Help - Slow computer, low CPU usage.

CodeBlox

I have a system (HP) with the AMD Athlon 64 3800+(single core) chip. There is 1GB of RAM and the operating system is Windows XP media center. I've gone through the usual trouble shooting routine. Safemode MalwareBytes scan and while that did turn up 385 "infected objects" there was no boost in speed on this particular system. I've tried to boot with only the Microsoft services selected to run at start up. I HAVE NOT tried to defragment yet however. Nor have I done a "Check Disk". It's something I would like to have fixed yet I'm still sort of a newbie! The CPU usage in Task manager is low and I don't have a process consuming too much ram. Highest was 60mb. What could cause this? Help would be appreciated.

EDIT: I should probably add that this isn't my system. It belongs to a friend and it is not in my possession. All of the troubleshooting I have done with her has been over phone/chat.

Also, should I ask to person to just let me take the computer home and see whats what? Or should I leave it in their possession to prevent a liability if something were to go wrong?

nhan.ng

how slow? there could be a alot of things causing it to be slow: rootkits, malware...etc

Have u run TDSSKILLER? hitmanpro/superantispyware?

give those a try.

CodeBlox

I told her this, that there could be many things wrong. When asked "How slow and while doing what?" she said "Very slow and all the time!". She did say things were about 5 times faster in safe mode which is why I was surprised that the disabling of all non Microsoft services didn't work via msconfig.

nhan.ng

Process Explorer

see's what currently running.

Autoruns - msconfig on steroid

Autoruns for Windows

i had a client with windows media sharing/streaming service enable on their pc. It didn't show much mem usage when i checked task manager but as soon as i reboot the system, mem jumped to close to 2gig. Disable that stuff and everything was nice again

i suggest you to run tdsskiller first to see if it pick up anything. Then run Superantispyware after and let me know.

CodeBlox

I need to wait until she gets in but I will suggest this. I will let you know what happens with that. I've never used tdskiller so I will look into that now though.

nhan.ng

you can download it here.

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

CodeBlox

I've just tried it on my system and it finishes in about 10 seconds... is that normal?

SteveLord

Get a full breakdown of ALL hardware. I've cracked open machines only to find old 5400rpm hard drives in them before.

nhan.ng

CodeBlox wrote: »

I've just tried it on my system and it finishes in about 10 seconds... is that normal?

yup. It only scan for a TDL2/TDL3/TDL4 rootkits plus i think another....forgot the name thou.

CodeBlox

Will do, I think I know what system she has: HP Media Center AMD Athlon 64 3800+ 1GB 250GB DVDRW XP HP EL466AAR#ABA

Thats based on the specds she gave me for some of the hardware. As you can see, it doesn't even list the RPM for the particular drive. I suppose I can get that from her later.


Should I run tdsskiller from safe mode?

nhan.ng

normal mode is fine too. I prefer to run everything in safe mode as it's much quicker

CodeBlox

I honestly have never dealt with rootkits. No one has ever presented me with the problem. What happens if it does indeed have a rootkit, just not one of those listed that tdsskiller detects?

Does this sound like a rootkit though? I mean, I've checked and not many processes are running and none are consuming much RAM at all. And as I said, CPU usage was relatively low, around 7%

nhan.ng

TDLx rootkits load before Windows even start, so to all Antivirus software, it's invisible as it's hidden in the Master Boot Record. If TDSKiller pick it up, it'll give you the option to remove it. After that, restart the pc, run mbam full scan and you'd be good to go.

If the pc runs really slow, programs giving error, system crash out of nowhere....chance is, it's probably has a rootkit.

Now, what if it's clean, there's nothing but the system still run slow? Well check for hardware failure, driver issues...etc.

oh almost forgot, run HitmanPro on it too. It'll be able to pick up most of the stuff as well.

When i get on a customer pc, this is what I run:

-task killer script: shut down anything i dont need from running, even Explorer.exe
-Tdsskiller: make sure there's no TLDx rootkit,
-ccleaner: Clean out all the temp files, as most of the minor infections tend to reside in the temp folders.
-Malwarebyte-full scan.
-Superantispyware: once again full scan, as it will pick up things that malwarebyte didnt. There's no such thing as one scanner that can do it all.
-Hitmanpro: Last scanner to see if there's anything left. It's also useful software for hidden proxy (win vista, win 7)

Clean it again with ATF cleaner/Ccleaner. Check IE make sure it's working fine. That's it

CodeBlox

She did say that it was really slow, even at boot up before she got to the "Login" screen. I will get her to run tdsskiller when she gets home. I will let you know how this goes! My next thing WAS to check for driver issues. I did the MalwareBytes scan last night and as said in the OP, it found 385 infected objects

nhan.ng

if Malwarebyte found 385, SuperAntispyware will probably find more

CodeBlox

tdsskiller turned up nothing I had my hopes up

Cisco Inferno

ugh media center.
anyways. do a windows update to the latest files (protect you from malware vulnerabilities)

go into safe mode, run a malware scan. (itll find things that were previously not detected)

go to download.com and download and run auslogic disk defragmenter. its amazing.

type in msconfig and disable everything in the startup tab. (only essential windows items will start)

open up the case and clean out dust sitting on the CPU. this could be a heat issue too.



please let me know if this helps.

Plantwiz

CodeBlox wrote: »

....snip...

Also, should I ask to person to just let me take the computer home and see whats what? Or should I leave it in their possession to prevent a liability if something were to go wrong?

If you are worrying about being 'sued' than this is not likely the best career path.

And, while I (think) understand your reason for concern (likely because you are new and don't have the confidence) this is not the best approach to breaking into the field. (IMO).

-DOCUMENT, your steps and anything that YOU do.
-Make certain you have obtained a good history of the problem BEFORE working on the machine.
-Work with a mentor to ensure you don't mess something up, but simply start with people who 'trust' you and won't be too broken up if you do delete their wedding photos (or whatever you are concerned about doing).

It is almost certain that No matter HOW prepared you are, you WILL have a client who BLAMES YOU personally for messing up something that -
1) Never worked to begin with
2) Never was part of the discussion and therefore was never 'fixed'
3) Is broken because the client added it AFTER service and AFTER you had their machine up and running perfectly...they installed something and it will be YOU fault


If your friend is willing to trust you to run some scans, and you are not deleting files from her registry/or personal folders (unless the known malware scanner software says it needs to go and you recognize it as a bad file) you shouldn't have any problems.


OR simply use this as an opportunity to 'teach' her what you'd do on your machine and let her do the work and tell you what her findings are when done.

nhan.ng

CodeBlox wrote: »

tdsskiller turned up nothing I had my hopes up

keep digging. Im sure you'll find something:)

Psoasman

First off, I would back up her stuff on the computer. That way if anything happens while troubleshooting, you won't have to explain why her music, videos, pictures are gone.
Try Disk cleanup and defragment.
Delete the internet history, cookies, etc.
Free space on the HD??, if it gets below 15%, you can't run a defrag well, and if it's below 12%, system restore won't work right.
1 GB of RAM is on the low side for this computer. You can check RAM Memory Upgrade: Dell, Mac, Apple, HP, Compaq. USB drives, SSD at Crucial.com and run their scanner to see what upgrades are available.
Run checkdisk /r to clean up any errors that may be slowing it down.

and as Cisco Inferno suggested, take a look inside, blow out the dust. I would wear a wrist strap if you are going to upgrade anything in the case - CYA.

CodeBlox

Plantwiz wrote: »

If you are worrying about being 'sued' than this is not likely the best career path.

And, while I (think) understand your reason for concern (likely because you are new and don't have the confidence) this is not the best approach to breaking into the field. (IMO).

-DOCUMENT, your steps and anything that YOU do.
-Make certain you have obtained a good history of the problem BEFORE working on the machine.
-Work with a mentor to ensure you don't mess something up, but simply start with people who 'trust' you and won't be too broken up if you do delete their wedding photos (or whatever you are concerned about doing).

It is almost certain that No matter HOW prepared you are, you WILL have a client who BLAMES YOU personally for messing up something that -
1) Never worked to begin with
2) Never was part of the discussion and therefore was never 'fixed'
3) Is broken because the client added it AFTER service and AFTER you had their machine up and running perfectly...they installed something and it will be YOU fault


If your friend is willing to trust you to run some scans, and you are not deleting files from her registry/or personal folders (unless the known malware scanner software says it needs to go and you recognize it as a bad file) you shouldn't have any problems.


OR simply use this as an opportunity to 'teach' her what you'd do on your machine and let her do the work and tell you what her findings are when done.

Well I do think I possess the skillset to eventually find the problem. The confidence however is another story. I actually recently just got my first I.T. job too, it starts June 2 as a HelpDesk Technician. It's harder to do things over phone / chat when her mom keeps making changes as I am trying to troubleshoot. Example: I told her to run tdsskiller and her mom is trying to uninstall Norton. Well I'm not sure what happened but her system would then only boot into safemode. I had to get her to boot with "Last known good configuration". Do you guys think that a Check Disk could improve performance? I don't think it would help in this case because she said the system was faster in safe mode.

EDIT: Everything is backed up, that was done early on.

Plantwiz

CodeBlox wrote: »

Well I do think I possess the skillset to eventually find the problem. The confidence however is another story. I actually recently just got my first I.T. job too, it starts June 2 as a HelpDesk Technician. It's harder to do things over phone / chat when her mom keeps making changes as I am trying to troubleshoot. Example: I told her to run tdsskiller and her mom is trying to uninstall Norton. Well I'm not sure what happened but her system would then only boot into safemode. I had to get her to boot with "Last known good configuration". Do you guys think that a Check Disk could improve performance? I don't think it would help in this case because she said the system was faster in safe mode.

EDIT: Everything is backed up, that was done early on.

Then it is time to control the environement or simply pass on the task until you have the confidence.

Working over-the-phone is how MUCH of IT work is done. And, though it has been a long while, I understand what you are saying, but having trained a plethora of new pups if you want to survive, you'll have to jump (if you catch the drift).

No matter what you do and how prepared you will be, you WILL run into clients who will BLAME you for everything you did, didn't do and everything they have done 3 weeks after you completed service.

Find people who trust you with their equipment and get to work. If this party doesn't trust you and you don't trust yourself, simply pass and wait until you can DO it....my point is, you may wait a long time for that perfect time...

Devilsbane

CodeBlox wrote: »

I have a system (HP) with the AMD Athlon 64 3800+(single core) chip. There is 1GB of RAM and the operating system is Windows XP media center. I've gone through the usual trouble shooting routine. Safemode MalwareBytes scan and while that did turn up 385 "infected objects" there was no boost in speed on this particular system. I've tried to boot with only the Microsoft services selected to run at start up. I HAVE NOT tried to defragment yet however. Nor have I done a "Check Disk". It's something I would like to have fixed yet I'm still sort of a newbie! The CPU usage in Task manager is low and I don't have a process consuming too much ram. Highest was 60mb. What could cause this? Help would be appreciated.

EDIT: I should probably add that this isn't my system. It belongs to a friend and it is not in my possession. All of the troubleshooting I have done with her has been over phone/chat.

Also, should I ask to person to just let me take the computer home and see whats what? Or should I leave it in their possession to prevent a liability if something were to go wrong?

If the usual routine fails, it might just be time to wipe it. Microsoft recommends a clean install to be performed as part of the regular maintnance. I want to say they say every 2 years for desktops and once a year for laptops. I don't follow these timescales with my own machines due to the amount of work involved, but if something isn't working then it might just be needed.

nhan.ng

CodeBlox wrote: »

Well I do think I possess the skillset to eventually find the problem. The confidence however is another story. I actually recently just got my first I.T. job too, it starts June 2 as a HelpDesk Technician.

Congrats

It's harder to do things over phone / chat when her mom keeps making changes as I am trying to troubleshoot. Example: I told her to run tdsskiller and her mom is trying to uninstall Norton.

Have her download Teamviewer and you should be able to take control and do everything remotely.

Well I'm not sure what happened but her system would then only boot into safemode. I had to get her to boot with "Last known good configuration".

Dont really know what's the problem is, but with XP you can always do a system repair with the OS installation cd. (i assume you or your friend at least have one in handy)

Do you guys think that a Check Disk could improve performance? I don't think it would help in this case because she said the system was faster in safe mode.

EDIT: Everything is backed up, that was done early on.

The thing about safe mode is that she is limited to a fixed resolution and most of her software wont run. If the system runs fine in safe mode and the system is infections-free, try taking a look at all the drivers, software that load when windows boot up, as they could be the cause of the problems

wd40

Check the temperature of the CPU .. I had a case where the CPU overheats and everything become very slow.

Ahriakin

Have you run Performance monitor? Yes it is most likely either lingering malware or the damage it has done but start with the basics. Run perfmon and setup counters for CPU (combined and per core), Ram free, Page defaults, Network bandwidth, Disk Q length. Find out where the performance bottleneck is before trying do do deeper troubleshooting.

E.g. If Free ram dips occasionally when you see the slowdown see if there is a match in page-defaults and disk-q length. If the ram drop is not critical (Say there's still ~30% free overall) then check the HDD (checkdisk as you mentioned and defrag - not windows defrag, either Diskeeper/O&O or a good freebie like Defraggler). Then run an optimiser app. and set it to not page the kernel, play with the file caching etc. Basically correlate results, it's not always obvious if a metric is causal or symptomatic and correlation is often the only way to tell.

CodeBlox

Guys, this has been resolved through a simple System Restore to about a month ago. It was a last resort, but it fixed the problem. I had tried so many other things that could have been causing the problem. Now I'm curious as to what was actually causing it!

Thanks for the help anyways!

Tackle

Took the easy way out huh?

Hopefully it wasn't something that was already installed that is triggered by her doing something.

I personally don't like the feeling of doing a system restore on my own machines...they just feel dirty after. I'd rather do a fresh install if I am struggling to fix something. Re-setting up is quicker than messing around for a couple days.

I don't know how it is for lots of business's, but we have system restore turned off on all the machines and have to go about solving problems through trial and error. Like you were doing.

Psoasman

There's nothing wrong with using system restore, it's a legitimate tool, which can get a computer up and running quickly. I use fairly often to get a computer running again, so I can backup the data. It can be very time consuming trying to figure out what program,driver, or update might be causing a problem.

CodeBlox

Yeah, but I do feel like I cheated by doing this. I mean, I never actually found out what was causing this. I mentioned I was doing this over chat/phone and I suppose that wasn't so bad. The hard thing was to deal with the friends mother tinkering around while I'm troubleshooting! I was troubleshooting and she decided she wanted to uninstall Norton Internet Security. It resulted in her computer only booting into safe mode. I then had to take the time and step back and guide her to fixing that problem. I did easily fix that problem though.

I've actually helped a quite a few people with computer problems and I never make anyone pay me for it. Not sure if I'm missing out on lots of money!

instant000

CodeBlox wrote: »

Yeah, but I do feel like I cheated by doing this. I mean, I never actually found out what was causing this. I mentioned I was doing this over chat/phone and I suppose that wasn't so bad. The hard thing was to deal with the friends mother tinkering around while I'm troubleshooting! I was troubleshooting and she decided she wanted to uninstall Norton Internet Security. It resulted in her computer only booting into safe mode. I then had to take the time and step back and guide her to fixing that problem. I did easily fix that problem though.

It's not cheating to get the customer back up and working quicker.

I used to work with a government employee who would always reload a system if he couldn't figure it out in 5 minutes. His reasoning was that he could get the user back up and working faster by reloading it, then doing all these crazy troubleshooting steps, and if the problem was truly hardware, then a reload wouldn't make it go away, and he'd just give them a fresh system. His reasoning was that if the user's had the threat of getting their systems reloaded, they'd do more to take care of them, to avoid getting reloaded in the future.

We used to laugh and make jokes about him, but the true goal is to get the customer working as fast as you can, and he was doing just that.

He had a catch phrase "It's time for a wipe," and then he'd pull out this floppy disk and start shaking it up and down with a big grin on his face. Which basically meant he was going to wipe out all system partitions and reload the system. This was back in my military days, when I was in Korea. Ahh, the memories!

He reminded me of the guy in the basement on Office Space, with the Swingline Stapler.