1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Another XP slowdown

Discussion in 'Virus & Other Malware Removal' started by ArtVandalay, Feb 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. ArtVandalay

    ArtVandalay Thread Starter

    Joined:
    Aug 25, 2003
    Messages:
    71
    My formerly fast system now (at times) crawls along. I say "at times" because there are occasions when it will operate like new, but I can't seem to detect a pattern. This is not limited to any one area of the OS, but all apps & programs. I have run anti-virus scans, defragged (hard drives, registry, & paging file), tried the System File Checker (Run->sfc /scannow), and have used SpyBot, SpySweeper, cwshredder. I ran hijack this days ago and eliminated several obviously notorious registry entries, and after I used SpySweeper, the system ran as it did on day one. But this lasted for several hours only.... I also ran the full test at www.pcpitstop.com to see how much it had degraded, but the score was 1334 (which = no problems, fast computer) ?!?!!????

    Specs: Dell Dimension 4600
    Windows XP Professional (SP1)
    2 x 40GB 7200 rpm HDD
    2.4 ghz P4 533 FSB
    512 mb DDR Ram
    nVidia GeForce FX 5200 128mb RAM
    ...updated drivers, BIOS, virus defs, Windows patches
    & hotfixes.
    ...no recent major software installations.

    HijackThis log:

    Logfile of HijackThis v1.97.6
    Scan saved at 9:58:52 PM, on 2/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    F:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\Explorer.EXE
    F:\PROGRA~1\Ontrack\SYSTEM~1\mxtask.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\UTILIT~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Object Desktop\CursorXP\CursorXP.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Utilities\SpeedFan\speedfan.exe
    C:\Program Files\Object Desktop\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Microsoft Works\MSWorks.exe
    c:\program files\internet explorer\iexplore.exe
    C:\Program Files\Utilities\Spyware Tools\hijackthis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\PANELS\BLANK.HTM
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Utilities\Spyware Tools\Spybot\SDHelper.dll
    O2 - BHO: (no name) - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Fix-It AV] F:\PROGRA~1\Ontrack\SYSTEM~1\MemCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\UTILIT~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\Object Desktop\CursorXP\CursorXP.exe
    O4 - Startup: ObjectDock.lnk = C:\Program Files\Object Desktop\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: Shortcut to speedfan.lnk = C:\Program Files\Utilities\SpeedFan\speedfan.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
    O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/toolbar/webinstall.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4321/mcfscan.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab


    Any/all suggestions are welcome and appreciated

    (y)
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I don't see any "security" related reasons for the problem.

    You can try "clean boot" troubleshooting to see if the problem can be isolated to any startup files. In msconfig I would disable all but ZoneAlarm. And you can include that too, IF you enable the XP native firewall temporarily to replace it.

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;310353

    Also, when it's "crawling", do a ctrl-alt-del and look under the "process" tab. Is there a process consuming an abnormal percent of cpu resources, such as "explorer.exe"?

    Ignore system idle process which should normally be 95-98% since it measures "idle" time.
     
  3. ArtVandalay

    ArtVandalay Thread Starter

    Joined:
    Aug 25, 2003
    Messages:
    71
    Thanks for replying....

    I guess I should have posted this in the Windows XP forum (apologies..) :rolleyes:

    Anyway, in answer to your question, there were processes listed in the task manager that were using an abnormal amount of resources and memory. Internet Explorer, for example, was using at times upwards of 50,000k of memory - it usually runs in the 30,000k range. The task manager itself would use 12,000k +. It seemed the existing processes were 'working harder'.

    I uninstalled ObjectDock, and also removed 3 items that came pre-installed from the startup folder (nvsvc32.exe, dlg.exe, DSentry.exe). The system now runs at about 60-70% of where it used to be (as opposed to 20-25%..I'll take it).

    What continues to puzzle me is how the apparent causes of the slowdown were gradual - again, no major changes/additions in 2 months - yet the effects were so sudden and dramatic....literally changing from one boot to the next.

    Again, thanks (y)
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    If Internet Explorer is continuing to do that, see if the Repair Tool is available through Add/Remove Programs > Internet Explorer > Remove > Repair; it might be under Windows Components; I've never updated so I'm not sure where SP1 puts it.

    You can also try the command line method here:

    rundll32 setupwbv.dll,IE6Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"

    See: http://support.microsoft.com/defaul...port/kb/articles/q194/1/77.asp&NoWebContent=1

    Or:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;318378&Product=winxp

    If cpu usage is high for other processes than "system idle process"; let me know which.

    dlg.exe would only be needed (I have it too, by the way), if you are using a digital connection to an LCD monitor.
     
  5. ArtVandalay

    ArtVandalay Thread Starter

    Joined:
    Aug 25, 2003
    Messages:
    71
    ....well, sort of. My system, while not as fast as it once was, is slowly regaining its speed. This was after all, a security issue.
    I decided to give Norton AntiVirus 2004 Professional a shot & sure enough, it detected 4 adware instances disguised in several formats, one of them (ddm3dia.dll) was classified as a medium-level threat by Symantec:

    C:\WINDOWS\SYSTEM32\uenginei.exe
    C:\WINDOWS\SYSTEM32\biH.exe
    C:\WINDOWS\SYSTEM32\ddm3dia.dll
    C:\WINDOWS\smss.exe (Ladex.worm)

    All of the above were deleted from the system.

    Again, these went undetected by SpyBot, Ad-Aware, and SpySweeper.....(n)

    Cheers........
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Thanks for the followup; although it didn't appear that any of the exes were actually running, the Scanlog would not have shown the dll even if loaded.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/206029

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice