Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

funny behavior

Status
Not open for further replies.

spizotfl

MIS
Aug 17, 2005
345
US
hi, i have a box at work that is acting a little odd. it slows down and runs bad. we clean out temp files, run spybot and it seems to be better, then a couple of days later, it is slow again. just ran spybot and ad-aware and nothing unusual is showing up.
i didn't notice anything in the hijackthis log, but it is here just in case:
Logfile of HijackThis v1.99.1
Scan saved at 1:57:10 PM, on 12/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINNT\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\HPHipm11.exe
C:\Documents and Settings\Administrator\Desktop\s_t_i_n_g_e_r.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hsainc.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA6966F9-70E7-47A7-9893-E9158D342937}: NameServer = 10.21.1.11,10.21.1.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hsainc.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hsainc.org
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

thanks for any insights
 
Your log looks very clean.

I would do the following:

Download this:


Check for updates and then run a complete system scan.
Then, post back if you need further help.

Hope this helps,

Erik
 
When was the last time you defragged the hard drive?


James P. Cottingham
-----------------------------------------
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
in the last couple of days.
the only thing ewido flagged was a couple of cookies, one of them was called or had the name burstbeacon, if that means anything to anyone?
 
from googling, it appears as though burstbeacon is a fairly common tracking cookie. nothing to special. i guess we will continue watching the box and see what happens....
 
Yeah, I don't think it's a spyware/virus issue after looking at your HJT file and Ewido not picking up anything.
 
First off as 2ffat says run defrag but id reccomend running scandisc(checkdisc) first, then defrag. Also might want to check your msconfig startup tab and see whats all starting up in there, you could just have a lot of programs starting up eating the memory. Also did you get both temp folders? For there are 2. Also how cool is your processor running? Whens the last time the system was cleaned out?(dust and things of that nature).
 
we recently performed routine maintenance, ran all of the utilities provided by dell that test the hardware, ran some other test stuff that we have, all nothing. there aren't alot of running processes. got the temps from within the user profile, too. system doesn't seem any hotter, its in a well ventilated location....
 
what do you recommend for a good/free registry cleaner?
 
Well I heard someone mention spybot has an option for that but the program I use for cleaning registry isnt free. So look around on spybot see if you see anything. I personally use registry mechanic. They do have a demo but it only removes a portion of what it finds but it might give you an idea of how cluttered the registry might be. This may or not be your probelm. Just posting ideas.
 
I love this one:


very good, easy and fast SW..
it's a trial, but I got full one, and works perfectly
I use Registry Cleaner and Defrag vy much and keeps PC runnin' without unnecessary System reInstalling after some spyware slowdown or similar issues..

greets,
Marko 9A6NCM
 
NT-RegOpt: (quick and clean)

JV16 Powertools: (Successor of RegCleaner4.3)

Registry Mechanic: (good allrounder)

Registry Healer: (My Favorite as it allows you to change options and how it fixes things...)

The first is freeware, the others are either Shareware or Commercial...



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Oh, about the slowdown: have you disabled the Indexing feature or Prefetching (I am not sure that this is integrated into W2k, but worth a look)?

Also check the DMA setting of all drives...


Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
I don't think this will make any difference but there is a newer version of stinger available now.


[red]GNBM 4th Feb[/red] More on and other neat UK stuff at forum1091
Steve: Delphi a feersum engin indeed.
 
Have you run Windows Task Manager to see if there's a process taking a lot of CPU? It could be that something valid is just taking a lot of processor time.

Also, Task Manager should show you memory usage. Running out of real memory and having to use swap space can really slow a PC down. Is the process you run on this machine very memory intensive? If so, just adding memory could keep it from slowing down.

Is the disk light on while it has slowed down? This could be an I/O intensive program or swapping from a low memory condition.

Just some thoughts.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top