Link to home
Start Free TrialLog in
Avatar of Gary27
Gary27

asked on

Slow operation

The last few day I have noticed a remarkable slowing down of my Hp 6535 . It is very hard to bring up Netscape. I was told to SCAN & DeFrag my C drive. But every time I try I get a message saying it has tried 10 times and some other program or W98 is using disk. When I do a ctl, Alt Del it shows Explorer, systray & rundll running besindes the Scan Disk.
I think this has happened before, but I cannot remember how to fix. Even the dbl clicking of MY Computer takes quite a while for the screen to appear.
Any help would be appreciated.
Gary

My e-mail is *** email address removed by LeeTutor, Page Editor ***, I will try to find my profille before I get kicked off, but wanted to get question posted first...
SOLUTION
Avatar of SheharyaarSaahil
SheharyaarSaahil
Flag of United Arab Emirates image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 4ceReconSniper
4ceReconSniper

post the specs of your pc and programs running
Avatar of Gary27

ASKER

Got some good new and some bad.
1. Got Disk scan & Disk Defrag to run (Took all night) Kept restarting because something else was writing to disk, but no errors and deFrag was sucessful. Computer runs faster.

2. Ran AdAware found 139 files and quarentined them.

3. Bad news - ran McAfee Free scan - found at least 25 files with
something called W32NETSKy.p@MM but when I clicked on the file name as instructed to see how to remove McAfee say it can not find this name, DO NOT UNDERSTAND. Tried to e-mail Mcafee but don't hold out much hope on them getting back to a free-be.

Maybe I will try another site to see if they find the same virus.

Any suggestions?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Gary27

ASKER

2. I did delete them, it was part of the standard quarentee & remove

Will try stinger in safemode .. Have you heard of W32Netsky or Kazaa?
>> Have you heard of W32Netsky or Kazaa?

lolz... yes i HAVE heard of them,,,, and even faced them :D

Stinger will get u rid of W32Netsky and Kazaa shud be first uninstalled manually from Add Remove Programs and then run the spyware removal tools to delete its remainents !!!!!
Avatar of Gary27

ASKER

When you said run stinger in "safemode" - I am not sure what you mean -- I cannot access web under safemode. Modem or data com will not use Port. or do you mean down load "Stinger" and then run under Safemode? Sorry not to bright :-)
:)

yes i meant u can download Stinger in Normal Mode
but Run it in Safemode,,,,,, coz it will be not interrupted by the background processes there =)
Avatar of Gary27

ASKER

Sorry to bother you again before I give you the points.

Ran stinger sucessfully. Alot of files deleted because of W32NETSKY. I think my grandson downloaded some bad items :-) There are 3 files zip1.temp, zip2.tmp and zip3.tmp in Windows that stinger "could not repair" do you thing I can delete them?

The other thing is that things are running better, but items such as control panel seem to take a long time to come up on the desktop. Could something have happen that would cause rhings like My Computer to react slowly?

Thank you,
Gary
>> There are 3 files zip1.temp, zip2.tmp and zip3.tmp in Windows that stinger "could not repair" do you thing I can delete them?

these are basically temp files,,,,, and temp files are NOT necessary files.... they can be deleted easily :)

for second problem,,,, i still suspect some background applications,,,, do they open slowly in safemode also ??
if NO then do one thing, Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
Avatar of Gary27

ASKER

This is log file froLogfile of HijackThis v1.98.2
Scan saved at 11:38:46 AM, on 8/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*profiles.yahoo.com;*.pogo.com;*test-speed.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Program Files\Netscape\Users\user1\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres.dll/227
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/su/ocx/12119/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/su/ocx/12119/CTPID.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://us.creative.com/support/register/OCXs/CtORWebClientWin98SENoMFC.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4384/mcfscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = midohio.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 209.190.102.2,209.190.102.9

m                                                                  
hmmmmmmmmm i have to admit that the LOG is pretty much clean...... :)
but i just want to aks two things,,,,,

running PowerToys ??
Safemode results ??
Avatar of Gary27

ASKER

Never heard of Power tools
Safemode about the same speed maybe quicker
However, sometimes when the yellow disk light is lighting and I am
not doing anything I can do a cntl, Alt, Del and and some programs
called Iexplorer - Rnaapp - hcm (NZSeaarch) will be running

Don't know if this means anything

The computer is better - I have tried to search and read about W32Netsky.P@mm
but can only find out alot about how to get rid of the virus, but not much as to what it does to the users PC !!!

Thanks again for you time - Gary Lee
Rnaapp is a system process,,,, and hcm is running coz u have its startup entry, so it will start running at every startup :)

but what is this Iexplorer ?? I cannot see it running in ur LOG file :-?
Iexplore.exe is IE !!
Avatar of Gary27

ASKER

Maybe IE was running at the time... Things are much better at least for now.
I don't know what the virus Netsky.P@mm was doing, but I think the DeFrag helped a lot.

Thank you for your help! It is gratly appreciated.

Gary Lee
my pleasure ^_^
Avatar of Gary27

ASKER

Back again to tell you I found another Virus Sunday night. Had some time
so I ran Free Scan again and it found W32/Alphax.worm.gen

Do not know why stinger did not remove.

Gary Lee
Stinger has not this virus included in its list >> http://vil.nai.com/vil/stinger/
may be that's why it didn't pick up that one !!!!!