Tech Support banner

Status
Not open for further replies.
1 - 14 of 14 Posts

·
Registered
Joined
·
31 Posts
Discussion Starter #1
Hi forum.
Sometimes (not always), while I'm working on my XP box (running any kind of programmes, usually winamp, MS-Office2003, Flash MX 2004, Power DVD, Acrobat reader..etc), I sence a very slow performace, I run the task manager and the CPU usage is almost 50%. Even when I turn off all the programmes the CPU usage is still 50%.

I have updated my 2005 Norton Anti virus and performed a full system scan and the result was that there were no theats found. My XP Professional is up to date (Service pack 2) plus I usually run windows updater. The MS-Office 2003 is also updated (Service pack 1)

further information:

CPU: P4 ht 3.0 GHz
Ram: 512 MB
MB: Intel 915 PGN.

Any help is highly appreciated.
 

·
Registered
Joined
·
878 Posts
any idea what process is taking up that 50%?

If you know, you can check it against Process Library to make sure it's legit.

If not, you can try running the newest version of hijack this, and posting the results in the appropriate forum for the mad scientists there to decipher and help further :)
 

·
Registered
Joined
·
2,290 Posts
Ctrl, Alt, Del, click Task Manager, Processes tab.

Look at the very bottom and post back the following:
Processes?
CPU usage?
Mem Usage?

Click the CPU header and sort the Processes by CPU usage and see what is using up the CPU.

You may have used up all your 512 MB or RAM and now the CPU is handling RAM requests? Power DVD is probably resource hungry?

JamesO
 

·
Registered
Joined
·
31 Posts
Discussion Starter #4
Hi everybody
Thnx for the reply.
I tryed to check the task manager after I have shut down all the programes, the system idle pocess is using 99%, so what ever process is going on, it's not appearing in the task manager.

Now I have noticed something which is that the cpu jumps to 50% just after I disconnect the internet connection (while I'm working on the internet there is no problem but the problem starts just after I disconnect the interent).

Any thoughts!!!!
thanks in advance.
 

·
Registered
Joined
·
2,290 Posts
Ctrl, Alt, Del, click Task Manager, Processes tab.

Click on the top line CPU and sort the CPU usage from highest to lowest.

Note the process name that is using 50% CPU and post it back here.

JamesO
 

·
Registered
Joined
·
91 Posts
hey i would suggest find the culprit process and fix it.
run spybot and ad-aware to find sypware/ malware and fix them.
clear your startup items to free up your resources. Run diskcleanup and do defrag, system can even slow down if your hdd is fragmented heavily.
 

·
Registered
Joined
·
796 Posts
Norton's

You said something about having Norton's installed, do you have Norton's Internet Security installed also? I have noticed that NIS slows down a lot of systems that I am looking at. If this is the case, I would uninstall NIS and get a hardware firewall.
 

·
Registered
Joined
·
2,290 Posts
Before you start un-installing software and changing things, why not identify what is using the processor up.

It should be VERY clear if there is a process hogging 50% of your CPU.

JamesO
 

·
Superhuman Computer
Joined
·
1,632 Posts
JamesO said:
It should be VERY clear if there is a process hogging 50% of your CPU.
One thing to note here is that it's a hyperthreading system. I've found certain programs will use 100% of what they think to be your runtime, which only comes up as using one thread 100% (so 50% total) yet on the processes list system idle process is still around 99%.
 

·
Registered
Joined
·
31 Posts
Discussion Starter #11
Task manager window plus Hijack this log file

Hi ppl

Here is how the task manager looks like:





as I said earilier, the problem starts only when I disconnect the internet. The cpu usage doesn't drop down to normal unless I restart the computer.

Also here is the hijackThis log file, I would appreciate it if someone took a look at it.

Logfile of HijackThis v1.99.1
Scan saved at 10:44:07 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Intel\IDU\IDUServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Flash Communication Server (FlashCom) - Macromedia, Inc. - d:\Program Files\Macromedia\Flash Communication Server MX\FlashCom.exe
O23 - Service: Flash Communication Admin Service (FlashComAdmin) - Macromedia, Inc. - d:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - D:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

·
Registered
Joined
·
2,290 Posts
Looks like you have a strange one here.

Not too many processes running, but something must be up.

Suggest you start machine in safe mode and see how things play. F8 at boot should bring up Safe Mode, suggest try Safe Mode with networking. See if the CPU is backed down. If so, compare running processes in Safe Mode to Normal Mode to see if you can ID something that may be the cause.

You may want to use MSCONFIG to keep specific programs from launching during boot to see if you can find the culprit as well.

As for the HJT log, this may need to go to the Security Forum for a review. I am no expert on this, but one line looks suspect:

O2 - BHO: PCTools Site Guard -{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

Try booting in Safe Mode and report back what you find.

JamesO
 

·
Registered User
Joined
·
1,438 Posts
PC Tools is legit
http://castlecops.com/tk1662-iesdsg_dll.html
I have seen it before where it was fully functional but showed as file missing in Hijackthis. If you are having problems with this program you should however reinstall it.

System idle services represents the proportion of the time that your CPU is idle, that it has nothing to do. Having it at 99% is good, it means most of the time it is not doing anything so there are plenty of spare cycles remaining.
http://www.liutilities.com/products/wintaskspro/processlibrary/System Idle Process/


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
http://www.liutilities.com/products/wintaskspro/processlibrary/mdm/
Could be a problem , why is it running ? Any chance it is the trojan mentioned?


You may want to deal with these
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
http://startup.iamnotageek.com/srch-ALCMTR.EXE.html



I suggest checking your NAV and see if it has the microsoft office plugin enabled. If so ,try disabling it; I have seen this plugin seriously slow machines down .
 
1 - 14 of 14 Posts
Status
Not open for further replies.
Top