-
February 17th, 2004, 03:22 PM
#1
Junior Member
System running like Kucinich--slow.
Thank you in advance for any help offered.
My wife uses WinXP Pro with 1024 mb of memory. I have installed ZAPro, SpybotandD, TH, NAV, and I try and monitor it daily. Yet the system, only a month old, is running as if there were a an anchor tied to it. Here are the results of Hijackthis:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Us\Local Settings\Temp\Temporary Directory 1 for hijackthis1977[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...367/wmavax.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/215e48fb0f858c2...p/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/Visit.../TLIEFlash.CAB
-
February 17th, 2004, 03:52 PM
#2
I know you may be sceptical but try disabling your antivirus auto update and see if that makes a difference.
-
February 17th, 2004, 03:57 PM
#3
Hi there Mr, American football person, when are you guys going to learn how to play Rugby......it goes a lot faster because we don't wear body armour......if it does not hurt, how can you possibly "experience" it?
Seriously though,
1. You have a lot of "svchost.exe" running.............that suggests that you are starting far too many applications to me. Take a look at your "tray" in the bottom right of the screen and think about what you really need ALL THE TIME. What I am suggesting is that stuff you only use from time to time should be an icon on your desktop or you start it from "programs" You can adjust this in your "startup" file.
2. You are running NAV and ZA..............that is my favourite cause of the problem......they are fighting on the playing field I think that your NAV probably has its own firewall
It is what we (old farts like me) used to call a "deadly embrace", that is two proggys getting in eachother's way.
To test this, please boot up when unplugged from the internet and switch off ZA and NAV and see what happens to performance. You need to stress test it a bit so try playing a game demo or something?
I did NOT see any obvious malware running.
Make sure that you have the latest autoupdate utility for Norton.should be dated about January 6........this is a known performance problem creator if you have an earlier one!
Let us know how you get on:
1. Check NAV autoupdate program date
2. Test with NAV & Zone Alarm off
3. Get rid of startups you don't need
Cheers
-
February 17th, 2004, 03:58 PM
#4
You have all available m$ updates? Also, are you updating the other programs before you're scanning?
Periodically do a disk cleanup, clean out startup programs that aren't necessary. (you can temp disable them first, to make sure you don't need them if you aren't sure what they are.) Use msconfig for this... then, after you've confirmed that you don't need them starting up, use regedit and delete shortcuts from startup folders. Defrags aren't as helpful anymore... because of the drive speeds... but I've found they help a bit. Especially when the disk gets pretty full.
Do you have the performance set for "let windows decide"? If so, its going to decide that your flashy graphics and smooth scrolling and all that unnecessary crap is going to happen. I prefer to tweak the system for performance, rather than apperance.
Right click on my computer, properties, advanced tab, performance, choose performance tab.
You may also want to tweak your page file... Same place as above... just click on the advanced tab, and then virtual memory. View this page to make sure you know what you're doing. http://support.microsoft.com/?kbid=314482
That will take away some of the flashy things that XP has... and make it look more like 2k.. but the difference in performance is well worth it IMO.
Kill unnecessary services. They too take up system resources.
Visit www.blackviper.com to see which services you really need and which you can disable.
Your hijack this report looks ok to me... maybe someone will spot something I didn't?
EDIT:
Nihil, you beat me to it. lol
2. You are running NAV and ZA..............that is my favourite cause of the problem......they are fighting on the playing field I think that your NAV probably has its own firewall
NAV doesn't have its own firewall, unless you get NIS (norton internet security) or separately install norton firewall. I use that (NIS) and they integrate well. I've never used zone alarm with NAV, so I'm not sure how that'd affect performance.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 17th, 2004, 04:05 PM
#5
Hi Linebacker54,
Mark, phish~ and myself posted so close we crossed ideas
Your HijackThis looks ok........................do check the autoupdate thing, and as phish~ says services.... those are the applications that start up when you boot, which is what I was referring to.
Keep us posted
You have the three musketeers on your case (Mark can be Porthos )
-
February 17th, 2004, 04:06 PM
#6
I have heard that there are some issues with system performance on some systems and Norton AV.
Another way to possibly tell is to use Cnt+Alt+Del and start your task manager. Then under processes check and see what process is being the resourse hog.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
February 17th, 2004, 04:50 PM
#7
hmmm, I know that sCVhost.exe is a worm. let me do some research..
Remember -
The ark was built by amatures...
The Titanic was built by professionals.
-
February 17th, 2004, 04:54 PM
#8
avenger_jcc
That doesn't have to be viral. If he has an AV scanner and its up2date, then the chances of it being viral are pretty slim.
http://support.microsoft.com/default...b;en-us;250320
ah, you edited your post...
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 17th, 2004, 05:21 PM
#9
The clue lies in where the svchost.exe file lives ..............the viral one is in the wrong place because you cannot have two files of the same name in the same folder.......but you can have them in different folders.
When they boot they appear in task manager as the same thing (totally permissible) but one or more has come from the wrong place......that is the virus.
It is just a smokescreen for the malware?
Cheers
-
February 17th, 2004, 05:55 PM
#10
Junior Member
Many thanks for the responses.
All M$ updates are in place, yesterday the disk was defragmented and I have turned off some services that are apparently not needed.
In addition, there "seems" to be no conflict between NAV and ZAP, though I did disable to check, then reconnected to the internet.
I am somewhat concerned about a possible virus, especially since someone mentioned about svchost. Any further information on that would be deeply appreciated.
As an aside, and because I completely forgot the first time around, my wife took her old hard drive, installed it in the new computer and reformatted it. Could that have anything to do with this?
To my friends across the pond, I do enjoy Rugby, especially since England won the world cup! But I love American football even more.
Cheers.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|