# Slow server, Please help



## MrVee (Aug 14, 2007)

Hi Guys

Please help, I'm at a loss here and don't know what to do. I'm getting very strange slow responses on one of my servers.

The only application this server is responsible for at the moment is Lotus Domino 8.5.2FP3.
I run Symantec Endpoint for AV and BackupExec Remote agent for backups after hours.

When I try to open MyComputer it would take between 5 to 45 seconds to open. Same would happen when I click on the Start button or open IE or navigate to a hard drive folder etc.

I don't see any strange process's running or any strange application. I've checked CPU and RAM usage, CPU doesn't go more than 30% and RAM doesn't go more than 50%.

This is really slowing down Lotus access from all lotus client as well. I don't think the issue is with Domino however, I have closed down Domino while experiencing this issue, but it still persisted.

What am I missing guys?

====================================================================

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft(R) Windows(R) Server 2003, Standard Edition, Service Pack 2, 32 bit
Processor: Intel(R) Xeon(TM) CPU 3.00GHz, x86 Family 15 Model 4 Stepping 10
Processor Count: 4
RAM: 4029 Mb
Graphics Card: RAGE XL PCI, 1 Mb
Hard Drives: C: Total - 42460 MB, Free - 26238 MB; D: Total - 911320 MB, Free - 96294 MB; 
Motherboard: Dell Inc. , 0NJ167, , ..CN1374065A00G1.
Antivirus: None

=====================================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:28:18, on 14/09/2011
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cba\pds.exe
C:\WINDOWS\System32\ismserv.exe
C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
C:\Lotus\Domino\nsd.exe
C:\Lotus\Domino\nservice.exe
C:\Lotus\Domino\nSERVER.EXE
C:\Lotus\Notes\nslsvice.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Lotus\Domino\nevent.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Lotus\Domino\nReplica.EXE
C:\Lotus\Domino\nRouter.EXE
C:\Lotus\Domino\nUpdate.EXE
C:\Lotus\Domino\nAMgr.EXE
C:\Lotus\Domino\nAdminp.EXE
C:\Lotus\Domino\nSched.EXE
C:\Lotus\Domino\nCalConn.EXE
C:\Lotus\Domino\nRnRMgr.EXE
C:\Lotus\Domino\nntask.EXE
C:\Lotus\Domino\nHTTP.EXE
C:\Lotus\Domino\nIMAP.EXE
C:\Lotus\Domino\nPOP3.EXE
C:\Lotus\Domino\nmaps.EXE
C:\Lotus\Domino\nSMTP.EXE
C:\Lotus\Domino\ndircat.EXE
C:\Lotus\Domino\nprocmon.EXE
C:\Lotus\Domino\namgr.EXE
C:\Lotus\Domino\namgr.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\BACKUP EXEC\RAWS\vxmon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\bedbg.exe
C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe
C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\belnapi.exe
C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\belnapi.exe
C:\Lotus\Domino\namgr.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RKD8J8I2\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VxBeMon] "C:\Program Files\Symantec\BACKUP EXEC\RAWS\vxmon.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O15 - ESC Trusted Zone: http://download919.avast.com
O15 - ESC Trusted Zone: http://www.belarc.com
O15 - ESC Trusted Zone: http://software-files.download.com
O15 - ESC Trusted Zone: http://cdn.dyndns.com
O15 - ESC Trusted Zone: http://files2.freedownloadmanager.org
O15 - ESC Trusted Zone: http://www.google.co.za
O15 - ESC Trusted Zone: http://www-10.lotus.com
O15 - ESC Trusted Zone: http://www.mindpalette.com
O15 - ESC Trusted Zone: http://surfnet.dl.sourceforge.net
O15 - ESC Trusted Zone: http://www.teamviewer.com
O15 - ESC Trusted Zone: http://www.vodacom4me.co.za
O15 - ESC Trusted Zone: http://mail.webmail.co.za
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://196.211.110.250
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = yyy.co.za
O17 - HKLM\Software\..\Telephony: DomainName = yyy.co.za
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D4A9077-1E4E-469B-A69F-6D105E0F7D0F}: NameServer = 10.1.14.20,8.8.8.8,10.1.14.21,196.2.97.237,196.46.70.10,41.208.247.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = yyy.co.za
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe
O23 - Service: Bacula File Service (Bacula-fd) - Unknown owner - C:\Program Files\Bacula\bin\bacula-fd.exe (file missing)
O23 - Service: Backup Exec Error Recording Service (bedbg) - Symantec Corporation - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\bedbg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IQ Registration Service - IQREGISTRATIONSERVICE (Service) (IQREGISTRATIONSERVICE) - Unknown owner - D:\IQRetail\DBSERVER\IQRegistrationService.exe (file missing)
O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Domino Diagnostics (CLotusDomino) - IBM - C:\Lotus\Domino\nsd.exe
O23 - Service: Lotus Domino Server (lotusdominodata) - IBM Corp - C:\Lotus\Domino\nservice.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Lotus\Notes\nsd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Lotus\Notes\nslsvice.exe
O23 - Service: Backup Exec PureDisk Filesystem Service (PDVFSService) - Unknown owner - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\PDVFSService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\MegaTec\UPSilon 2000\Rupsmon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 9424 bytes


----------



## procoit (Sep 19, 2011)

Does disabling the Symantec real-time scanner have any impact on its performance? Obviously only suggesting this from a testing point of view.


----------



## Rockn (Jul 29, 2001)

So is this a server or a workstation running a server OS? It may well be the endpoint protection if you are not excluding directories that Lotus needs access to exclusively.


----------

