Solved

proccessee freezing my computer

Posted on 2004-09-02
19
459 Views
Last Modified: 2008-01-09
hi
i have 512 ram and i cleaned all the viruses (i think) and my computer freezes

at the startup i have 3 processes that are the same accept they take up more space

svchost.exe
 i have mainsrv.exe

smss.exe that look funny

please help me this system is freezing and i need to get it up and running thanks
i check the computer with ad ware and scanned it for viruses

thanks
0
Comment
Question by:ibartek
  • 5
  • 4
  • 4
  • +3
19 Comments
 
LVL 32

Expert Comment

by:Luc Franken
ID: 11967477
Hi ibartek,

Svchost.exe is a perfectly normal systemfile.
mainsrv.exe belongs to a program named ProPrinter.
smss.exe also is a perfectly normal systemfile.

About your freezing problem, check out your system temperatures, see if anything is overheating.

Greetings,

LucF
0
 
LVL 20

Expert Comment

by:DVation191
ID: 11967535
having multiple instances of svchost.exe is normal too btw
0
 
LVL 4

Expert Comment

by:tmireles
ID: 11967861
Did you have a lot of viri on the computer.  I assume since you said you think you got rid of all of them.  Did you re-run your Anti Virus program with updated defs. after you ran to remove the ones you had.  When I find a computer with many virus infections I usually run the AV program once and then reboot the machine into safe mode and do it again to make sure it caught everything.

As for your freezing problem it is kind of hard to figure out with the little information provided.

Try downloading hijackthis and run the scan and save the log file and then copy and paste it in here so we can have a look at what is going on.

http://www.spychecker.com/program/hijackthis.html

Good Luck.
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 

Author Comment

by:ibartek
ID: 11968153
Logfile of HijackThis v1.97.7
Scan saved at 4:48:33 PM, on 02/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\down\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://news.google.com/"); (C:\Program Files\Netscape\Users\areias\prefs.js)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\AMADEUS VPN\AutoExt.exe
O4 - HKLM\..\Run: [gbevli] C:\WINDOWS\System32\aercfq.exe
O4 - HKLM\..\Run: [tcpsyssrv.bat] C:\WINDOWS\tcpsyssrv.bat
O4 - HKLM\..\Run: [tcpsyssrv.exe] C:\WINDOWS\tcpsyssrv.exe
O4 - Global Startup: LYFY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .SWF: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://ca.amadeusvista.com/AutomaticUpdate/AutoUpdateATL.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://ca.amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} (Amadeus_SP2_Patcher Class) - http://amadeusvista.com/common/cabs/SP2Patch.CAB
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproactauthmirror/internetwasherpro.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093348470644
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://us.amadeuscruise.com/common/cabs/MSIInspect.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37915.6139236111
O16 - DPF: {CDE9DD16-37C8-11D5-8476-000102A80AF0} (Socks Class) - http://vacation.agentnet.com/app/amadeus/ComSocks_1001.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E037FC50-FE36-11D3-BEEB-00008322EEB5} (PPUpdate Class) - http://amadeusproprinter.com/genericprev/PPUpdateATL.CAB
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://ca.amadeusvista.com/common/cabs/AmadeusInit.CAB


please help me
thanks
0
 
LVL 20

Expert Comment

by:DVation191
ID: 11968201
i'd get rid of these...

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [gbevli] C:\WINDOWS\System32\aercfq.exe
O4 - HKLM\..\Run: [tcpsyssrv.bat] C:\WINDOWS\tcpsyssrv.bat
O4 - HKLM\..\Run: [tcpsyssrv.exe] C:\WINDOWS\tcpsyssrv.exe
O4 - Global Startup: LYFY.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab


make sure once you remove them that you then give a full scan of ad-aware http://www.lavasoftusa.com/
0
 
LVL 4

Expert Comment

by:tmireles
ID: 11969096
I agree with Dvation......some of these look like they could be a virus.  In particular I would look at LYFY.EXE.

Can you give us more detail as to what or how many virus were removed from the computer.  Was the computer infected and then you installed an AV program to remove them or did the AV program just not have updated defs. and that is how it got infected.

Also have you tried running the AV program from safe mode?

0
 

Author Comment

by:ibartek
ID: 11969452
i had some trojens some bagels and BKDR RSCRTA

i have soem suspicious files on my cmputer but they won't delete

i log in as admin but they are set to read only and don't have an option to edit

so i cannot delete them from the recycle bin and from the c dive

is there any tool thta could set the options and i would be able to delete
it say access denided

and also

when i have a file in the rycycle bin and it says that it cannot be deleted because the dir isn't empty but when i look itto the recycle bin
there isn't anything

please help me with this


thanks
0
 

Expert Comment

by:NuX2
ID: 11970544
what OS are you running? I may have a fix for not being able to delete some files/read only,
0
 
LVL 92

Expert Comment

by:nobus
ID: 11970622
run these :

Spybot :       http://www.download.com/3000-8022-10122137.html
adaware :  http://www.lavasoftusa.com/
      http://housecall.trendmicro.com/                       online scan for trojans
      http://www.ravantivirus.com/scan/
STINGER   http://www.chip.de/downloads/c_downloads_11105456.html      
If it finds a virus, write it down; then look up the virus information removal and delete it using the proper protocol
0
 

Author Comment

by:ibartek
ID: 11972542
xp

but i also cannot delete some folders
0
 
LVL 20

Expert Comment

by:DVation191
ID: 11972843
ibartek ...
assuming you have cable internet or dsl, reboot the computer...before the windows xp logo comes up, keep tapping F8 to get into safe mode.

When the safe mode menu comes up, choose 'Safe Mode with Networking' ... this will disable all startup items not necessary for you to be on the internet.

the go to this website to clean the viruses off your computer...
http://housecall.trendmicro.com/
0
 

Author Comment

by:ibartek
ID: 11973459
listen i did that 10
i have 2 folders that are access denined and i cannot change their options to
do what ever i waqnt with it

the only option that is there

is read only

i need to delete it and
even in safe mde the message comes up and says access denid

please help me find a tool that could

delete these access denied folders and hidden files

thanks

i tried moveonboot but it doesn't work

please

thanks
0
 
LVL 20

Accepted Solution

by:
DVation191 earned 125 total points
ID: 11973564
well if the folder is undeletable because of a virus the above might have helped you...but anyway...

there are many reasons a folder can be undeletable...but it's usually a filename problem or a permissions problem. in either case there is not really a 'easy' solution.

this is what you need to do.

1. Read this document to reset ALL the permissions on the folder
How to set, view, change, or remove file and folder permissions in Windows XP
http://support.microsoft.com/default.aspx?scid=KB;en-us;q308418

2. Read this document to delete the folder
You cannot delete a file or a folder on an NTFS file system volume
http://support.microsoft.com/default.aspx?scid=kb;en-us;320081

they are long, but so are the steps to deleting a folder that is not deletable. good luck.
0
 
LVL 4

Expert Comment

by:tmireles
ID: 11974557
One thing that you can try, which I have done for things like this, is boot into the XP cd and choose the recovery console to boot into.  Once you are there navigate to the folder that contains the files/folders you cannot delete and then delete them that way.

You can type del or delete and then a space and then the file name with the extension if it has one and it will delete the file.  Be careful to make sure you don't delete system files.

Another option is if you have another windows machine (must be a win 2k or xp) is to take your drive out of your machine and slave it into the other machine.  Look for the files and then delete them that way.  

Good Luck I hoped this helps.
0
 
LVL 20

Expert Comment

by:DVation191
ID: 11974813
good suggestions tmireles, but i don't think that will help you with permission problems, as both in the recovery console and from another xp/2000 machine, permissions will be retained...but who knows, its always worth a shot
0
 
LVL 4

Expert Comment

by:tmireles
ID: 11975091
You might be right on this in recovery console.  I had a bad virus I couldn't get rid off because it was starting up as a service and would not let me kill the process or anything else.  It could not be deleted in regular or safe mode so I ended up trying the recovery console and this worked for me so not sure if the situation is the same.

If connected to another machine he might have to take ownership of the files but not real sure as I don't know if the access denied is just because the files are in use.  But worth a try with another machine and if it doesn't work then we will have to walk him through how to take ownership of the files.

Its either that or reformat and re-install and I am guessing he doesn't want to do that.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question