Gary27
asked on
Slow operation
The last few day I have noticed a remarkable slowing down of my Hp 6535 . It is very hard to bring up Netscape. I was told to SCAN & DeFrag my C drive. But every time I try I get a message saying it has tried 10 times and some other program or W98 is using disk. When I do a ctl, Alt Del it shows Explorer, systray & rundll running besindes the Scan Disk.
I think this has happened before, but I cannot remember how to fix. Even the dbl clicking of MY Computer takes quite a while for the screen to appear.
Any help would be appreciated.
Gary
My e-mail is *** email address removed by LeeTutor, Page Editor ***, I will try to find my profille before I get kicked off, but wanted to get question posted first...
I think this has happened before, but I cannot remember how to fix. Even the dbl clicking of MY Computer takes quite a while for the screen to appear.
Any help would be appreciated.
Gary
My e-mail is *** email address removed by LeeTutor, Page Editor ***, I will try to find my profille before I get kicked off, but wanted to get question posted first...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
post the specs of your pc and programs running
ASKER
Got some good new and some bad.
1. Got Disk scan & Disk Defrag to run (Took all night) Kept restarting because something else was writing to disk, but no errors and deFrag was sucessful. Computer runs faster.
2. Ran AdAware found 139 files and quarentined them.
3. Bad news - ran McAfee Free scan - found at least 25 files with
something called W32NETSKy.p@MM but when I clicked on the file name as instructed to see how to remove McAfee say it can not find this name, DO NOT UNDERSTAND. Tried to e-mail Mcafee but don't hold out much hope on them getting back to a free-be.
Maybe I will try another site to see if they find the same virus.
Any suggestions?
1. Got Disk scan & Disk Defrag to run (Took all night) Kept restarting because something else was writing to disk, but no errors and deFrag was sucessful. Computer runs faster.
2. Ran AdAware found 139 files and quarentined them.
3. Bad news - ran McAfee Free scan - found at least 25 files with
something called W32NETSKy.p@MM but when I clicked on the file name as instructed to see how to remove McAfee say it can not find this name, DO NOT UNDERSTAND. Tried to e-mail Mcafee but don't hold out much hope on them getting back to a free-be.
Maybe I will try another site to see if they find the same virus.
Any suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
2. I did delete them, it was part of the standard quarentee & remove
Will try stinger in safemode .. Have you heard of W32Netsky or Kazaa?
Will try stinger in safemode .. Have you heard of W32Netsky or Kazaa?
>> Have you heard of W32Netsky or Kazaa?
lolz... yes i HAVE heard of them,,,, and even faced them :D
Stinger will get u rid of W32Netsky and Kazaa shud be first uninstalled manually from Add Remove Programs and then run the spyware removal tools to delete its remainents !!!!!
lolz... yes i HAVE heard of them,,,, and even faced them :D
Stinger will get u rid of W32Netsky and Kazaa shud be first uninstalled manually from Add Remove Programs and then run the spyware removal tools to delete its remainents !!!!!
ASKER
When you said run stinger in "safemode" - I am not sure what you mean -- I cannot access web under safemode. Modem or data com will not use Port. or do you mean down load "Stinger" and then run under Safemode? Sorry not to bright :-)
:)
yes i meant u can download Stinger in Normal Mode
but Run it in Safemode,,,,,, coz it will be not interrupted by the background processes there =)
yes i meant u can download Stinger in Normal Mode
but Run it in Safemode,,,,,, coz it will be not interrupted by the background processes there =)
ASKER
Sorry to bother you again before I give you the points.
Ran stinger sucessfully. Alot of files deleted because of W32NETSKY. I think my grandson downloaded some bad items :-) There are 3 files zip1.temp, zip2.tmp and zip3.tmp in Windows that stinger "could not repair" do you thing I can delete them?
The other thing is that things are running better, but items such as control panel seem to take a long time to come up on the desktop. Could something have happen that would cause rhings like My Computer to react slowly?
Thank you,
Gary
Ran stinger sucessfully. Alot of files deleted because of W32NETSKY. I think my grandson downloaded some bad items :-) There are 3 files zip1.temp, zip2.tmp and zip3.tmp in Windows that stinger "could not repair" do you thing I can delete them?
The other thing is that things are running better, but items such as control panel seem to take a long time to come up on the desktop. Could something have happen that would cause rhings like My Computer to react slowly?
Thank you,
Gary
>> There are 3 files zip1.temp, zip2.tmp and zip3.tmp in Windows that stinger "could not repair" do you thing I can delete them?
these are basically temp files,,,,, and temp files are NOT necessary files.... they can be deleted easily :)
for second problem,,,, i still suspect some background applications,,,, do they open slowly in safemode also ??
if NO then do one thing, Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
these are basically temp files,,,,, and temp files are NOT necessary files.... they can be deleted easily :)
for second problem,,,, i still suspect some background applications,,,, do they open slowly in safemode also ??
if NO then do one thing, Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
ASKER
This is log file froLogfile of HijackThis v1.98.2
Scan saved at 11:38:46 AM, on 8/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32 .DLL
C:\WINDOWS\SYSTEM\MSGSRV32 .EXE
C:\WINDOWS\SYSTEM\MPREXE.E XE
C:\WINDOWS\SYSTEM\mmtask.t sk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYN MGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTA T.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWI N32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCON SOL.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY. EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.E XE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.E XE
C:\WINDOWS\SYSTEM\TAPISRV. EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC .EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.E XE
C:\WINDOWS\SYSTEM\SPOOL32. EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30; 64.136.29. 34;searcha p.untd.com ;127.0.0.1 ;localhost ;*windowsu pdate.micr osoft.com; *windowsup date.com;* wustat.win dows.com;* profiles.y ahoo.com;* .pogo.com; *test-spee d.com;<loc al>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-B D0D2DA3C2B 8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1. DLL
N1 - Netscape 4: user_pref("browser.startup .homepage" , "http://www.yahoo.com/"); (C:\Program Files\Netscape\Users\user1 \prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEH ELPER.OCX
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E 903858CF28 4} - C:\PROGRAM FILES\NETZERO\QSACC\X1IEBH O.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\SYSTEM\MSDXM.OC X
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-2 42757E69DD E} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYN MGR.EXE
O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC .EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUND LLENTRY
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres .dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres .dll/227
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - (no file)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-4 7cb894244c d} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-4 7cb894244c d} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {E87A6788-1D0F-4444-8898-1 D25829B675 5} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-0 09027A35D7 3} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-0 0A0C970049 8} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0 0105AA9B6A E} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0 0105AA9B6A E} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-6 4D10A7E247 9} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9 952547D571 5} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/su/ocx/12119/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-4 6B766368D2 9} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/su/ocx/12119/CTPID.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-E E513EAC80B C} (Creative Product Registration ActiveX Control Module) - http://us.creative.com/support/register/OCXs/CtORWebClientWin98SENoMFC.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F B9E207A39E 6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4384/mcfscan.cab
O17 - HKLM\System\CCS\Services\V xD\MSTCP: Domain = midohio.net
O17 - HKLM\System\CCS\Services\V xD\MSTCP: NameServer = 209.190.102.2,209.190.102. 9
m
Scan saved at 11:38:46 AM, on 8/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\mmtask.t
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYN
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTA
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWI
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCON
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.E
C:\WINDOWS\SYSTEM\TAPISRV.
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.E
C:\WINDOWS\SYSTEM\SPOOL32.
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\Wi
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-B
N1 - Netscape 4: user_pref("browser.startup
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-2
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYN
O4 - HKLM\..\RunOnce: [untd_recovery] C:\PROGRAM FILES\NETZERO\QSACC\X1EXEC
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUND
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres
O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\NETZERO\QSACC\appres
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-4
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-4
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {E87A6788-1D0F-4444-8898-1
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-0
O16 - DPF: {2B323CD9-50E3-11D3-9466-0
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {E855A2D4-987E-4F3B-A51C-6
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-4
O16 - DPF: {E56347B0-6C2B-4C2E-939F-E
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F
O17 - HKLM\System\CCS\Services\V
O17 - HKLM\System\CCS\Services\V
m
hmmmmmmmmm i have to admit that the LOG is pretty much clean...... :)
but i just want to aks two things,,,,,
running PowerToys ??
Safemode results ??
but i just want to aks two things,,,,,
running PowerToys ??
Safemode results ??
ASKER
Never heard of Power tools
Safemode about the same speed maybe quicker
However, sometimes when the yellow disk light is lighting and I am
not doing anything I can do a cntl, Alt, Del and and some programs
called Iexplorer - Rnaapp - hcm (NZSeaarch) will be running
Don't know if this means anything
The computer is better - I have tried to search and read about W32Netsky.P@mm
but can only find out alot about how to get rid of the virus, but not much as to what it does to the users PC !!!
Thanks again for you time - Gary Lee
Safemode about the same speed maybe quicker
However, sometimes when the yellow disk light is lighting and I am
not doing anything I can do a cntl, Alt, Del and and some programs
called Iexplorer - Rnaapp - hcm (NZSeaarch) will be running
Don't know if this means anything
The computer is better - I have tried to search and read about W32Netsky.P@mm
but can only find out alot about how to get rid of the virus, but not much as to what it does to the users PC !!!
Thanks again for you time - Gary Lee
Rnaapp is a system process,,,, and hcm is running coz u have its startup entry, so it will start running at every startup :)
but what is this Iexplorer ?? I cannot see it running in ur LOG file :-?
Iexplore.exe is IE !!
but what is this Iexplorer ?? I cannot see it running in ur LOG file :-?
Iexplore.exe is IE !!
ASKER
Maybe IE was running at the time... Things are much better at least for now.
I don't know what the virus Netsky.P@mm was doing, but I think the DeFrag helped a lot.
Thank you for your help! It is gratly appreciated.
Gary Lee
I don't know what the virus Netsky.P@mm was doing, but I think the DeFrag helped a lot.
Thank you for your help! It is gratly appreciated.
Gary Lee
my pleasure ^_^
ASKER
Back again to tell you I found another Virus Sunday night. Had some time
so I ran Free Scan again and it found W32/Alphax.worm.gen
Do not know why stinger did not remove.
Gary Lee
so I ran Free Scan again and it found W32/Alphax.worm.gen
Do not know why stinger did not remove.
Gary Lee
Stinger has not this virus included in its list >> http://vil.nai.com/vil/stinger/
may be that's why it didn't pick up that one !!!!!
may be that's why it didn't pick up that one !!!!!