Hello,
I am experiencing some problems with my PC. The computer is surprisingly slower than it was just a month ago. The system seems to run in a cycle where it operates normally for a minute or two, then locks up for about 45 seconds. The cycle runs continuously as I use the machine and is even worse if I run programs or games, making them nearly unusable.
I have noticed that while running task manager, the CPU usage pegs out at 100% fairly frequently with 37 processes running. This surprises me as this problem developed very quickly with only Windows Updates being added. I have attempted to fiddle with the amount of processes running, but I am not sure what is helpful to stop and what would be harmful.
I have run a registry repair program, added RAM, defragmented and cleaned out excess files with no luck.
I am using a 2 year old Compaq 5000 with a Pentium 4, 640 MB RAM and an ATI Radeon 9700 PRO (128MB) Video Card. Doesn't seem like I should be having problems like this running programs.
I have never had a problem like this before. Any suggestions/advice would be greatly appreciated!

Best Regards,
Greg

Welcome to Windrivers Z

You didn't mention if you had checked for viruses and spyware. If you haven't already do that first.

37 processes seems rather a lot. Which are the processes that are taking up most of the cpu ?

I am not quite sure how to check for SpyWare, but I am running a virus check as we speak.
I thought 37 processes was quite a bit. Unfortunately, I don't know which ones are critical and which ones are ok to stop. Here is the list of processes that the system seems to run at startup. Hopefully it makes more sense to you than it does to me:
IEXPLORE.EXE-32k
svchost.exe
exploere.exe
ccApp.exe
compaq-rba.exe
CCPXYSVC.EXE
spoolsv.exe
DirectCD.exe
CPQInet.exe
CPQEADM.exe
svchost.exe
alg.exe
winlogon.exe
svchost.exe
atiptaxx.exe
NISUM.EXE
svchost.exe
ccEvtMgr.execsrss.exe
pctspk.exe
SMTray.exe
STARTEAK.exe
ctfmon.exe
BttnServ.exe
mdm.exe
services.exe
EAUSBKBD.exe
ati2evxx.exe
ati2evxx.exe
scardsvr.exe
WkCalRem.exe
Isass.exe
winlogon.exe
System
System Idle Process
I appreciate the quick response. Thanks again for any help!

isass.exe is a trojan/spyware there is a list of what to do here (http://forums.windrivers.com/showthread.php?t=57348)

ok so far I know you have Norton 2003/4 and its running on a compaq.

ccEvtMgr.execsrss.exe no one has heard of... treat as suspicious

Which ones show the highest cpu usage?

exploere.exe <<< is that a typo? if not, definitely suspicious

IEXPLORE.EXE-32k again, is the -32k there?

Sorry, couple typos in there:
1. The -32k wasn't there, I was originally going to post memory usage

2.ccEvtMgr.exe
csrss.exe
<forgot to hit enter between those two>

3. explorer.exe was a typo.

Running your suggested SpyWare programs now...

if norton gave you the all clear, here is why (http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=39542&sind=0)

The word for this is 0wn3d!

The reason you have slowdowns is because you are not in charge of your computer.

That is some nasty stuff to find on your PC.

You need a good firewall, -Z-.

Zone Alarm, Kerio are some of the favourites out there (free). http://forums.windrivers.com/images/smilies/cool.gif


Do you know how to clean your machine?

How does Norton Personal Firewall rate compared to some of the other firewalls?

I may need to go shopping again...


Thanks again for the great help all!

Depends on how you have it set up. Personally I prefer both kerio and zone alarm over norton.

Ok,
Got rid of Norton and switched over to ZoneAlarm. Good thing, since Norton was using about 30% of my CPU.
I am pretty confident that my system is clean, having spent the better part of last night fixing it up.
The system is running a lot better, although I am still having significant slowdowns while running some larger programs. I checked my task manager for processes, and I now have 42 running at startup. I suspect this is partially responsible for the slowdown, as well as the damage already caused by some viruses I found on the system last night.
Two questions:
1. is there a way to repair damage already done by the viruses?
2. what is the most efficient way to go about thinning out the amount of processes I have running in the Task Manager? 42 seems like an awful lot...

thanks for the great help so far!

(I am starting to suspect that my computer is going the way of the dinosaur)

Amazing how such simple questions generate long answers....

OK, Black Vipers has here list of services (http://www.blackviper.com/WinXP/servicecfg.htm) Go through them and see what is excess. If you have services running in task manager that are not listed there, then post them here and/or look them up using google. You may find the norton left a few behind.

Check the link I gave earlier about how to check for spyware. When you are happy you have gone as far as you can, again, from the link above, run a hijack this log and post it here. We can take a look at what's left over.

Hello again,
I ran through the Black Viper site and set all my services to the "Safe" Configuration, and completed most of the "tweaks" that were recommended.
I thinned out my processes from 42 to 30.
I am a little hesitant about going through deleting things through Hijack This, and I used the LIUtilities site and BlackViper's to try and determine what is running.
Here is my Hijack this Logfile. Let me know if anything pops out at you as being excess:

Logfile of HijackThis v1.97.7
Scan saved at 10:36:04 AM, on 4/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Documents and Settings\Greg Zerfass\My Documents\Greg\Program Downloads\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TFTP2784
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37609.5178587963

Thanks again for all the help!!

Wow thats the shortest hijack log I have seen in a long time! O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE can be disabled in msconfig. It just takes up ram, it prepares ALL office programs to run. Frankly I would rather wait an extra couple of seconds to start excel than have it hovering in background all the time.

This one O4 - Global Startup: TFTP2784 - worries me. I have no information on that. Have hijackthis fix it.... hijack this has the facility to put it back if something complains.

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...MetaStream3.cab

is the viewpoint toolbar. Are you aware you have it? Do you use it? If no to either, then uninstall it in add/remove programs, if it doesn't appear there, then have hijack this fix it.

The only toolbar I would recommend for popup blocking is google - with the "enhanced features" turned off.

Shame about all the bloatware that compaq insists you run, but other than that, you seem to be clear.

Hm,
I was wondering about that TFTP file myself. Every time I start up I get an error message about it saying Windows needs to find the program that created it.
I have tried to have Hijack get rid of it, but it says the program is in use and I need to end it before I can delete it. It doesn't show up in task manager, and MSCONFIG requires a reboot to stop it at startup. Every time I reboot, it magically reappears and continues doing whatever it is that it does, and I can seem to stop the process...

Any suggestions for how to get it to stop so I can get rid of it?

Almost looks like I won't have to bother you every day any more ;)

That sounds likes someone is still trying to get at you!.

OK, safe mode, search the registry for TFTP2784 . Post the keys it is in and any other information you find. Somewhere there is an exe file for it, the registry should tell you were and what its called.

Looks like that did it.

It amazing how fast you can get out of date with this stuff. I truly appreciate all the help you've given me over the past few days. Seems like I've learned a ton about keeping this thing running more or less as it should.

thanks a ton!

My pleasure. Glad to see you were chiming in on other threads too. So many get an answer an not even utter an acknowledgement.

Have fun Z