PDA

View Full Version : Help - Major Performance Problem



ztsnlh00
11-03-2007, 04:33 PM
Here is the scenario. (XP Service Pack 2)

PC is working fine when turned off on Friday evening.

Saturday morning the PC takes for ever to start-up to a usable state. Everything eventually initializes except ZoneAlarm although Windows Security Manager believes there is a Firewall (Windows Firewall is disabled). The main symptom is that the Hard Drive is constantly (100%) used all of the time.

Iíve successfully run Chkdsk and Defrag. They both took an age.

Iíve run Spybot, Adaware, Nortons Anti Virus and CCleaner and they are all clean.

Iíve tried booting using SafeMode, the original installation disk and using MSConfig to disable all the non essential start-up programs. None of these changed the symptoms.

I downloaded Hijack this and the following is the output.

Logfile of HijackThis v1.99.1
Scan saved at 8:46:48 a.m., on 11/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\twain_32\C6U14K\WATCH.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08878706-9AEB-450D-81D5-723D604A96B8}: NameServer = 203.96.152.4,203.96.152.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{08878706-9AEB-450D-81D5-723D604A96B8}: NameServer = 203.96.152.4,203.96.152.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Can anyone offer any suggestions? Is there a utility that will show who is doing the I/O operations to the disk?

Thanks in advance. Neil

Speedy Gonzales
11-03-2007, 05:03 PM
You have more than 1 firewall installed dont you??

Make sure XP's firewall is still off, and uninstall one of the other 2.

You only need one firewall.

Run HJT again tick these entries and tick fix checked. Close browser/s.

These arent nasty, they dont have to be in startup.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" - uninstall this and all previous versions of Sun Java. The update is in my sig below.

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE - go to the MS office folder and pin the main files to the start menu.

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

ztsnlh00
11-03-2007, 06:34 PM
Hi Speedy,

Thanks for the feedback and I'll try what you suggest.

Your first comment has me a little confused. As far as I know I only have ZoneAlarm installed. The Windows Firewall is definitely disabled. Is there something in the HijackThis listing that suggests I have two?

Speedy Gonzales
11-03-2007, 06:57 PM
Umm yup Norton Internet Security. Or is this just the AV??

Well, you've got some Norton/Symantec program installed.

I wouldnt be surprised if this is whats causing the prob. Its a memory hog.

ztsnlh00
11-03-2007, 07:23 PM
I only have Nortons Anti-Virus.

The point is my PC went from being perfectly acceptable to 30-50 times slower overnight with no changes that I know about?

The most obvious symptom is the Hard Drive runs at 100% for as long as you want to leave the PC switched on (over 24 hours currently)

Speedy Gonzales
11-03-2007, 07:32 PM
Well I would say its either the AV program or it needs a defrag.

Rock
11-03-2007, 08:26 PM
Hi

Is it Nortons 2007 AntiVirus?

If so get rid of Zone alarm "Compleatly" using Speedy's Fix - I another thread - And see if thats the problem. It was for me.

ztsnlh00
11-03-2007, 08:41 PM
Hi

I've already defragged with no effect.

Mine is Nortons AV 2006 but I'm due to re-subscribe this month. If it is the Nortons AV I'm just wondering what the "Trigger" is as I've been running it for three years?

Rock
11-03-2007, 08:46 PM
Hi

My Problem started after Upgrading NAV 2003 !!! to NAV 2007 it did warn Zonealarm was not compatable but need to do more than standard uninstall.

I think VSMON was left running which fowled up my system.

Laura
11-03-2007, 09:07 PM
Hi

Is it Nortons 2007 AntiVirus?

If so get rid of Zone alarm "Compleatly" using Speedy's Fix - I another thread - And see if thats the problem. It was for me.

Judging by past threads about Nortons, many forum members would suggest you've got that the wrong way around -
i.e Toss the NAV & keep ZA.

(Can't speak personally, as never had NAV. Others may back this up, though..?)

Rock
11-03-2007, 09:15 PM
Hi Laura,

maybe you are right, but its a shame they don't work well together.

As I Understand it both programs work in different ways to keep you free of nasties.... One is a fire wall the other a virus detection then removal program.

Just hope ntznlh00 gets a solutions as I had very similar problem as He/She does.

radium
11-03-2007, 11:53 PM
AFSIK I don't think that Norton will becausing you all the trouble. I know it's not the best AV around and can be a bit heavy to run, but it won't slow your comp down as much as you say yours has.
Have you got System Restore on? If so try going back to a restore point just a few days ago when the comp was going good.

Or maybe it's a hardware problem, your hdd could be dying? Run some hdd diagnostic tests maybe

beeswax34
12-03-2007, 12:57 AM
Please do not keep NAV. Worst memory hog ever and only OK in performance as well, Get Avast, Comodo or NOD32 that are free or cheaper and are much more efficient and better at their jobs.

Thomas01
12-03-2007, 10:21 AM
It's a good while ago now but my last computer ran into this sort of trouble. I off loaded NORTONS and it returned to normal. My NORTONS still resides on a shelf in the garage where it does no harm.
It would be my first action with your computer.
But I am no expert.
Tom

Laura
12-03-2007, 01:22 PM
As beeswax34 said, there are other anti-virus options which get better recomendations here.
I'm a fan of free avast! myself. It updates automatically & has never given me any trouble.
But there are many threads with other choices if you try the forum's Search.

JackStraw
12-03-2007, 02:33 PM
It surprises me that anyone would still consider using Norton anti-virus. Almost without exception whenever someone posts an HJT log, there it is, Symantec this, Nortons that and nine times out of ten it is either a virus or a trojan or what have you that Nortons has let through or has allowed an inexperienced user to download some nasty active x control without warning. I have a mate in Australia who works for Symantec, quite high up in the company, and whenever he comes over I give him a friendly ribbing over NAV, he never has a comeback, he just looks embarrassed. He, by the way, uses AVG and Spybot search and destroy with Tea Timer.

ztsnlh00
12-03-2007, 02:37 PM
Hi

I fixed the problem by Starting in Safe Mode and used the Add/Remove function to get rid of ZoneAlarm.

This fixed the problem but I re-installed Nortons for good measure and then re-installed ZoneAlarm Pro and it all works wonderfully.

I'd been using ZoneAlarm and Nortons together for a number of years without any issues.

I might try some of your suggested replacements.

Thanks to all of those that tried to help.

Regards, Neil

Bryan
12-03-2007, 03:03 PM
Neil.

I was an avid supporter and user from way back. Then I found out that Peter Norton and John Socha were no longer with Norton.

Recently I removed Norton System Works and replaced it with just NOD32.

I have to say that I was very pleasantly suprised at how much quicker everything loaded and ran. I can only put it down to Norton hogging all the memory and clogging the system.

I'm all for removing and never installing Norton again.

Rock
12-03-2007, 08:24 PM
Hi,

Glad your system is now OK. I was elated when the fix you did worked for me last week.

I think its abit of a red herring which Anti-Virus / Firewall you have. ALL SOFTWARE HAS ISSUES no matter what anyone says.

The Fix worked thats all that really mattered to me.

Regards