View previous topic :: View next topic |
Author |
Message |
LadyL
Sergeant
Joined: Oct 11, 2002
Posts: 148
Location: USA
|
Posted: Sun Apr 11, 2004 4:11 pm Post subject: Systemworks2004&PFirewall2004 |
|
|
Just installed both the other day and I have noticed that my computer has really, really slowed down! Is this normal?
Going to Device Manager>Performance=77% free System Resources .
Have also noticed that when doing a C+A+D...'Winmgmt' is listed....why?
Have done all the virus scan/SSD/Ad-aware/SpywareBlaster/NAV defs updates...also did DiskDoctor&SpeedDisk...no problems anywhere!
Have included what shows on startup in my Msconfig...if that helps anyone.
ME/cable/IE6/256RAM/633MHz/20GB HDD w/18GB free...no Office/Photo/Game programs on this computer.
Hope someone can help me...when I startup this computer, it takes forever to load everything (that includes getting NAV & FWall systray icons to showup on desktop!!!)
TIA
_________________
Lonnie |
|
Back to top |
|
|
LadyL
Sergeant
Joined: Oct 11, 2002
Posts: 148
Location: USA
|
Posted: Tue Apr 13, 2004 7:11 pm Post subject: |
|
|
bump.
_________________
Lonnie |
|
Back to top |
|
|
qwiyet1
Private
Joined: Mar 12, 2004
Posts: 41
Location: USA
|
Posted: Wed Apr 14, 2004 9:30 am Post subject: |
|
|
The only thing I can think of is that the norton is config'ed to scan on bootup/ startup. Everytime you start the pc the norton will start a scan (time consuming and resource intensive). Check the settings in the norton. |
|
Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 52
Location: USA
|
Posted: Wed Apr 14, 2004 10:20 am Post subject: Re: Systemworks2004&PFirewall2004 |
|
|
LadyL wrote: |
Just installed both the other day and I have noticed that my computer has really, really slowed down! Is this normal?
Going to Device Manager>Performance=77% free System Resources .
Have also noticed that when doing a C+A+D...'Winmgmt' is listed....why?
Have done all the virus scan/SSD/Ad-aware/SpywareBlaster/NAV defs updates...also did DiskDoctor&SpeedDisk...no problems anywhere!
Have included what shows on startup in my Msconfig...if that helps anyone. |
Hi LadyL, first my apologies, I seem to not be getting email notices of new posts ... the slow response or neglect of your post was not intentional ..
That said .. now to your problem .. first I would scan that Winmgmt file with Kaspersky Online Virus Checker to see if it is clean or if it might be a nasty -- as, I am running Norton SystemWorks 2004 and have no such running process .. but that might be a process started by a legit program, I just don't know ..
.. so I suggest you scan it first, with Kaspersky, and post back here your results.
Next, let me say that, compared to NAV or NSW 2002 -- both the 2003 and 2004 version does eat up more resources. I believe Symantec began to focus on Windows 2K/XP {the newer OSes} beginning with their 2003 product line and continuing into the 2004 line ..
However since they still list the 2004 line as compatible with Win98, Win98SE, WinME {the 9X operating systems} -- it should still work, so that is no excuse .. but I have been counseling people who ask me beforehand whether to upgrade ..
.. that if they still have older OS, it might be more suitable to stay with 2002 and just renew subscription if they like Norton and want to stick with Norton.
If you have further difficulties and cannot get this resolved -- you might also want to make sure you have no spyware or adware on your system:
Scan with AdAware and SpyBot S&D, and let them clean anything they find. If still no go, download and run CWShredder, then post your HijackThis logs here for us to take a look.
Good Luck and Take Care .. Warmly, Ran
|
|
Back to top |
|
|
LadyL
Sergeant
Joined: Oct 11, 2002
Posts: 148
Location: USA
|
Posted: Thu Apr 15, 2004 9:13 am Post subject: |
|
|
Current object: WINMGMT.EXE
WINMGMT.EXE Ok
Statistics:
Known viruses: 86322 Updated: 15.04.2004
File size (Kb): 193 Scan time: 00:00:01
Speed (Kb/sec): 193 Virus bodies: 0
Archives: 0 Packed: 0
Folders: 0 Files: 1
Suspicious: 0 Warnings: 0
There's what the Kaspersky Online Scan found. *sighs*
Logfile of HijackThis v1.97.7
Scan saved at 9:04:32 AM, on 4/15/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NOADS\NOADS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphiapowerpage.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Lonnie's IE
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Wallpaper (HKLM)
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O15 - Trusted Zone: *.computercops.biz
O15 - Trusted Zone: *.worldstart.com
O15 - Trusted Zone: *.wopr.com
O15 - Trusted Zone: *.net-integration.net
O15 - Trusted Zone: *.lurkhere.com
O15 - Trusted Zone: *.lavasoftsupport.com
O15 - Trusted Zone: *.ftpplanet.com
O15 - Trusted Zone: *.mytricare.com
O15 - Trusted Zone: *.palmettogba.com
O15 - Trusted Zone: *.pogo.com
O15 - Trusted Zone: *.freeslots.com
O15 - Trusted Zone: *.ionthunder.com
O15 - Trusted Zone: *.pcqanda.com
O15 - Trusted Zone: *.techbox.org
O15 - Trusted Zone: *.renderosity.com
O15 - Trusted Zone: *.hostclub.net
O15 - Trusted Zone: *.cybertechhelp.com
O15 - Trusted Zone: *.amazingtechs.com
O15 - Trusted Zone: *.mypcclinic.com
O15 - Trusted Zone: *.adelphiapowerpage.com
O15 - Trusted Zone: *.cashbreak.com
O15 - Trusted Zone: forums.techsupportguy.org
O15 - Trusted Zone: forums.techguy.org
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...0825115741
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/sh.../swdir.cab
_________________
Lonnie |
|
Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 52
Location: USA
|
Posted: Thu Apr 15, 2004 11:48 am Post subject: |
|
|
Although I'm no expert: Your HJT log looks clean to me. If you ever see anything suspicious in the list of running processes {at the top of your HJT log}, just scan that file with the Kaspersky virus checker: KAV is very reliable {the highest detection rate} and will tell you if the file is clean.
You best know what programs you have installed and what should appear in your list of running processes: that is why I counsel folks to keep an eye on this themselves, and the KAV scanner is so easy to use: just Browse to the file, enter and scan it.
I did find this info on WINMGMT.EXE
http://www.sysinfo.org/startuplist.php?...unt=&type=
Quote: |
Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" |
Hope that Helps. Warmly, Ran
_________________
But now abide faith, hope, love, these three; but the greatest of these is love. (1 Cor. 13:13)
|
|
Back to top |
|
|
LadyL
Sergeant
Joined: Oct 11, 2002
Posts: 148
Location: USA
|
Posted: Thu Apr 15, 2004 1:21 pm Post subject: |
|
|
What is loaded via Msconfig is shown in my 1st post to this thread.
I also have the PCHealth disabled in Task Scheduler...actually, I have nothing 'running' in Task Scheduler! I do my own 'maintenance' when I WANT to...not at any given time.
WINMGMT isn't listed to startup & run either...but it is showingup when C+A+D is done...I can 'endtask' it...but that gets to be a PITA!
How do I get it to stop showing up?
Thanks for your help, Randy...appreciate it very much.
I am very careful as to what gets running and where I 'go'...and I don't see anything 'weird' in the log, except for the 014-IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html , which to me means that is my startpage(homepage)...which it isn't! How to remove that?
_________________
Lonnie |
|
Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 52
Location: USA
|
Posted: Thu Apr 15, 2004 1:37 pm Post subject: |
|
|
http://www.e4me.com/start.html could be a redirect that was put there by your ISP or computer vendor. Try going to that page and see where it redirects you .. my Compaq came preinstalled with startpage http://qus8.hpwis.com/ which redirects to "My Yahoo" with a Compaq logo -- a "customized" version of My Yahoo. Otherwise, if your startpage has been hijacked, that isn't good -- but I suspect it is just a redirect which you didn't realize you had.
_________________
But now abide faith, hope, love, these three; but the greatest of these is love. (1 Cor. 13:13) |
|
Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 52
Location: USA
|
Posted: Thu Apr 15, 2004 1:39 pm Post subject: |
|
|
Yep I think that is an "eMachine" redirect to the "My Netscape" page .. check it out.
_________________
But now abide faith, hope, love, these three; but the greatest of these is love. (1 Cor. 13:13) |
|
Back to top |
|
|
LadyL
Sergeant
Joined: Oct 11, 2002
Posts: 148
Location: USA
|
Posted: Thu Apr 15, 2004 2:12 pm Post subject: |
|
|
yup...a re-direct ...so how do I make sure it isn't listed anywhere...I don't use Netscape or have anything for eMachine other than the 'logo' on startup.
_________________
Lonnie |
|
Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 52
Location: USA
|
Posted: Thu Apr 15, 2004 2:38 pm Post subject: |
|
|
eMachine probably just stuck it in yours for advertisement, just like Compaq did for mine. To change your homepage in IE: Tools, Internet Options, General tab.
_________________
But now abide faith, hope, love, these three; but the greatest of these is love. (1 Cor. 13:13) |
|
Back to top |
|
|
LadyL
Sergeant
Joined: Oct 11, 2002
Posts: 148
Location: USA
|
Posted: Thu Apr 15, 2004 4:32 pm Post subject: |
|
|
But that's just it...my homepage hasn't been changed at all...it's still http://adelphiapowerpage.com...has been from the day I got my cable installed for computer (4/2000)...I changed it from the default asap I got my IE up and running, altho this computer was acquired 9/2000, THEN I changed homepage from e4me(default) to what I had from cable installation date.
Is there anything in the Registry that will let me delete that url?
_________________
Lonnie |
|
Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 52
Location: USA
|
Posted: Thu Apr 15, 2004 6:18 pm Post subject: |
|
|
You can delete it using HJT. Put a checkmark besides:
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
and click Fix button.
_________________
But now abide faith, hope, love, these three; but the greatest of these is love. (1 Cor. 13:13) |
|
Back to top |
|
|
LadyL
Sergeant
Joined: Oct 11, 2002
Posts: 148
Location: USA
|
Posted: Thu Apr 15, 2004 6:51 pm Post subject: |
|
|
...I knew that
Sorry for not replying sooner...1 of the Forum websites I am a member of, just got their Forum start/index webpage hijacked...quite a shock! Webmaster has been notified.
Thanks, Randy for your help.
_________________
Lonnie |
|
Back to top |
|
|
|