Link to home
Start Free TrialLog in
Avatar of Analog_Kid
Analog_KidFlag for United States of America

asked on

System running VERY slow - Urgent need help!

The computer is a Dell something or other pre-loaded with Win 2k pro.
The system is operating VERY slowly and the HD is constantly active.

I need to get it working properly again by the end of the day.

In an effort to resolve the trouble I have done the following and still have the same problem:

Defrag and scan disk - no help

Spyboy S&D scan w/updated definitions – found some items and removed but still no help

Norton A/V w/updated definitions – negative results

Turned off sharing of C: - upon re-boot the drive was again set to shared. (the PC is stand-alne not networked)

Turned off indexing service – this did seem to help, but the next day, the machine was running slow again.

I Did a repair of the OS using the install CD – still have the same problem.

The system will not allow me to shut down any running process thru task manager, but I can boot into safe mode with no problems.

I am not familiar with Win 2k pro and I need advice.

All suggestions are greatly appreciated – this has become an urgent matter.

Thanks in advance.
SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
it is the PC in general or network operation - or is it just pants generally?
Avatar of Analog_Kid

ASKER

Duh! Stupid me, I posted in the wrong area. I've aske that the question be moved.

Anyway, the machine is not connected to a network of any kind. What do you mean by pants?

Thanks for your help.
Oh, it does have AOL for connecting to the Internet.
Avatar of jdeclue
jdeclue

Please post a list of the running processes from the task manager.

J
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi
Hi first download this and click scan - don't fix anything first, just post the logfile here,
http://tools.radiosplace.com/HijackThis.exe

Deb :))
>>post a list of the running processes

I don't have access to it at this very moment, so I cant say. But it is a huge list. Is there a way to thin that out to the absolute bare minimum?

>>How much space does your hard drive have left?

Its nearly completly empty - only 10% or so used.

>>Are there any processes using up a lot of system resources?  
I dont know. How do I find that info?

>>...If you added virus software after the system was infected...

I dont think that is the case. The machine is a friends, but I am aware that he has had Norton A/V installed ever since he bought the machine and this problem is recent.
It's probably best to rule out any nasties before trying any further system fixes or repairs, particularly given the fact that you've already found some. Unfortunately Norton is missing stacks of Trojans as of late, hence try a scan with the following

Trend Online Scanner
http://housecall.trendmicro.com/

Panda
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Let us know what you find,

Deb :))
To post running processes - In hijackthis click config ->Misc Tools -> Open process manager. Then check the "show dll's" on the right of the screen, click refresh, then click the little floppy disk icon which will allow you to save the process list to a text file. Post that text file here too...

Deb :))
I would recommend running the utilities that Debsyl99 has listed.

To check processes, you can use Task Manager.  You said that the list is huge, how many processes are currently running?

When you boot into 'safe mode with no problems', do you mean that the computer doesn't run slow in safe mode?
Correct. In safe mode, all seems to be in order.

I see you need more info than I can provide, so I will d/l those and post here later. This could take a while as the machine is 10 miles from my location. I'll do my best to get you the info you need asap.

Meanwhile, if there is any other information that would be helpful, or if you have an idea of what else I can look at while I'm there, I'd be grateful.
Is this a XEON 32bit or Itanium 64 bit. The XEON uses Extended Memory 64, this is an extension and is not a 64 bit processor. The processor is as IA-32, which is a 32 bit processor. Unless your workstation is running with more than 4 GB ram and you have applications that can utilize pages larger than 2GB, you should not be running the x64 version of WIndows 2003. So unless you have applications that are specifically written to take advantage or the Extended Memory 64, and more than 4 GB of ram in the workstations, you should go back to Windows XP Professional. The OS should run faster on your machine than Server 2003(64) on the XEON.

J
Sorry I posted to the wrong thread!? ;)

J
To get the process list, just go to a DOS prompt and type TASKLIST.  Paste the info here.  If you want to save it out to a text file, you can run this TASKLIST > c:\tasklist.txt  
To post processes just follow the instructions in my posts - easier and makes sure dll's are posted too.


Deb :))

P.S Good one JD ;-)
Deb, not going to argue, but that requires the installation of software...
I don't think TASKLIST is an .exe that comes with Windows by default.  I don't have it on my system.
Oops.  It's for WinXP.  My bad.
It is an XP tool, and a great one... If you are running XP, it is a very easy thing to do. Rob has a good point, as it can be run in about 10 seconds and posted. Might as well do both.



J
It's not really like I'm asking for an fresh install of office!!! (sighs - has had a long day..)

It requires the installation of hijackthis which let's face it is pretty small (183k) and takes up minimal system resources (about 5k - cmd takes about 2.5k). It will also enable us to have a good look at what's running on the system and will show dll's which tasklist won't show and their authors and versions. We'll also get to have a look at various areas of the registry notorious for targeting by spyware and enable us to fix it where necessary - so it will kill a lot of birds with one stone, and if for whatever reason it doesn't lead to a direct fix, it will at least enable us to rule things out.

But if Analog Kid doesn't want to use it, it's his choice ;-)) Better than manually posting various areas of the registry, because if we do identify running processes that are malware related we're going to have to kill them properly (ie via the execs and reg entries) which again you can do with hijackthis. Why don't you check it out? It's quite useful,

Deb :))

Do em both, do em both!!! Run tasklist post the results.... 20 seconds max, while it is being reviewed by "the experts", run hijack This!!!!...

J

:)
I could not work out how to get a list of running processes but I did manage to get HijackThis.exe running which included a list. Here are the results:

processlist.txt:

Process list saved on 6:47:22 PM, on 9/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)

[full path to filename]            [file version]      [company name]
C:\WINNT\System32\smss.exe            5.0.2195.6601      Microsoft Corporation
C:\WINNT\system32\winlogon.exe            5.0.2195.6714      Microsoft Corporation
C:\WINNT\system32\services.exe            5.0.2195.6700      Microsoft Corporation
C:\WINNT\system32\lsass.exe            5.0.2195.6695      Microsoft Corporation
C:\WINNT\system32\svchost.exe            5.0.2134.1      Microsoft Corporation
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe            1.0.3.4      Symantec Corporation
C:\WINNT\system32\spoolsv.exe            5.0.2195.6659      Microsoft Corporation
C:\WINNT\System32\svchost.exe            5.0.2134.1      Microsoft Corporation
C:\Program Files\Norton AntiVirus\navapsvc.exe            9.0.5.1015      Symantec Corporation
C:\WINNT\system32\regsvc.exe            5.0.2195.6701      Microsoft Corporation
C:\WINNT\system32\MSTask.exe            4.71.2195.6704      Microsoft Corporation
C:\WINNT\system32\stisvc.exe            5.0.2195.6656      Microsoft Corporation
C:\WINNT\wanmpsvc.exe            7.0.0.2      America Online, Inc.
C:\WINNT\Explorer.EXE            5.0.3700.6690      Microsoft Corporation
C:\Program Files\Common Files\Symantec Shared\ccApp.exe            1.0.3.15      Symantec Corporation
C:\WINNT\system32\ntvdm.exe            5.0.2195.6689      Microsoft Corporation
C:\WINNT\system32\taskmgr.exe            5.0.2195.6620      Microsoft Corporation
C:\Documents and Settings\ian1\Desktop\HijackThis.exe            1.98.0.2      Soeperman Enterprises Ltd.


DLLs loaded by process C:\WINNT\System32\smss.exe:

[full path to filename]            [file version]      [company name]
C:\WINNT\system32\ntdll.dll            5.0.2195.6685      Microsoft Corporation
C:\WINNT\System32\sfcfiles.dll            5.0.2195.6717      Microsoft Corporation




startuplist.txt:

StartupList report, 9/7/2004, 6:48:37 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\ian1\Desktop\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\ian1\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\ian1\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINNT\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINNT\system32\setup\wmpocm.exe /HideWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = "C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigIE

[>{86EEAFA8-6F38-4657-B4F7-ED1033D2EA1C}S04947] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = "C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigOE

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINNT\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
C:\WINNT\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINNT\Java\classes\dajava.cab
OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab
OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINNT\DOWNLO~1\yacscom.dll
CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

[YInstStarter Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

[Yahoo! Audio UI1]
InProcServer32 = C:\WINNT\Downloaded Program Files\yacsui.dll
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[Update Class]
InProcServer32 = C:\WINNT\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37848.7365972222

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINNT\system32\qdiagh.ocx
CODEBASE = http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINNT\System32\rnr20.dll
NameSpace #2: C:\WINNT\System32\winrnr.dll
NameSpace #3: C:\WINNT\System32\nwprovau.dll
Protocol #1: C:\WINNT\system32\msafd.dll
Protocol #2: C:\WINNT\system32\msafd.dll
Protocol #3: C:\WINNT\system32\msafd.dll
Protocol #4: C:\WINNT\system32\rsvpsp.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\msafd.dll
Protocol #7: C:\WINNT\system32\msafd.dll
Protocol #8: C:\WINNT\system32\msafd.dll
Protocol #9: C:\WINNT\system32\msafd.dll
Protocol #10: C:\WINNT\system32\msafd.dll
Protocol #11: C:\WINNT\system32\msafd.dll
Protocol #12: C:\WINNT\system32\msafd.dll
Protocol #13: C:\WINNT\system32\msafd.dll
Protocol #14: C:\WINNT\system32\msafd.dll
Protocol #15: C:\WINNT\system32\msafd.dll
Protocol #16: C:\WINNT\system32\msafd.dll
Protocol #17: C:\WINNT\system32\msafd.dll
Protocol #18: C:\WINNT\system32\msafd.dll
Protocol #19: C:\WINNT\system32\msafd.dll
Protocol #20: C:\WINNT\system32\msafd.dll
Protocol #21: C:\WINNT\system32\msafd.dll
Protocol #22: C:\WINNT\system32\msafd.dll
Protocol #23: C:\WINNT\system32\msafd.dll
Protocol #24: C:\WINNT\system32\msafd.dll
Protocol #25: C:\WINNT\system32\msafd.dll
Protocol #26: C:\WINNT\system32\msafd.dll
Protocol #27: C:\WINNT\system32\msafd.dll
Protocol #28: C:\WINNT\system32\msafd.dll
Protocol #29: C:\WINNT\system32\msafd.dll
Protocol #30: C:\WINNT\system32\msafd.dll
Protocol #31: C:\WINNT\system32\msafd.dll
Protocol #32: C:\WINNT\system32\msafd.dll
Protocol #33: C:\WINNT\system32\msafd.dll
Protocol #34: C:\WINNT\system32\msafd.dll
Protocol #35: C:\WINNT\system32\msafd.dll
Protocol #36: C:\WINNT\system32\msafd.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\services.exe (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\System32\services.exe (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINNT\system32\cisvc.exe (disabled)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (manual start)
Print Class Driver for IEEE-1284.4 hpoipr07: system32\DRIVERS\hpoipr07.sys (manual start)
3Com EtherLink XL B/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
IEEE-1284.4 Driver hpoid407: system32\DRIVERS\hpoid407.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\services.exe (autostart)
Workstation: %SystemRoot%\System32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
Messenger: %SystemRoot%\System32\services.exe (disabled)
NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\System32\MsiExec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040825.021\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040825.021\NavEx15.Sys (manual start)
NetBEUI Protocol: System32\DRIVERS\nbf.sys (autostart)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: System32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: System32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII Protocol: System32\DRIVERS\nwlnkspx.sys (autostart)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\WINNT\system32\Drivers\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\WINNT\system32\Drivers\SAVRTPEL.SYS (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Still Image Service: %systemroot%\system32\stisvc.exe (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMREDRV: \??\C:\WINNT\system32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \??\C:\WINNT\system32\Drivers\SYMTDI.SYS (autostart)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (disabled)
Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
WAN Miniport (ATW) Service: "C:\WINNT\wanmpsvc.exe" (autostart)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (manual start)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 28,840 bytes
Report generated in 0.221 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only


hijackthis.log:

Logfile of HijackThis v1.98.2
Scan saved at 6:49:57 PM, on 9/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\ian1\Desktop\HijackThis.exe
A:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312
O17 - HKLM\System\CCS\Services\Tcpip\..\{347DEE52-1768-473E-B419-FAD1B4BFC7B8}: NameServer = 64.81.159.2

In Windows Task Manager, Processes tab under "Image Name" there is an item called "System Idle Process" PID 0 CPU 99 MemUsage 16k. Is this of any concern? It is the only item showing a considerable CPU time usage.

I'm desperately grasping at straws here.
Why is that yahoo crud there?

Go uninstall any unecessary applications.

How much free space do you have?
I've taken out all un-needed apps already and got rid of most of that crud. I'll post an updated log if you want.

At this time there is 2.3 GB used of 12.6 GB total.

I've noticed that on boot up (a 30 min process!) the computer seems to get stuck on "Applying security policy".
What GPOs do you have enabled?

What was the last thing you changed?
I assume this is part of a domain... they arent trying something silly like pushing a large install down via GPOs are they?
No, its just a desktop PC and not part of a network. I dont know what a GPO is and I'm not the primary user so I have no clue what was done before today. I can tell you that there are no audits curently enabled.
Well you could unplug the network cable, then login the local admin acct, then login the user offline, that would tell us something.

Iit is leaning towards a group policy issue, but we need to veerify that.
I could use some step-bystep instructions. There is no network cable to anything and I am now logged is as admin. (I have physical access to the machine now)
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Does it matter what user you login as? Is it still super slow?
There has been an improvement in performance, but the boot up is still taking way too long as noted above. What would creating a new profile gain?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also the unexplained disk activity has ceased so we have seen some progress.
Ok, I can create a new profile. How shall I proceed?

Thanks by the way for taking time to help me out  :-)
Using Hijack this, you can delete these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

O17 - HKLM\System\CCS\Services\Tcpip\..\{347DEE52-1768-473E-B419-FAD1B4BFC7B8}: NameServer = 64.81.159.2
From the control panel, I'm unable to add a user. The button is gray.
Those have all been removed except for NameServer and the extra buttons.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If it is greyed out.. re you sure this is not part of a domain?  Rt click on My computer and goto properties.  It should say WORKGROUP... if it says domain, then it is in fact part of a domain.

I dont see users and computers - I have Local Users and Groups
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You are correct. In the System Properties - network id tab the workgroup name is WORKGROUP
Local Users and groups, sorry, that is what you want. If you can create a new user there, that would help test profle when you login as that user.
A hardware failure has crossed my mind. I'm contemplating a drive check and testing memory, but I dont want to overlook the obvious. (actually not so obvious in my case)
I saw another link I had saved where the guy said it was a hard drive issue... but I kinda doubt that.

Were you able to create a user?
I have created user "test1" and added to the administrators group.
You can also dload CWshredder, extract to a floppy and run it too.  http://computercops.biz/downloads-file-349.html

Login as Test1 and let me know the performance and how long it takes to login.

I logged off then logged back in at test1 and am presented with the Getting Started with Windows 2000 dialogue box. It seemed to work fine - took just a few seconds.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Can't wait, passing out from no sleep :)

Seems like its all fixed, so GL bud!
Well windows started up faster - it didnt get stuck on "Applying security policy" but the desktop icons have not yet appeared - its still thinking about it (the disk indicator is flashing and I hear the ticking).

It is behaving much the same as it had been only instead of the security policies; I'm waiting for the desktop. All I have is the task bar, clock and the blue background. Its been booting up for just under ten minutes now.

Well go to bed - this thing can wait. Thanks!
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
jonnietexas

I dont see anything in the registry where you pointed me that looks suspicious and the temp directory was pretty much empty to begin with. (its completely empty now).

Thanks for the help, but it appears that the problem lies elsewhere.


Good morning, Debsyl99  :-)

I do not have an Internet connection to that machine at the moment, but I do have sneaker net available. Those on-line scanners will be difficult to employ. Do you have any alternate suggestions that I might try?

I’ll go ahead at get msconfig as you’ve suggested. Jayca has suggested cwshredder, which I have yet to try.

Where might I find those event logs exactly?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
good lord slacker!  This isnt fixed yet?

:)
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yes, every step is painfully slow! As I said, it takes about 30 min just to boot up.

Once the desktop appeared, everything seems to be running relatively normally.

I made an Internet connection through the AOL interface and it connected without problems, but the system became bogged down just as soon as I fired up Internet Explorer. I was however able to start a Panda ActiveScan, when suddenly the system again slowed to a crawl.

Jonnietexas, about the only thing notable is the Norton antivirus protection. Perhaps that's what is misbehaving. I think I'll go ahead and remove it at the next opportunity. (I can always re-install it latter).

I've notice that when the system slows, the acoustical signature of the hard drive changes. It is the same sound that it makes while waiting for the desktop or the security policies. (Sounds more like a defrag operation rather than the typical read/write sounds that breeze right through.)

Its incredibly frustrating to have to wait 5 or ten minutes and longer for anything to respond.  

I'll post an update just as soon as possible.
Just a thought. I have seen many systems that have this exact problem, and it is typically related to the drive being misconfigured. Either it is set to Slave instead of Master, or Cable Select and not on the last connector, or a CD, CDRW, DVD etc, is on the same channel etc. Did you change any of the drive configurations or a dd a hard drive.

J

P.S. Way too many posts, someone may have already said this becuase I haven't read them all. If that is the case, accept my apologies ;)

J
No I don't think they have JD (practically know this thread off by heart now ;-) but that's a good suggestion. By the way (should have asked this before) what ARE the specs of this PC anyway? ie Processor, RAM etc?
Not a problem, I can filter that out in my head  :-)

But no, I have not changed anything like that and I suspect the owner/user has not either. I can check that out when the system releases control to me again.  :-/
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
When you used the CD to reinstall/repair of the OS, did it seem to take a long time?

J
Hi Deb! ;)

J
No, that worked pretty well.

Bad news - the system crashed during the scan. But at least I can give you guys/gals the informatin you want

The unit is a Dell OptiPlex GX110 Pentium III
Win2K pro os Build 2195 SP4
Computer: X86 Family 6 Moded 8 Stepping 6 GenuineIntel
AT/AT Compatible
129,260kb ram

In the Event Viewer there are lots of warnings and errors. All or most related to disk and atapi.
"The device, \Device\ide\ideport0, did not respond within the timeout period" and
"An error was detected on device \Device\Harddisk0\DR0 during a paging operation"

Security Log is empty and the Application Log is also full of errors and warnings.

The system is now in safe mode.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
try Robs suggestion with the CHKDSK C: /R, plus you are a bit light on RAM for Win2k and a load of apps,



Deb :))
C:\>chkdsk c: /r
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another process.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
That was supposed to say hours by the way - Hi JD :))
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Do you have any spare drives you can use?  And you only have 128 megs of mem, that's not much with all that stuff they have running FYI :)

The problem has been positively identified as a bad hard drive. The drive eventually failed completely but I did manage to retrieve the data first.

Thanks for all your help - your assistance was invaluable to me.
I’ve split the points among the comments that I found to be the most helpful and awarded the answer to hehewithbrackets for being the first to correctly identify the root cause of the trouble as hardware related.

Thanks again for all your help!
Perhaps he should look for *.Temp and *.tmp files in his computer and then get rid of anything to do with Norton AV...