Solved

Computer suddenly very very slow

Posted on 2004-04-28
10
2,833 Views
Last Modified: 2010-04-12
I have a Dell Inspiron with W2K installed. It has been superb for about 3 years. Snappy and reliable. I have 384Meg memory (900 virtual) and about 10 Gig free disk space. Suddenly a couple days ago this computer started running painfully slow. The CPU usage is nearly 100%, even after rebooting (which I have done more than a dozen times). I have always run up-to-date virus checking tools, and have done a complete scan of the drive (it found nothing). I've run AdAware and turned up nothing. I can't see any obvious culprits in the list of processes. As it is now, I can barely launch explorer and notepad. I've uninstalled anything that is non-essential.

Until a couple days ago, I would run several applications at once and zip around easily. This is a nightmare! Am almost out of commission. Am trying to shift some of my work to another computer, but as you know, that is not so easy. Any tips, suggestions, ideas, or even calming words would be appreciated! Thanks!
0
Comment
Question by:cascade99
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 10936909
Hi cascade99,

Please check the Task manager to find out what process is hogging up all the CPU time.

Greetings,

LucF
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 400 total points
ID: 10937102
Try doing these


a) download msconfig from here and dictate the startup programs
http://www.techadvice.com/win2000/m/msconfig_w2k.htm
install it , run it . go to startup tab once it runs and disbale all applications. Reboot the machine and check if it would work sooner. There could be some unwanted application that starts during the bootup and might be using the CPU.

b) Download the latest patches and security updates .

c) Check for unwanted starting services and disable them
http://www.blackviper.com/WIN2K/win2kservice411.htm

d) Try doing system file checking ( start ---> run --> sfc /scannow)
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q222/4/71.ASP&NoWebContent=1

e) Have you already done defragmentation and Disk cleanup

f) go to start --> run ---> typein : %temp% and remove all the files inside that folder.

g) You may also want to run other spyware tools in this post http:Q_20945897.html ( post log from hijackthis)

h) Try using this to check which one is consuming more usage
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

How to Break Down the System Process
http://support.microsoft.com/default.aspx?scid=kb;en-us;295714

http://search.webattack.com/get/pstools.shtml

there could be other suggestions that I might be missing. You may want to use recovery console if nothing of the above helps.
0
 
LVL 7

Expert Comment

by:YarnoSG
ID: 10938125
Check for malware/spyware -  someone around here has a big list of tools-  a small one can be found at www.onlinedangers.com/resources.php
0
 
LVL 3

Assisted Solution

by:Tele_tech
Tele_tech earned 100 total points
ID: 10943436
I agree that you need to find out what is running.. what process...

Download Codestarter after running Spy bot (my preference) or which ever
This software will tell you what is loading when your computer is starting up.... and what process are running.. with descriptions and companies that make it
I have found it very useful in cleaning up an infected machine.

http://codestuff.netfirms.com/download.shtml

also....

download stinger  ... this is an one shot hard clean by network associates...  

http://vil.nai.com/vil/stinger/
0
 

Author Comment

by:cascade99
ID: 10943563
Sunray gave me a lot of things to try.. and I have worked through most of them. True I have learned a lot and cleaned up a lot of messes. In particular, Spybot S&D found a lot of nasty stuff. Plus I have cleared out many unnecessary services and programs automatically starting up. So I have a healthier machine...BUT

Unfortunately, the problem is still bad. From the moment I boot up, the CPU time is anywhere between 50 and 100%. Here is the report from HIjackThis. I am desperate to get my machine restored.. so I am still hoping that you (or someone) have some more advice. I can make the machine available through NetMeeting.

Logfile of HijackThis v1.97.7
Scan saved at 1:39:51 PM, on 4/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\_a\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kelut.objectpublish.com/catalogs/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
O4 - Global Startup: timeset.bat.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0369528B-3082-11D2-9997-00A0C9B7A242} (PlaceWare Presentation-Upload Control) - http://www47.placeware.com/etc/pwe/trial2/placeware.aud.ieupload/UploadControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.48-deleon/GoogleNav.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37837.9193634259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://transcend.webex.com/client/latest/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DPA_DEV.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F0C04BB-E0CC-4F63-87A7-A90EA7B14DEA}: NameServer = 209.144.50.135,209.144.50.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BF7A26A-8D0F-48A0-B38C-F74850CC88CA}: NameServer = 209.144.50.135,209.144.50.113
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DPA_DEV.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 209.102.90.161
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DPA_DEV.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 209.102.90.161
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DPA_DEV.COM
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 209.102.90.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 209.102.90.161

0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:cascade99
ID: 10943951
I just saw the posting by TeleTech. Will try both now.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10944855
Not sure abt these


O16 - DPF: {0369528B-3082-11D2-9997-00A0C9B7A242} (PlaceWare Presentation-Upload Control) - http://www47.placeware.com/etc/pwe/trial2/placeware.aud.ieupload/UploadControl.cab

C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Eset\nod32krn.exe


Btw, have you other all other suggestions aswell

post back
0
 

Author Comment

by:cascade99
ID: 10946448
First of all, Sunray's help has been fantastic. I'm not completely out of the woods yet, but things are essentially good enough to use my machine again. Many, many thanks. The Codestarter recommended by TeleTech was very helpful too. I cannot believe how many hours I've burned on this. My analysis is that the problems were all about spyware, and perhaps nothing to do with viruses. I use NOD32 for virus checking and none of the other virus checking tools found anything else. But for spyware, I think (but am not sure) most of the credit goes to Spybot. It found a lot of things that AdAware did not catch. Then cleaning up everything questionable revealed by the other tools I think was important too. There still seems to be more processor time taken up than there should, so I guess the job is not finished. To answer Sunray's last comment, I also thought the Placeware one was fishy, and got rid of it. The nod32 ones are fine. I've been running that a long time. I will award 80% to Sunray and 20% to Teletech. Thanks again! I'm sure I'll be back on this topic. What an ordeal!
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10946476
Great to get a good feedback from questioners/users of this site.

make sure to always update these tools and run them so that atleast spyware wont affect your machine
0
 
LVL 3

Expert Comment

by:Tele_tech
ID: 10946631
Thanks Cascade99
    Glad to have been of help...  Codestarter is pretty neat... still exploring some of the information it can give me... even about things that should be running...
have a good one....
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange server 2003 sp2 local queue frozen mail 3 360
Cannot access port 443 4 575
Question about teaming two NIC's on Server 2012 2 569
windows 2000 - Enable wifi 7 133
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now