[odoc]

Every now and then my computer acts up and runs very slowly. Everything I'm using at the time freezes and lags. When this happens, i check my processes and I find svchost using 110 000 k resources. I really don't want to reformat but if it's the only option, i'll do it. Anyone have any idea why this is happening? Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:31 PM, on 03/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Documents and Settings\Omar\Desktop\HijackThis.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 1585 bytes

[LincolnSpector]

Hi, odoc.

First thing you should do is scan for malware with either SuperAntiSpyware or Malwarebytes Anti-Malware. Yeah, I know you've got Avast, which is a good program, but it's always good to get a second opinion. And a malicious infection could be the culprit--basically a criminal taking over your computer to do some illegal activity.

If these turn up negative, we have to figure out which legitimate program is slowing down the system.
What programs are you running when this happens? If you're not sure, keep a pen and paper by the PC. When things slow down, jot down what apps you're running and what you're doing in them. Do this a few things and see if you can find a pattern.

Lincoln

[PCdude123]

hi,



try going to task manager their try removing the checkmarks of thing u dont want running.


hopefully it works

[crazy4laptops]

Lets see here, to expand upon PCdude's thoughts--

How many processes are running when your computer is idle?

With XP its normally about 35 processes (all users)

Try this tip below to remove everything from background startup (uncheck everything except your anti-virus)

http://netsquirrel.c...sconfig_xp.html

Also, is your XP installation up to date?

hope this helps
-C

[Rommel]

I am not familiar with zone alarm but when I googled them and came to this
http://www.zonealarm...paign=CoreTerms

it looks like its an anti virus and firewall plus other security.

There is also Avast anti virus in your list as well.

Are you running two anti virus securities here?

If so it should be one or the other.

Not saying it is right reason you're running as decribed but it needs corrected just the same
if I am seeing it corrcetly.

Rommel

[coastie65]

Hi, Rommel is right. I am seeing both Avast! and Zonealarm, both running actively. You hould have one Anti Virus app and one antispyware app running full time. For instance: I am running Avast! and WEbroot Spysweeper fulltime, I have Malwarebtyes and SUPERantispyware installed as "On Demand" scanners. Having both Avast! and Zonealarm bith nstalled and running actively, can only degrade your protection as well as hurt the performance of the computer overall.

[LincolnSpector]

coastie65, on 07 August 2010 - 10:05 AM, said:

You hould have one Anti Virus app and one antispyware app running full time.

You should have one antivirus program running at all times, and that's it. Any modern antivirus program will protect you from spyware, trojans, and even viruses (should one ever appear in the wild again). That they're called "antivirus" programs doesn't mean they only protect you from viruses; it's just an accident of history. A malware protection program that only protects you from a certain kind of malware isn't worth the clock cycles it uses.

Lincoln

[odoc]

No, zonealarm is only my firewall. I'm using a 3rd party firewall because i'm running XP.

I scanned with both malwarebytes and avast and both came up with nothing.

This happens when i'm using pretty much any program.

[odoc]

Also when this happens, wuaudt.exe spikes up to 180 000 resources.

[Flashorn]

odoc, on 09 August 2010 - 04:50 PM, said:

Also when this happens, wuaudt.exe spikes up to 180 000 resources.

Hey odoc !!

That would be the Windows AutoUpdate (wuaudt.exe). It is a safe .exe and doesn't warrant concern.
What Does warrant concern is that it uses 175 MB of ram.

Now, you didn't give us the specs of that PC. Please tell what CPU , how much memory, the size of the
HDD and how much free space is left on it.

BUT, most importantly, the FULL log from HjT. Please uninstall the version you have and install this version
from following link :
Installer

Once the New version is installed, open and do a Scan and Log.

Copy & Paste the Whole log in your next reply.



FLASHORN.

[odoc]

Alright here are my specs:

MS Windows Home XP SP3
Intel Pentium 4 CPU, 3.06GHz, 502MB RAM

My new hijack this log:



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:31 PM, on 09/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcgjswx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcgjswx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcgjswx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5209 bytes

[Flashorn]

Hey odoc !!

Did I read this correctly or did you make a Typo : 502 MB of Ram ??
IF NOT then, you might (PC) benefit from at least ONE Gig of ram.

I didn't catch the Free Space on the HDD either.

From what I can tell, you are sharing a Printer and probably other files from within
your Network. Do you have and use Network Magic ?? and did you Tell your
Firewall to let all connections from this software to go through without questions ??
Also, did you configure Avast so as to NOT bother with Network Magic ??

http://www.purenetwo...port/faq/4.html

Are you using a Proxy to the internet ?? IF not then, I would ask you to have HjT
FIX this entry :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

This is Probably why Windows Update is having such a hard time communicating with the update module
hence, the Lag or Freeze and the Ram issue.

I went to Windows Update in Windows 7 and this is what you should also use as far as Ram is concerned :
(in the RED circles (well, not exactly circles)) :



Notice how ONE svchost.exe is using an enormous amount of ram BUT, the update module is only using about
2.5MB of ram. The fact that the update module on your PC is using so much ram is that it "Probably" has a hard time getting
through to Windows Update and is Freezing.

Go to Firefox > TOOLS > OPTIONS > ADVANCED > NETWORK > CONNECTIONS > SETTINGS. Make sure to check mark "Use
System Proxy Settings" IF you don't use a Proxy to surf the Net.




Do you have Windows Update set to Automatic ?? IF so , try to leave it on the Third option (i believe) to "Notify when
updates are ready BUT, don't download". This might help with the freezing as it will only notify you and won't do the
actual downloading. You can then, choose when you want to install those updates with Minimum background activity.
But, it won't stop it from verifying your PC for updates. This might also be where the cause lies since it Might have a
hard time getting through to Windows update. Once you are done the configs. go to Microsoft Updates and try to update
your OS. Open Task Manager while doing so and verify the amount of ram used. Could you report the "Processes used
while trying to Update. ALL USERS

There is also this entry in your Startup that doesn't need to startup when you open the PC :

C:\Program Files\Bonjour\mDNSResponder.exe

IF at all possible, go to SERVICES and downgrade service to "Manual" if set to Automatic


OK odoc, please include the info. requested in your next reply.



FLASHORN.

This post has been edited by Flashorn: 09 August 2010 - 10:42 PM

[odoc]

Yes, 502mb of ram I know. But it's always been fine and never like this before. I would add more but it's one of those old dells that don't let you modify anything. My harddrive has a capacity of 150GB and I've used 73GB. My harddrive is also split into 3 partitions. One for backup, one for everything else, and i just created a new one because i was going to install windows 7 on it.

Now, It says i have a shared printer but I've spent hours and hours trying to figure out how to share it. I'm trying to share it to a windows 7 laptop from my xp desktop wirelessly. But that's another issue. Maybe you can help me with that afterwards.

Yes, I do have networkmagic. I only got it because i was have alot of trouble setting up a network with all my game consoles and devices. I'm pretty sure I let networkmagic through my firewall and avast. Is this a bad thing? Should I get rid of networkmagic? It is taking up 29GB...I always found that odd.

As for the proxy, i think i might have put one way back when but I don't think I need it anymore. I can't even remembered what kind of proxy i implemented. I'll just go ahead an delete it then. Thanks for the heads up.

Finally, i set bonjour service to manual as you said.

[odoc]

Disregard what i wrote here. I was wrong.

This post has been edited by odoc: 12 August 2010 - 07:12 PM

[SpiritWind]

Hi odoc :

Quite a while ago I came across what seems to be
reliable info that Bonjour is an unnecessary service
that also creates a hole in your firewall to
potentially allow malware to invade a computer .
Therefore, I have been recommending the info at
http://www.raymond.c...dnsresponderexe . You MAY want to consider using
PCWorld's "Search" feature, using the term "Bonjour"
and Author "SpiritWind" !?

[A41202813]

@odoc

One Year Ago, I Had The Same Problem, With A Machine With Your Exact Specs.

It Was Some M$ Update(s) That Screwed My Machine, I Installed In The Summer And It Took Me Almost 6 Months Of Hell.

I UNINSTALLED All Updates I Could And The Problem Was Solved.

You Will Benefit If You Put More RAM, But The Core Problem Is Not RAM At All.

[odoc]

A41202813, on 22 August 2010 - 01:55 PM, said:

@odoc

One Year Ago, I Had The Same Problem, With A Machine With Your Exact Specs.

It Was Some M$ Update(s) That Screwed My Machine, I Installed In The Summer And It Took Me Almost 6 Months Of Hell.

I UNINSTALLED All Updates I Could And The Problem Was Solved.

You Will Benefit If You Put More RAM, But The Core Problem Is Not RAM At All.

hmm interesting. Too late though because i reformatted the machine and bought a new laptop so i guess topic closed.

[A41202813]

@odoc

Yeah, M$ Wins Again.