| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 77472 | 2007-03-11 03:33:00 | Help - Major Performance Problem | ztsnlh00 (11981) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 531785 | 2007-03-11 03:33:00 | Here is the scenario. (XP Service Pack 2) PC is working fine when turned off on Friday evening. Saturday morning the PC takes for ever to start-up to a usable state. Everything eventually initializes except ZoneAlarm although Windows Security Manager believes there is a Firewall (Windows Firewall is disabled). The main symptom is that the Hard Drive is constantly (100%) used all of the time. I’ve successfully run Chkdsk and Defrag. They both took an age. I’ve run Spybot, Adaware, Nortons Anti Virus and CCleaner and they are all clean. I’ve tried booting using SafeMode, the original installation disk and using MSConfig to disable all the non essential start-up programs. None of these changed the symptoms. I downloaded Hijack this and the following is the output. Logfile of HijackThis v1.99.1 Scan saved at 8:46:48 a.m., on 11/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe C:\WINDOWS\twain_32\C6U14K\WATCH.exe C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - www.symantec.com O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - www.symantec.com O17 - HKLM\System\CCS\Services\Tcpip\..\{08878706-9AEB-450D-81D5-723D604A96B8}: NameServer = 203.96.152.4,203.96.152.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{08878706-9AEB-450D-81D5-723D604A96B8}: NameServer = 203.96.152.4,203.96.152.12 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Can anyone offer any suggestions? Is there a utility that will show who is doing the I/O operations to the disk? Thanks in advance. Neil |
ztsnlh00 (11981) | ||
| 531786 | 2007-03-11 04:03:00 | You have more than 1 firewall installed dont you?? Make sure XP's firewall is still off, and uninstall one of the other 2. You only need one firewall. Run HJT again tick these entries and tick fix checked. Close browser/s. These arent nasty, they dont have to be in startup. O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" - uninstall this and all previous versions of Sun Java. The update is in my sig below. O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE - go to the MS office folder and pin the main files to the start menu. O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE |
Speedy Gonzales (78) | ||
| 531787 | 2007-03-11 05:34:00 | Hi Speedy, Thanks for the feedback and I'll try what you suggest. Your first comment has me a little confused. As far as I know I only have ZoneAlarm installed. The Windows Firewall is definitely disabled. Is there something in the HijackThis listing that suggests I have two? |
ztsnlh00 (11981) | ||
| 531788 | 2007-03-11 05:57:00 | Umm yup Norton Internet Security. Or is this just the AV?? Well, you've got some Norton/Symantec program installed. I wouldnt be surprised if this is whats causing the prob. Its a memory hog. |
Speedy Gonzales (78) | ||
| 531789 | 2007-03-11 06:23:00 | I only have Nortons Anti-Virus . The point is my PC went from being perfectly acceptable to 30-50 times slower overnight with no changes that I know about? The most obvious symptom is the Hard Drive runs at 100% for as long as you want to leave the PC switched on (over 24 hours currently) |
ztsnlh00 (11981) | ||
| 531790 | 2007-03-11 06:32:00 | Well I would say its either the AV program or it needs a defrag. | Speedy Gonzales (78) | ||
| 531791 | 2007-03-11 07:26:00 | Hi Is it Nortons 2007 AntiVirus? If so get rid of Zone alarm "Compleatly" using Speedy's Fix - I another thread - And see if thats the problem. It was for me. |
Rock (7239) | ||
| 531792 | 2007-03-11 07:41:00 | Hi I've already defragged with no effect. Mine is Nortons AV 2006 but I'm due to re-subscribe this month. If it is the Nortons AV I'm just wondering what the "Trigger" is as I've been running it for three years? |
ztsnlh00 (11981) | ||
| 531793 | 2007-03-11 07:46:00 | Hi My Problem started after Upgrading NAV 2003 !!! to NAV 2007 it did warn Zonealarm was not compatable but need to do more than standard uninstall. I think VSMON was left running which fowled up my system. |
Rock (7239) | ||
| 531794 | 2007-03-11 08:07:00 | Hi Is it Nortons 2007 AntiVirus? If so get rid of Zone alarm "Compleatly" using Speedy's Fix - I another thread - And see if thats the problem. It was for me. Judging by past threads about Nortons, many forum members would suggest you've got that the wrong way around - i.e Toss the NAV & keep ZA. (Can't speak personally, as never had NAV. Others may back this up, though..?) |
Laura (43) | ||
| 1 2 | |||||