Solved

proccessee freezing my computer

Posted on 2004-09-02
19
453 Views
Last Modified: 2008-01-09
hi
i have 512 ram and i cleaned all the viruses (i think) and my computer freezes

at the startup i have 3 processes that are the same accept they take up more space

svchost.exe
 i have mainsrv.exe

smss.exe that look funny

please help me this system is freezing and i need to get it up and running thanks
i check the computer with ad ware and scanned it for viruses

thanks
0
Comment
Question by:ibartek
  • 5
  • 4
  • 4
  • +3
19 Comments
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
Hi ibartek,

Svchost.exe is a perfectly normal systemfile.
mainsrv.exe belongs to a program named ProPrinter.
smss.exe also is a perfectly normal systemfile.

About your freezing problem, check out your system temperatures, see if anything is overheating.

Greetings,

LucF
0
 
LVL 20

Expert Comment

by:DVation191
Comment Utility
having multiple instances of svchost.exe is normal too btw
0
 
LVL 4

Expert Comment

by:tmireles
Comment Utility
Did you have a lot of viri on the computer.  I assume since you said you think you got rid of all of them.  Did you re-run your Anti Virus program with updated defs. after you ran to remove the ones you had.  When I find a computer with many virus infections I usually run the AV program once and then reboot the machine into safe mode and do it again to make sure it caught everything.

As for your freezing problem it is kind of hard to figure out with the little information provided.

Try downloading hijackthis and run the scan and save the log file and then copy and paste it in here so we can have a look at what is going on.

http://www.spychecker.com/program/hijackthis.html

Good Luck.
0
 

Author Comment

by:ibartek
Comment Utility
Logfile of HijackThis v1.97.7
Scan saved at 4:48:33 PM, on 02/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\down\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://news.google.com/"); (C:\Program Files\Netscape\Users\areias\prefs.js)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\AMADEUS VPN\AutoExt.exe
O4 - HKLM\..\Run: [gbevli] C:\WINDOWS\System32\aercfq.exe
O4 - HKLM\..\Run: [tcpsyssrv.bat] C:\WINDOWS\tcpsyssrv.bat
O4 - HKLM\..\Run: [tcpsyssrv.exe] C:\WINDOWS\tcpsyssrv.exe
O4 - Global Startup: LYFY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .SWF: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://ca.amadeusvista.com/AutomaticUpdate/AutoUpdateATL.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://ca.amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} (Amadeus_SP2_Patcher Class) - http://amadeusvista.com/common/cabs/SP2Patch.CAB
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093348470644
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://us.amadeuscruise.com/common/cabs/MSIInspect.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37915.6139236111
O16 - DPF: {CDE9DD16-37C8-11D5-8476-000102A80AF0} (Socks Class) - http://vacation.agentnet.com/app/amadeus/ComSocks_1001.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E037FC50-FE36-11D3-BEEB-00008322EEB5} (PPUpdate Class) - http://amadeusproprinter.com/genericprev/PPUpdateATL.CAB
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://ca.amadeusvista.com/common/cabs/AmadeusInit.CAB


please help me
thanks
0
 
LVL 20

Expert Comment

by:DVation191
Comment Utility
i'd get rid of these...

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [gbevli] C:\WINDOWS\System32\aercfq.exe
O4 - HKLM\..\Run: [tcpsyssrv.bat] C:\WINDOWS\tcpsyssrv.bat
O4 - HKLM\..\Run: [tcpsyssrv.exe] C:\WINDOWS\tcpsyssrv.exe
O4 - Global Startup: LYFY.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab


make sure once you remove them that you then give a full scan of ad-aware http://www.lavasoftusa.com/
0
 
LVL 4

Expert Comment

by:tmireles
Comment Utility
I agree with Dvation......some of these look like they could be a virus.  In particular I would look at LYFY.EXE.

Can you give us more detail as to what or how many virus were removed from the computer.  Was the computer infected and then you installed an AV program to remove them or did the AV program just not have updated defs. and that is how it got infected.

Also have you tried running the AV program from safe mode?

0
 

Author Comment

by:ibartek
Comment Utility
i had some trojens some bagels and BKDR RSCRTA

i have soem suspicious files on my cmputer but they won't delete

i log in as admin but they are set to read only and don't have an option to edit

so i cannot delete them from the recycle bin and from the c dive

is there any tool thta could set the options and i would be able to delete
it say access denided

and also

when i have a file in the rycycle bin and it says that it cannot be deleted because the dir isn't empty but when i look itto the recycle bin
there isn't anything

please help me with this


thanks
0
 

Expert Comment

by:NuX2
Comment Utility
what OS are you running? I may have a fix for not being able to delete some files/read only,
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 91

Expert Comment

by:nobus
Comment Utility
run these :

Spybot :       http://www.download.com/3000-8022-10122137.html
adaware :  http://www.lavasoftusa.com/
      http://housecall.trendmicro.com/                       online scan for trojans
      http://www.ravantivirus.com/scan/
STINGER   http://www.chip.de/downloads/c_downloads_11105456.html      
If it finds a virus, write it down; then look up the virus information removal and delete it using the proper protocol
0
 

Author Comment

by:ibartek
Comment Utility
xp

but i also cannot delete some folders
0
 
LVL 20

Expert Comment

by:DVation191
Comment Utility
ibartek ...
assuming you have cable internet or dsl, reboot the computer...before the windows xp logo comes up, keep tapping F8 to get into safe mode.

When the safe mode menu comes up, choose 'Safe Mode with Networking' ... this will disable all startup items not necessary for you to be on the internet.

the go to this website to clean the viruses off your computer...
http://housecall.trendmicro.com/
0
 

Author Comment

by:ibartek
Comment Utility
listen i did that 10
i have 2 folders that are access denined and i cannot change their options to
do what ever i waqnt with it

the only option that is there

is read only

i need to delete it and
even in safe mde the message comes up and says access denid

please help me find a tool that could

delete these access denied folders and hidden files

thanks

i tried moveonboot but it doesn't work

please

thanks
0
 
LVL 20

Accepted Solution

by:
DVation191 earned 125 total points
Comment Utility
well if the folder is undeletable because of a virus the above might have helped you...but anyway...

there are many reasons a folder can be undeletable...but it's usually a filename problem or a permissions problem. in either case there is not really a 'easy' solution.

this is what you need to do.

1. Read this document to reset ALL the permissions on the folder
How to set, view, change, or remove file and folder permissions in Windows XP
http://support.microsoft.com/default.aspx?scid=KB;en-us;q308418

2. Read this document to delete the folder
You cannot delete a file or a folder on an NTFS file system volume
http://support.microsoft.com/default.aspx?scid=kb;en-us;320081

they are long, but so are the steps to deleting a folder that is not deletable. good luck.
0
 
LVL 4

Expert Comment

by:tmireles
Comment Utility
One thing that you can try, which I have done for things like this, is boot into the XP cd and choose the recovery console to boot into.  Once you are there navigate to the folder that contains the files/folders you cannot delete and then delete them that way.

You can type del or delete and then a space and then the file name with the extension if it has one and it will delete the file.  Be careful to make sure you don't delete system files.

Another option is if you have another windows machine (must be a win 2k or xp) is to take your drive out of your machine and slave it into the other machine.  Look for the files and then delete them that way.  

Good Luck I hoped this helps.
0
 
LVL 20

Expert Comment

by:DVation191
Comment Utility
good suggestions tmireles, but i don't think that will help you with permission problems, as both in the recovery console and from another xp/2000 machine, permissions will be retained...but who knows, its always worth a shot
0
 
LVL 4

Expert Comment

by:tmireles
Comment Utility
You might be right on this in recovery console.  I had a bad virus I couldn't get rid off because it was starting up as a service and would not let me kill the process or anything else.  It could not be deleted in regular or safe mode so I ended up trying the recovery console and this worked for me so not sure if the situation is the same.

If connected to another machine he might have to take ownership of the files but not real sure as I don't know if the access denied is just because the files are in use.  But worth a try with another machine and if it doesn't work then we will have to walk him through how to take ownership of the files.

Its either that or reformat and re-install and I am guessing he doesn't want to do that.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now