What can cause this?

[Appledrop]

Ok, my friend he runs this setup:-

Athlon XP 1900+ (266fsb)
Asrock motherboard (unsure what model)
1xstick 512mb cl3 DDR 400
1xstick 128mb cl2.5 DDR 333
What i assume is a generic PSU
windows xp home

His computer runs very laggy, and cpu load is about 100% usually. He has reformatted, so i do not think it is a virus causing it

now, we tried switching ram etc, but to no success..

I suggested the PSU could be the problem, but i really do not know how - no random reboots or anything -?

I doubt it is a CPU issue, but maybe???

Otherwise im leaning to the motherboard..

any ideas people?

 

[eydolic]

Um, even though it looks to be hardware- go to the process tab in task manager and sort by CPU usage... Aside from the System Idle Process, what is the highest process? That could give us an idea (because of what hardware that process may tax)

 

[Appledrop]

heh, none.. nothing abnormal in the processes list - so could it still be hardware, or is it just a sneaky virus that managed to slip through a format + fresh xp install ?

thanks

 

[eydolic]

I would like to be able to say it is software. I've seen power supplies cause the processor to act up and do that before, though. Among other things. Did he keep any of his old date on that drive? Or copy it back over later?

 

[Appledrop]

ya, he backed up his music, but thats it... spose it could be the psu.. thanks for help anyhoo

 

[DetroitSportsFan]

In your case, I'm more inclined to believe its software related. I'd download the latest copy of Spybot S& D, update its definitions and give your system a scan. Be sure to close out any open browser windows before you do the scan. Otherwise, Spybot may not be able to correct any spyware related issues. If it asks to run on next reboot, allow it to. Sometimes these malwares need to be removed BEFORE they start up.

For sneaky viruses that your resident AV software may not detect ..... take a trip to HOUSECALL by trend micro and do the online virus scan. You can get there by clicking HERE.

 

[The J]

Go to http://www.spywareinfo.com/~merijn/downloads.html and download Hijack This! (under the Official Downloads section). Run a scan and save the log. Copy and paste the log and post it here. It may be long, but post everything. I or someone else may be able to tell you what the problem is. Hijack This also shows normal processes, so don't delete anything if you don't know what it is.

 

[DetroitSportsFan]

Go to http://www.spywareinfo.com/~merijn/downloads.html and download Hijack This! (under the Official Downloads section). Run a scan and save the log. Copy and paste the log and post it here. It may be long, but post everything. I or someone else may be able to tell you what the problem is. Hijack This also shows normal processes, so don't delete anything if you don't know what it is.

Good advice, but be sure to follow his instructions EXACTLY. Its a great manual removal tool but should only be used when you have someone willing and ABLE to read those logs. It takes considerable knowledge and study to use this tool correctly. I read them too, but I'm hesitent to suggest HJT on a board that doesn't have a good base of members who know how to read these logs. I think you're safe here since The J has made this suggestion. I'll be looking too. The problem in using this tool on a board where many members don't read them is the time it takes (sometimes) to get an informed answer.

 

[mechBgon]

Also, be aware that a "raw" WinXP installation, even with Service Pack 1a, is easy prey for worms. I made up some info to help people get through that initial vulnerable stage, and that info is here.

On that page, there are also some links to free online antivirus scans, but if you don't get the holes patched, detecting and removing the viruses won't keep them away. Grisoft has just upgraded their AVG Free Edition antivirus software, so if your friend has none at all, that would be a good start. Enable its "on close" file scanning, have it scan ALL files, and make sure its heuristics are enabled too.

Besides simply patching the computer at Windows Update, also run the Microsoft Baseline Security Analyzer to look for other stuff like weak/blank passwords, unpatched Office applications, poor Internet Explorer security settings, and some types of patches that Windows Update won't look for.

Hope that helps and if your friend has broadband, definitely make sure he/she gets a router to provide an outer firewall.

 

[eydolic]

I'll be the triple-checker!

 

[The J]

If you wish, you can post the Hijack This! log at the GameFaqs.com PC Tech Support boards. There are several people there who can help you and are far more familiar with the program than I am, namely a person with the handle "LineofFire." I would recommend that you paste your log there.

Link:
http://boards.gamefaqs.com/gfa...opic.php?board=2000111

 

[DetroitSportsFan]

If you wish, you can post the Hijack This! log at the GameFaqs.com PC Tech Support boards. There are several people there who can help you and are far more familiar with the program than I am, namely a person with the handle "LineofFire." I would recommend that you paste your log there.

You can post it there or you can post it here. Regardless of where you post it, be sure you get the help you need. Its the "getting help" part that is most important here. I've seen problems like the one you described many times before. I'm about 99% sure yours is virus/malware related. These problems are almost 100% fixable but they frequently involve a multi step approach. Patience will be your virtue here.

 

[Appledrop]

ok, here is my hijack this log, i cant see any problems myself, so i think its hardware related?

Logfile of HijackThis v1.97.7
Scan saved at 2:22:46 PM, on 25/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/...901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com...cabs/flash/swflash.cab

thanks for replies - keep em coming

 

[DetroitSportsFan]

I found 2 unecessary 04 entries. The file names are legit but are also known to be used by malware trying to trick you into believing they are good files. Lets download Spybot S & D from HERE (click here). Close all browser windows, update the scan engine and then "look for problems." When the scan is finished, have spybot fix all problems in RED.

Three things that really bother me:

1) I don't see any antivirus software listed in either running processes or your startup group. AV software in this day and age is ABSOLUTELY mandatory. AVG has a free resident virus scanner which is better than nothing. If that doesn't appeal to you, then download the 1 month trial AV software from Trend Micro. You'll have to purchase a subscription after that month is over to keep it up to date.

2) I see no firewall. Once again, this is mandatory regardless of what else you may have heard.

3) This system has SP1 so its still extremely worm vulnerable.

For now, after completing your spybot S&D scan, take a trip HERE and run the online virus scan. Put a check in the auto clean box before you initiate the scan.

Follow my suggestions and if that doesn't take care of the problems, we can still take a look at your hardware. However, in most cases, hardware in itself is not responsible for high CPU usage.

 

[dclive]

Originally posted by: Azzy64
Ok, my friend he runs this setup:-

Athlon XP 1900+ (266fsb)
Asrock motherboard (unsure what model)
1xstick 512mb cl3 DDR 400
1xstick 128mb cl2.5 DDR 333
What i assume is a generic PSU
windows xp home

His computer runs very laggy, and cpu load is about 100% usually. He has reformatted, so i do not think it is a virus causing it

now, we tried switching ram etc, but to no success..

I suggested the PSU could be the problem, but i really do not know how - no random reboots or anything -?

I doubt it is a CPU issue, but maybe???

Otherwise im leaning to the motherboard..

any ideas people?

What task is using 100% CPU? "System Idle Process" is normal - that *should* be there and using all spare CPU time - do you have another task that uses CPU time?

CPU utilization typically has nothing to do with PSUs & RAM.

 

[eydolic]

CPU utilization typically has nothing to do with PSUs & RAM.

A PSU with a high fluctuation in voltages can cause all sorts of problems that relate to this.

 

[DetroitSportsFan]

A PSU with a high fluctuation in voltages can cause all sorts of problems that relate to this.

I won't disagree with the quote above. However, based on what the HJT log is telling me, I'd start with software related issues first. The computer in question appears not to be running any AV software or any firewall. Its security updates are also not up to date. Regardless of whether its hardware or software related, these issues must be addressed. After a spybot s&d scan (spybot is free), and after an online virus scan at HOUSECALL (also free), updating the security updates AFTER (Free too), this is the first path I would take. To me, it only makes sense to pursue the free options first.

However, eydolic isn't wrong. I've seen read/write errors, file corruptions, overheating systems, and systems that would unexpectedly reboot/shutoff with the culprit being the power supply. Typically, cpu load issues are more software/driver based then hardware .... but that doesn't mean hardware couldn't be the cause. Have you checked for error messages in event viewer yet? Its usually best to use a systematic approach to troubleshooting than to hop scotch around.

Azzy64, its your friend's computer. Do we want to troubleshoot software related issues or the system's hardware first? If the system were mine, I'd take the free path first. However, its your call. Either way, I'll do what I can to help.

 

[SagaLore]

If you open Task Manager and look at the list of processes, which one is using the most of the cpu?

 

[Appledrop]

thanks, but i really do not see how it can be malware, seeing as it is formatted and fresh xp install, which would clear registry and all..

oh well

 

[DetroitSportsFan]

Originally quoted by eydolic:

Um, even though it looks to be hardware- go to the process tab in task manager and sort by CPU usage... Aside from the System Idle Process, what is the highest process?

Its already been asked, but no response to the question. Maybe seeing it 2 posts in a row will get that answer.

 

[dclive]

Originally posted by: Azzy64
thanks, but i really do not see how it can be malware, seeing as it is formatted and fresh xp install, which would clear registry and all..

oh well

The moment you go onto the Internet, it can very easily no longer be a fresh install. Malware can infect moments after plugging in.

 

[DetroitSportsFan]

The moment you go onto the Internet, it can very easily no longer be a fresh install. Malware can infect moments after plugging in.

The quote from dclive says it all. We could be wrong but lets try the free stuff before we send you to the hardware store.

 

[mechBgon]

Yeah, try another clean format/install. This time, don't plug in the network cable until you have a software and/or hardware firewall to protect the computer's vulnerabilities. I wrote that page specifically for people in that position, so look there for some links to stuff you will want. Also note the Ongoing prevention tips, which are aimed at tightening up some of the less-obvious stuff.

 

[The J]

Most of your log entries seem to be related to the Google Toolbar, which isn't a bad thing. I did find two entries that I'm not sure what they are. I think someone else has already pointed them out. I do not know what they are, unfortunately:

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

According to a Google search, they seem to be files for Chinese and Japanese text support or translation, so they seem legit. Does the computer use 100% of its cycles in Safe Mode also? Sorry if you already tried this.