Solved

Computer suddenly very very slow

Posted on 2004-04-28
10
2,830 Views
Last Modified: 2010-04-12
I have a Dell Inspiron with W2K installed. It has been superb for about 3 years. Snappy and reliable. I have 384Meg memory (900 virtual) and about 10 Gig free disk space. Suddenly a couple days ago this computer started running painfully slow. The CPU usage is nearly 100%, even after rebooting (which I have done more than a dozen times). I have always run up-to-date virus checking tools, and have done a complete scan of the drive (it found nothing). I've run AdAware and turned up nothing. I can't see any obvious culprits in the list of processes. As it is now, I can barely launch explorer and notepad. I've uninstalled anything that is non-essential.

Until a couple days ago, I would run several applications at once and zip around easily. This is a nightmare! Am almost out of commission. Am trying to shift some of my work to another computer, but as you know, that is not so easy. Any tips, suggestions, ideas, or even calming words would be appreciated! Thanks!
0
Comment
Question by:cascade99
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10936909
Hi cascade99,

Please check the Task manager to find out what process is hogging up all the CPU time.

Greetings,

LucF
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 400 total points
ID: 10937102
Try doing these


a) download msconfig from here and dictate the startup programs
http://www.techadvice.com/win2000/m/msconfig_w2k.htm
install it , run it . go to startup tab once it runs and disbale all applications. Reboot the machine and check if it would work sooner. There could be some unwanted application that starts during the bootup and might be using the CPU.

b) Download the latest patches and security updates .

c) Check for unwanted starting services and disable them
http://www.blackviper.com/WIN2K/win2kservice411.htm

d) Try doing system file checking ( start ---> run --> sfc /scannow)
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q222/4/71.ASP&NoWebContent=1

e) Have you already done defragmentation and Disk cleanup

f) go to start --> run ---> typein : %temp% and remove all the files inside that folder.

g) You may also want to run other spyware tools in this post http:Q_20945897.html ( post log from hijackthis)

h) Try using this to check which one is consuming more usage
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

How to Break Down the System Process
http://support.microsoft.com/default.aspx?scid=kb;en-us;295714

http://search.webattack.com/get/pstools.shtml

there could be other suggestions that I might be missing. You may want to use recovery console if nothing of the above helps.
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 10938125
Check for malware/spyware -  someone around here has a big list of tools-  a small one can be found at www.onlinedangers.com/resources.php
0
 
LVL 3

Assisted Solution

by:Tele_tech
Tele_tech earned 100 total points
ID: 10943436
I agree that you need to find out what is running.. what process...

Download Codestarter after running Spy bot (my preference) or which ever
This software will tell you what is loading when your computer is starting up.... and what process are running.. with descriptions and companies that make it
I have found it very useful in cleaning up an infected machine.

http://codestuff.netfirms.com/download.shtml

also....

download stinger  ... this is an one shot hard clean by network associates...  

http://vil.nai.com/vil/stinger/
0
 

Author Comment

by:cascade99
ID: 10943563
Sunray gave me a lot of things to try.. and I have worked through most of them. True I have learned a lot and cleaned up a lot of messes. In particular, Spybot S&D found a lot of nasty stuff. Plus I have cleared out many unnecessary services and programs automatically starting up. So I have a healthier machine...BUT

Unfortunately, the problem is still bad. From the moment I boot up, the CPU time is anywhere between 50 and 100%. Here is the report from HIjackThis. I am desperate to get my machine restored.. so I am still hoping that you (or someone) have some more advice. I can make the machine available through NetMeeting.

Logfile of HijackThis v1.97.7
Scan saved at 1:39:51 PM, on 4/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\_a\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kelut.objectpublish.com/catalogs/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
O4 - Global Startup: timeset.bat.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0369528B-3082-11D2-9997-00A0C9B7A242} (PlaceWare Presentation-Upload Control) - http://www47.placeware.com/etc/pwe/trial2/placeware.aud.ieupload/UploadControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.48-deleon/GoogleNav.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37837.9193634259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://transcend.webex.com/client/latest/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DPA_DEV.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F0C04BB-E0CC-4F63-87A7-A90EA7B14DEA}: NameServer = 209.144.50.135,209.144.50.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BF7A26A-8D0F-48A0-B38C-F74850CC88CA}: NameServer = 209.144.50.135,209.144.50.113
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DPA_DEV.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 209.102.90.161
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DPA_DEV.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 209.102.90.161
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DPA_DEV.COM
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 209.102.90.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 209.102.90.161

0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:cascade99
ID: 10943951
I just saw the posting by TeleTech. Will try both now.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10944855
Not sure abt these


O16 - DPF: {0369528B-3082-11D2-9997-00A0C9B7A242} (PlaceWare Presentation-Upload Control) - http://www47.placeware.com/etc/pwe/trial2/placeware.aud.ieupload/UploadControl.cab

C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe


Btw, have you other all other suggestions aswell

post back
0
 

Author Comment

by:cascade99
ID: 10946448
First of all, Sunray's help has been fantastic. I'm not completely out of the woods yet, but things are essentially good enough to use my machine again. Many, many thanks. The Codestarter recommended by TeleTech was very helpful too. I cannot believe how many hours I've burned on this. My analysis is that the problems were all about spyware, and perhaps nothing to do with viruses. I use NOD32 for virus checking and none of the other virus checking tools found anything else. But for spyware, I think (but am not sure) most of the credit goes to Spybot. It found a lot of things that AdAware did not catch. Then cleaning up everything questionable revealed by the other tools I think was important too. There still seems to be more processor time taken up than there should, so I guess the job is not finished. To answer Sunray's last comment, I also thought the Placeware one was fishy, and got rid of it. The nod32 ones are fine. I've been running that a long time. I will award 80% to Sunray and 20% to Teletech. Thanks again! I'm sure I'll be back on this topic. What an ordeal!
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10946476
Great to get a good feedback from questioners/users of this site.

make sure to always update these tools and run them so that atleast spyware wont affect your machine
0
 
LVL 3

Expert Comment

by:Tele_tech
ID: 10946631
Thanks Cascade99
    Glad to have been of help...  Codestarter is pretty neat... still exploring some of the information it can give me... even about things that should be running...
have a good one....
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We have come a long way with backup and data protection — from backing up to floppies, external drives, CDs, Blu-ray, flash drives, SSD drives, and now to the cloud.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now