Reduced to a crawl

Discussion in 'other anti-virus software' started by ennyoueffsea, Jun 23, 2004.

Thread Status:
Not open for further replies.
  1. ennyoueffsea

    ennyoueffsea Registered Member

    Joined:
    May 5, 2004
    Posts:
    28
    Location:
    Newcastle Upon Tyne, U.K.
    Hi everyone,

    Hope you can help please. A couple of weeks ago, I was getting an error on Norton Anti Virus, telling me at start up that it could not scan e-mail. I have since uninstalled and re-installed Norton and the error did go away, but the speed of browsing has dropped to a crawl. On broadband, most pages are taking over a minute to open, with quite a few taking up to two minutes to open.
    I uninstalled the Norton Anti Virus again, and when online, everything was back up to speed. Not wanting to be online without anti virus, I have since reinstalled it again last night, but when I have started up the pc today, the message comes up that "set up is updating your configuration" and I now find that everything has come to a halt again.
    When I look into the event log on Norton Personal Firewall, there are several lines where the page i've been trying to open is logged, and begins with "Blocked Referer: Referer: http://......." Followed by a line "Allowed User-Agent: User-Agent: Mozilla/4.0 (compatible MSIE 5.5......)"
    Am just not sure what direction to take with this, and would really appreciate any advice you can give. I've added a Hijack This log, though not sure if it will show anything.

    Many thanks for any help.

    Terry
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Logfile of HijackThis v1.97.7
    Scan saved at 04:13:46, on 24/06/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SA3DSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SXGDSENU.EXE
    C:\COMPAQ\INTERNET\CISRVR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
    C:\WINDOWS\TPPALDR.EXE
    C:\WINDOWS\SYSTEM\ICSMGR.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\ATRACK.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\AOL 7.0\DOWNLOAD\HIJACKTHIS.EXE
    C:\PROGRAM FILES\AOL 7.0\DOWNLOAD\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=eng
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://icnewcastle.icnetwork.co.uk/newcastleunited/news/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=eng
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&i=eng
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
    O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
    O4 - HKLM\..\Run: [Compaq Internet Setup] C:\Compaq\Internet\InetWizard.exe /RUN
    O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
    O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe
    O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~2\NAVAPW32.EXE
    O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe
    O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton Personal Firewall\NISSERV.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .bpt: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
    O12 - Plugin for .cgi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {73020B72-CDD6-4F80-8098-1B2ECD9CA4CA} (HearMe VoiceCREATOR) - http://vp.hearme.com/products/vp/embedded/plugins/evp.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://info.blueyonder.co.uk/TelewestPreQual/files/MotivePreQual.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38146.4821643519
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
     
  2. GermanKid

    GermanKid Guest

    too much junk run. norton already slow product but you run too much stuff at same time. did you defragmentate? av like hard drive not fragment

    recommend reformat fresh windows install if does nothing works
     
  3. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    HJT logs go in the Browser Hijacks forum. It doesn't have to be a browser hijack case to be there.

    I suggest that you not listen to anyone who is not an expert on AVs... newbies like me do not know what we are talking about. ;)

    Umm, GermanKid - isn't doing a clean install a bit extreme? Not that I would know, of course...
     
  4. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear ennyoueffsea, firewalls slowdown your surfing speed as they are constantly checking the packets. the more secure the setting the more time it needs to check the data. i haven't used NPF lately but this kind of slowdown is way too much even for a Norton product. try disabling your firewall and see if it improves your surfing speed. if it does then the culprit is your firewall. try the lowest level of security and check your browsing speed again. tell us on which settings you're getting acceptable speed. don't worry about that log.

    BTW update your IE to the latest version and you might want to delete Winamp agent and Real player agent. as you always get back your browsing speed when you uninstall Norton i'm sure NIS is the main culprit.
     
  5. ennyoueffsea

    ennyoueffsea Registered Member

    Joined:
    May 5, 2004
    Posts:
    28
    Location:
    Newcastle Upon Tyne, U.K.

    Hiya,
    Many thanks again for your suggestions. I've uninstalled and reinstalled Norton Firewall, and the speeds are right back up where they belong. Only problem now is when I open folders from the stert menu, e.g. My Documents, there is a delay of about a minute before it opens. Likewise, when I go to open a window back up from the taskbar, just freezes and never opens up. I have to keep going back to the desktop to double click to open folders/windows. So don't know whether this is still down to the firewall or not.

    Highest regards,

    Terry
     
  6. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi ennyoueffsea,

    You are running some unnecessary programs at startup which will drain your resources. Most can be accessed through the Start --> Programs feature.
    Here is the link to Pac's Portal if you want to check to see which one's to turn off.

    Here is some information on this one: c:\windows\SYSTEM\ssdpsrv.exe

    From Pacman's Startup List:
    If you are not using this, then it would be wise to turn it off. You can use this tool UnPlug n' Pray to stop the UPNPDH service, which then stops the SSDPDS service. The tool will let you turn it off, and on again if needed.


    This one is a known resource hog and we advise to fix it because of that.
    Place a check beside it in hijackthis, close all browsers, and click *Fix checked:
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    By the way, your log looks clean (sorry, forgot to add that) :)

    Regards,

    snap
     
    Last edited: Jun 27, 2004
  7. ennyoueffsea

    ennyoueffsea Registered Member

    Joined:
    May 5, 2004
    Posts:
    28
    Location:
    Newcastle Upon Tyne, U.K.
    Hiya,

    Everything looks to be flying again now. Uninstalling and reinstalling the firewall definitely helped, but the main culprit appears to have been some remnants of RealPlayer. At first they wouldn't uninstall, so last night downloaded the player, reinstalled it, in order to uninstall it.
    Since then, all remains of RealPlayer have gone and the whole pc is back up and running. Been on for a while today carrying out various tasks, and all seems to be well.

    Thanks also Snap for your suggestions and link. Going to have a good look at where those savings can be made.

    Just want to say a big thank you for all your help.

    Very best wishes,

    Terry
     
  8. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    Yup. Real Player is just plain evil. Depends on what version you had, but it gets in a takes over your system.
     
  9. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    You can say that again, Taz!

    It also happens to be a kinda lame media player. Seems to hog up much more RAM than WinMedia or Quicktime.
     
  10. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I have Real Player One (didn't like 10 that much) and it doesn't slow down my system at all nor has it got its claws deep into my system. You just have to know how to tie it down properly. IMO a bad excuse for a player is WMP 8 or 9. I went to great lengths to get both of those off my XP system. I have WMP 6.4 now and I basically never use WMP. I far prefer Real as it has a much better privacy policy than does WMP after version 7.
     
  11. ennyoueffsea

    ennyoueffsea Registered Member

    Joined:
    May 5, 2004
    Posts:
    28
    Location:
    Newcastle Upon Tyne, U.K.
    Thanks again everyone,

    Browsing speeds are still pretty good. Finding have still got a problem with something swallowing up memory. After running programs for a fairly short while, the program freezes. Can happen with anything I try, even Solitaire. lol.
    Then get messages telling me there is not enough memory to open another program, and to shut some programs down and try again, even though there might only be one open. Eventually, even task manager cannot end task, then pc won't shut down. So going to have to get some of the garbage off here. Not sure though how to track down what is hogging the memory. o_O

    Regards,

    Terry
     
Thread Status:
Not open for further replies.