpyware. There is very little installed on this comp. so the HD has about 90% free space.In task manager, a system process with pid 4 is what is using all of the cpu. Research shows that a conflict with certain software (none installed on this comp.) could cause this problem.I have found that a chunk of 64mb of RAM out of a total of 512 installed is not being reported by windows. I take this to mean that a block of 64mb has now failed. I wouldn't have thought that this could cause the problem but I'm out of ideas.Any thoughts gratefully received.DHps I have his box but have to swap all the perifs back and forward to mine to connect.1 person needs an answerI do too

I suggest you download Process Explorer.For further information about Process Explorer see here:http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx This freeware utility performs a similar function to the Windows Task Manager but it goes much further.Use the save rather than open download option. Create a Process Explorer folder as a sub-folder of c:\Programs and extract all files to there. Select each of the files except eula. txt in turn right clicking and selecting Properties, Unblock, Apply. This is needed to be able to access Help and to use Search Online.Select View, Process Tree and tell us which process is generating the high CPU usage. Note System Idle is the difference beteen 100% and the sum of CPU usage generated by all other processes. PID numbers are of no interest as they are specific to the computer.Hope this helps, Gerry Cornell

What is the system make and model?You might be able to get some clues using about what is going on using Task Manager and maybe figure it out.You will always figure out what is going on if you use Process Explorer.Download Process Explorer so you can see what is "really" running on your system, especially behind those multiple svchosts you see running in Task Manager. Download Process Explorer from here:http://technet.microsoft.com/en-us/sysinternals/bb896653.aspxYou'll like Process Explorer when you get the hang of it. Process Explorer is the Windows Task Manager on steroids. Process Explorer installs nothing so it will not slow your system down since it only runs on demand. Process Explorer may look a little intimidating at first since it presents so much information, but you will start to get to like the way it works when you are looking for performance problems. You can even tell PE that you want it to be your new default "Task Manager" from now on. You can still run the original Task Manger too.Once you get Process Explorer running, expand the columns, drag the corners of the display to make it bigger, etc. so you can see the most information as possible in the window. Now you can really see everything that is running on the system.Here is a screenshot of my system when I use Process Explorer:http://img222.imageshack.us/img222/2567/processexplorer.pngThe CPU column is usually the most interesting to get started with performance issues - who is using the most? It is okay and normal to have multiple svchost processes running, but sometimes malicious software will hide behind them since the malicious software knows you will not be able to spot it in Task Manager. Malicious software can also disguise itself to appear to be a legitimate XP Process or it could hide under/behind other Processes that you see running in Task Manager so you cannot see it running.The malicious software would like to fool you into thinking that you need to use a System Restore Point, perform a Repair Install or reinstall your XP from scratch when you really don't have to.When looking at the display in Process Explorer, you would like the most CPU to be associated with System Idle Process. That is the "free time" on your system so the more free time it has, the better. If you look at the performance graphs and see red spikes (or not) double click the graph in the top left corner to display the usage graph. Hover the mouse over any spikes to see what causes them. Even if the spike has already scrolled past in the display, you can still hover the mouse over the spike to see what caused it. You can also just wait for a spike to occur and then see what caused the spike.To help understand your svchost processes and what is running beneath them, read this article and you will be smarter than the average bear:http://www.bleepingcomputer.com/forums/forum56.htmlThen with some Googling, you can look at each thing running in PE and behind your svchost processes and see what it is and decide if your configuration needs it or not and then decide what to do about it. If you think you have one svchost.exe Process that have run amok, using PE, you can right click that offensive svchost, Properties and on the Services and Threads tab you can see what is running under it. There is a CPU column that will need widening (make the column wider) so you can see CPU. Perhaps you can spot which background process is consuming so much CPU under the svchost.exe process. Look around under the svchost processes and you will find it. You can also see what is running under every svchost just by hovering your mouse over the svchost.exe process. Some of them will just have one things running under them and some will have several things (hopefully all legitimate XP services) and some will have a lot of things. If you have a svchost Process that is afflicted, what is running under your afflicted one?No running process should defy reasonable explanation.First, see what you can find out using Process Explorer and then if nothing is obvious, look at other things. How have you found that a chunk of 64mb RAM is not being reported by Windows? That sounds an awful lot like the amount of memory some video adapters like to use (64MB).If you want to find out, do this: Click Start, Run and in the box enter:msinfo32Click OK, and when the System Summary info appears, click Edit, Select All, Copy and then paste the information back here.For video driver information, expand the Components, click Display, click Edit, Select All, Copy and then paste the information back here.There will be some personal information (like System Name and User Name), and whatever appears to be private information to you, just delete it from the pasted information.This will minimize back and forth Q&A and eliminate guesswork.If you want to test your RAM, do this: Run a test of your RAM with memtest86+ (I know it is boring and will cost you a CD). Memtest86+ is a more up to date version of the old memtest86 program and they are not the same.The memtest86+ will not run under Windows, so you will need to download the ISO file and create a bootable CD, boot on that and then run the memtest86+ program. If even a single error is reported that is a failure and should make you suspicious of your RAM.If you have multiple sticks of RAM you may need to run the test on them one at a time and change them out to isolate the failure to a particular single stick.Always keep at least the first bank of RAM occupied so the test will find something to do and there is enough to boot your system.Sometimes, reseating the RAM in the slots will relieve the error but a failure is still cause for suspicion.The file and instructions are here:http://www.memtest.org/Here is a link that shows you have to create and use the memtest86+ CD:http://www.geekstogo.com/forum/topic/246994-guide-to-using-memtest86/If someone says to run memtest86, you can tell them to go pound sand and that you know memtest86+ supercedes memtest86 and here's why: http://en.wikipedia.org/wiki/Memtest86 Do, or do not. There is no try.I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!

What is the system make and model?You might be able to get some clues using about what is going on using Task Manager and maybe figure it out.You will always figure out what is going on if you use Process Explorer.Download Process Explorer so you can see what is "really" running on your system, especially behind those multiple svchosts you see running in Task Manager. Download Process Explorer from here:http://technet.microsoft.com/en-us/sysinternals/bb896653.aspxYou'll like Process Explorer when you get the hang of it. Process Explorer is the Windows Task Manager on steroids. Process Explorer installs nothing so it will not slow your system down since it only runs on demand. Process Explorer may look a little intimidating at first since it presents so much information, but you will start to get to like the way it works when you are looking for performance problems. You can even tell PE that you want it to be your new default "Task Manager" from now on. You can still run the original Task Manger too.Once you get Process Explorer running, expand the columns, drag the corners of the display to make it bigger, etc. so you can see the most information as possible in the window. Now you can really see everything that is running on the system.Here is a screenshot of my system when I use Process Explorer:http://img222.imageshack.us/img222/2567/processexplorer.pngThe CPU column is usually the most interesting to get started with performance issues - who is using the most? It is okay and normal to have multiple svchost processes running, but sometimes malicious software will hide behind them since the malicious software knows you will not be able to spot it in Task Manager. Malicious software can also disguise itself to appear to be a legitimate XP Process or it could hide under/behind other Processes that you see running in Task Manager so you cannot see it running.The malicious software would like to fool you into thinking that you need to use a System Restore Point, perform a Repair Install or reinstall your XP from scratch when you really don't have to.When looking at the display in Process Explorer, you would like the most CPU to be associated with System Idle Process. That is the "free time" on your system so the more free time it has, the better. If you look at the performance graphs and see red spikes (or not) double click the graph in the top left corner to display the usage graph. Hover the mouse over any spikes to see what causes them. Even if the spike has already scrolled past in the display, you can still hover the mouse over the spike to see what caused it. You can also just wait for a spike to occur and then see what caused the spike.To help understand your svchost processes and what is running beneath them, read this article and you will be smarter than the average bear:http://www.bleepingcomputer.com/forums/forum56.htmlThen with some Googling, you can look at each thing running in PE and behind your svchost processes and see what it is and decide if your configuration needs it or not and then decide what to do about it. If you think you have one svchost.exe Process that have run amok, using PE, you can right click that offensive svchost, Properties and on the Services and Threads tab you can see what is running under it. There is a CPU column that will need widening (make the column wider) so you can see CPU. Perhaps you can spot which background process is consuming so much CPU under the svchost.exe process. Look around under the svchost processes and you will find it. You can also see what is running under every svchost just by hovering your mouse over the svchost.exe process. Some of them will just have one things running under them and some will have several things (hopefully all legitimate XP services) and some will have a lot of things. If you have a svchost Process that is afflicted, what is running under your afflicted one?No running process should defy reasonable explanation.First, see what you can find out using Process Explorer and then if nothing is obvious, look at other things.Start with a scan for malicious software, then fix any remaining issues:No matter what else you are using for malicious software protection, download, install, update and do a full scan with these free malware detection programs:Malwarebytes (MBAM): http://malwarebytes.org/SUPERAntiSpyware: (SAS): http://www.superantispyware.com/They can be uninstalled later if desired.When the scans run clean, then troubleshoot any remaining issues.How have you found that a chunk of 64mb RAM is not being reported by Windows? That sounds an awful lot like the amount of memory some video adapters like to use (64MB).If you want to find out, do this:Click Start, Run and in the box enter:msinfo32Click OK, and when the System Summary info appears, click Edit, Select All, Copy and then paste the information back here.For video driver information, expand the Components, click Display, click Edit, Select All, Copy and then paste the information back here.There will be some personal information (like System Name and User Name), and whatever appears to be private information to you, just delete it from the pasted information.This will minimize back and forth Q&A and eliminate guesswork.If you want to test your RAM, do this:Run a test of your RAM with memtest86+ (I know it is boring and will cost you a CD). Memtest86+ is a more up to date version of the old memtest86 program and they are not the same.The memtest86+ will not run under Windows, so you will need to download the ISO file and create a bootable CD, boot on that and then run the memtest86+ program. If even a single error is reported that is a failure and should make you suspicious of your RAM.If you have multiple sticks of RAM you may need to run the test on them one at a time and change them out to isolate the failure to a particular single stick.Always keep at least the first bank of RAM occupied so the test will find something to do and there is enough to boot your system.Sometimes, reseating the RAM in the slots will relieve the error but a failure is still cause for suspicion.The file and instructions are here:http://www.memtest.org/Here is a link that shows you have to create and use the memtest86+ CD:http://www.geekstogo.com/forum/topic/246994-guide-to-using-memtest86/If someone says to run memtest86, you can tell them to go pound sand and that you know memtest86+ supercedes memtest86 and here's why: http://en.wikipedia.org/wiki/Memtest86 Do, or do not. There is no try.I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!

Reply to Gerry C:-I have tried PE. The process tree view option is greyed out.The offending process has an image name (in Task Manager) of "System" PID 4. User name "SYSTEM" cpu usage 99%. The system idle process is using 0% of cpu. Reply to JoseIbarra:-It's an old Packard Bell Imedia 1408PE shows that the process using all of the cpu is System:4 - the same as in Task Manager. It is not one of the svchost.exe's.My Computer reports only 448Mb of RAM yet there is 512 installed (see system info below). All other machines that I have used report the installed RAM before any taken by display adapters etc. hence my thought that some may be faulty. However, I have run a ram test which reports all OK.System Summary Info:OS Name Microsoft Windows XP Home EditionVersion 5.1.2600 Service Pack 3 Build 2600OS Manufacturer Microsoft CorporationSystem Name OEMSystem Manufacturer Packard Bell NECSystem Model 00000000000000000000000System Type X86-based PCProcessor x86 Family 15 Model 4 Stepping 1 GenuineIntel ~2926 MhzBIOS Version/Date American Megatrends Inc. 0170, 11/07/2005SMBIOS Version 2.3Windows Directory C:\WINDOWSSystem Directory C:\WINDOWS\system32Boot Device \Device\HarddiskVolume1Locale United KingdomHardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"User Name OEM\OwnerTime Zone GMT Standard TimeTotal Physical Memory 512.00 MBAvailable Physical Memory 199.67 MBTotal Virtual Memory 2.00 GBAvailable Virtual Memory 1.96 GBPage File Space 1.37 GBPage File C:\pagefile.sys Video Driver Info:Name SiS Mirage GraphicsPNP Device ID PCI\VEN_1039&DEV_6330&SUBSYS_E0121631&REV_00\4&13EB4D69&0&0008Adapter Type SiS 661FX Rev 01, SiS compatibleAdapter Description SiS Mirage GraphicsAdapter RAM 64.00 MB (67,108,864 bytes)Installed Drivers sisgrv.dllDriver Version 6.14.10.3671INF File oem8.inf (Xabre660 section)Color Planes 1Color Table Entries 4294967296Resolution 1024 x 768 x 60 hertzBits/Pixel 32Memory Address 0xE8000000-0xEFFFFFFFMemory Address 0xF6AE0000-0xF6AFFFFFI/O Port 0x0000DC00-0x0000DC7FIRQ Channel IRQ 11Memory Address 0xA0000-0xBFFFFI/O Port 0x000003B0-0x000003BBI/O Port 0x000003C0-0x000003DFDriver c:\windows\system32\drivers\sisgrp.sys (6.14.10.3671, 241.50 KB (247,296 bytes), 23/08/2006 02:39) I hope this info is useful for further diagnosis. Regards,Duncan H

DuncanThe 64 mb difference between the installed RAM and what you are seeing is the amount used by the graphics card.Some research led me to this Microsoft Knowledge Base Article.http://support.microsoft.com/kb/295714I am not sure how helpful it will be as it could involve some degree of expertise many users do not have. Having never tried what the article suggests. I can say no more.Hope this helps, Gerry Cornell

Hi, Thanks for the tip. Unfortunately the MS Process Viewer is only available on the NT4 Resource Kit or the Win 2000 Support Tools CD ROM.However, I did find another free process viewer which identified a file called up by the offending System process which was called ygovhxb32.sys located in the system32/drivers folder. A google search reveals no info whatsoever on this file name. I moved this file to the desktop and have since had no problems. I have now rebooted about 10 times to see if it comes back. Fingers crossed.Thanks for your help.Duncan H

DuncanYour discovery suggests you may have a malware infestation. Once one gets in they hold hold the door open and invite their friends to join them. I suggest you run Malwarebytes and SuperAntiSpy in safe mode.Hope this helps, Gerry Cornell

Hi,The box is going back to it's owner as soon as the snow clears. Once there, I will connect, update and run full AV and malware scans in safe mode.Thanks again for your time.Duncan H

First, 513MB of RAM is woefully inadequate for Win XP after SP3 has been installed. Have Crucial.com scan that computer to determine the amount, type and speed of RAM that can be installed. Bring it up to at least 1GB.Chuck the 80 year Old dogstill learning new tricks!