ibartek
asked on
proccessee freezing my computer
hi
i have 512 ram and i cleaned all the viruses (i think) and my computer freezes
at the startup i have 3 processes that are the same accept they take up more space
svchost.exe
i have mainsrv.exe
smss.exe that look funny
please help me this system is freezing and i need to get it up and running thanks
i check the computer with ad ware and scanned it for viruses
thanks
i have 512 ram and i cleaned all the viruses (i think) and my computer freezes
at the startup i have 3 processes that are the same accept they take up more space
svchost.exe
i have mainsrv.exe
smss.exe that look funny
please help me this system is freezing and i need to get it up and running thanks
i check the computer with ad ware and scanned it for viruses
thanks
having multiple instances of svchost.exe is normal too btw
Did you have a lot of viri on the computer. I assume since you said you think you got rid of all of them. Did you re-run your Anti Virus program with updated defs. after you ran to remove the ones you had. When I find a computer with many virus infections I usually run the AV program once and then reboot the machine into safe mode and do it again to make sure it caught everything.
As for your freezing problem it is kind of hard to figure out with the little information provided.
Try downloading hijackthis and run the scan and save the log file and then copy and paste it in here so we can have a look at what is going on.
http://www.spychecker.com/program/hijackthis.html
Good Luck.
As for your freezing problem it is kind of hard to figure out with the little information provided.
Try downloading hijackthis and run the scan and save the log file and then copy and paste it in here so we can have a look at what is going on.
http://www.spychecker.com/program/hijackthis.html
Good Luck.
ASKER
Logfile of HijackThis v1.97.7
Scan saved at 4:48:33 PM, on 02/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\down\HijackThis.exe
R0 - HKCU\Software\Microsoft\In
N1 - Netscape 4: user_pref("browser.startup
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-1
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-1
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-1
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\AMADEUS VPN\AutoExt.exe
O4 - HKLM\..\Run: [gbevli] C:\WINDOWS\System32\aercfq
O4 - HKLM\..\Run: [tcpsyssrv.bat] C:\WINDOWS\tcpsyssrv.bat
O4 - HKLM\..\Run: [tcpsyssrv.exe] C:\WINDOWS\tcpsyssrv.exe
O4 - Global Startup: LYFY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .SWF: C:\PROGRAM FILES\NETSCAPE\COMMUNICATO
O16 - DPF: {051FE707-9706-11D5-A836-0
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
O16 - DPF: {266BB960-7DA8-11D4-A849-0
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0
O16 - DPF: {33564D57-0000-0010-8000-0
O16 - DPF: {3D518D7D-422F-4787-AC71-1
O16 - DPF: {421A63BA-4632-43E0-A942-3
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {665C05C1-517D-11D3-BE4A-0
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {7A32634B-029C-4836-A023-5
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-1
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {CDE9DD16-37C8-11D5-8476-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-7
O16 - DPF: {E037FC50-FE36-11D3-BEEB-0
O16 - DPF: {EBE01DF7-D451-11D5-A842-0
please help me
thanks
Scan saved at 4:48:33 PM, on 02/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\down\HijackThis.exe
R0 - HKCU\Software\Microsoft\In
N1 - Netscape 4: user_pref("browser.startup
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-1
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-1
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-1
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\AMADEUS VPN\AutoExt.exe
O4 - HKLM\..\Run: [gbevli] C:\WINDOWS\System32\aercfq
O4 - HKLM\..\Run: [tcpsyssrv.bat] C:\WINDOWS\tcpsyssrv.bat
O4 - HKLM\..\Run: [tcpsyssrv.exe] C:\WINDOWS\tcpsyssrv.exe
O4 - Global Startup: LYFY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QB
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .SWF: C:\PROGRAM FILES\NETSCAPE\COMMUNICATO
O16 - DPF: {051FE707-9706-11D5-A836-0
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
O16 - DPF: {266BB960-7DA8-11D4-A849-0
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0
O16 - DPF: {33564D57-0000-0010-8000-0
O16 - DPF: {3D518D7D-422F-4787-AC71-1
O16 - DPF: {421A63BA-4632-43E0-A942-3
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {665C05C1-517D-11D3-BE4A-0
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {7A32634B-029C-4836-A023-5
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-1
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {CDE9DD16-37C8-11D5-8476-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-7
O16 - DPF: {E037FC50-FE36-11D3-BEEB-0
O16 - DPF: {EBE01DF7-D451-11D5-A842-0
please help me
thanks
i'd get rid of these...
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-1
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-1
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-1
O4 - HKLM\..\Run: [gbevli] C:\WINDOWS\System32\aercfq
O4 - HKLM\..\Run: [tcpsyssrv.bat] C:\WINDOWS\tcpsyssrv.bat
O4 - HKLM\..\Run: [tcpsyssrv.exe] C:\WINDOWS\tcpsyssrv.exe
O4 - Global Startup: LYFY.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
make sure once you remove them that you then give a full scan of ad-aware http://www.lavasoftusa.com/
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-1
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-1
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-1
O4 - HKLM\..\Run: [gbevli] C:\WINDOWS\System32\aercfq
O4 - HKLM\..\Run: [tcpsyssrv.bat] C:\WINDOWS\tcpsyssrv.bat
O4 - HKLM\..\Run: [tcpsyssrv.exe] C:\WINDOWS\tcpsyssrv.exe
O4 - Global Startup: LYFY.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
make sure once you remove them that you then give a full scan of ad-aware http://www.lavasoftusa.com/
I agree with Dvation......some of these look like they could be a virus. In particular I would look at LYFY.EXE.
Can you give us more detail as to what or how many virus were removed from the computer. Was the computer infected and then you installed an AV program to remove them or did the AV program just not have updated defs. and that is how it got infected.
Also have you tried running the AV program from safe mode?
Can you give us more detail as to what or how many virus were removed from the computer. Was the computer infected and then you installed an AV program to remove them or did the AV program just not have updated defs. and that is how it got infected.
Also have you tried running the AV program from safe mode?
ASKER
i had some trojens some bagels and BKDR RSCRTA
i have soem suspicious files on my cmputer but they won't delete
i log in as admin but they are set to read only and don't have an option to edit
so i cannot delete them from the recycle bin and from the c dive
is there any tool thta could set the options and i would be able to delete
it say access denided
and also
when i have a file in the rycycle bin and it says that it cannot be deleted because the dir isn't empty but when i look itto the recycle bin
there isn't anything
please help me with this
thanks
i have soem suspicious files on my cmputer but they won't delete
i log in as admin but they are set to read only and don't have an option to edit
so i cannot delete them from the recycle bin and from the c dive
is there any tool thta could set the options and i would be able to delete
it say access denided
and also
when i have a file in the rycycle bin and it says that it cannot be deleted because the dir isn't empty but when i look itto the recycle bin
there isn't anything
please help me with this
thanks
what OS are you running? I may have a fix for not being able to delete some files/read only,
run these :
Spybot : http://www.download.com/3000-8022-10122137.html
adaware : http://www.lavasoftusa.com/
http://housecall.trendmicro.com/ online scan for trojans
http://www.ravantivirus.com/scan/
STINGER http://www.chip.de/downloads/c_downloads_11105456.html
If it finds a virus, write it down; then look up the virus information removal and delete it using the proper protocol
Spybot : http://www.download.com/3000-8022-10122137.html
adaware : http://www.lavasoftusa.com/
http://housecall.trendmicro.com/ online scan for trojans
http://www.ravantivirus.com/scan/
STINGER http://www.chip.de/downloads/c_downloads_11105456.html
If it finds a virus, write it down; then look up the virus information removal and delete it using the proper protocol
ASKER
xp
but i also cannot delete some folders
but i also cannot delete some folders
ibartek ...
assuming you have cable internet or dsl, reboot the computer...before the windows xp logo comes up, keep tapping F8 to get into safe mode.
When the safe mode menu comes up, choose 'Safe Mode with Networking' ... this will disable all startup items not necessary for you to be on the internet.
the go to this website to clean the viruses off your computer...
http://housecall.trendmicro.com/
assuming you have cable internet or dsl, reboot the computer...before the windows xp logo comes up, keep tapping F8 to get into safe mode.
When the safe mode menu comes up, choose 'Safe Mode with Networking' ... this will disable all startup items not necessary for you to be on the internet.
the go to this website to clean the viruses off your computer...
http://housecall.trendmicro.com/
ASKER
listen i did that 10
i have 2 folders that are access denined and i cannot change their options to
do what ever i waqnt with it
the only option that is there
is read only
i need to delete it and
even in safe mde the message comes up and says access denid
please help me find a tool that could
delete these access denied folders and hidden files
thanks
i tried moveonboot but it doesn't work
please
thanks
i have 2 folders that are access denined and i cannot change their options to
do what ever i waqnt with it
the only option that is there
is read only
i need to delete it and
even in safe mde the message comes up and says access denid
please help me find a tool that could
delete these access denied folders and hidden files
thanks
i tried moveonboot but it doesn't work
please
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One thing that you can try, which I have done for things like this, is boot into the XP cd and choose the recovery console to boot into. Once you are there navigate to the folder that contains the files/folders you cannot delete and then delete them that way.
You can type del or delete and then a space and then the file name with the extension if it has one and it will delete the file. Be careful to make sure you don't delete system files.
Another option is if you have another windows machine (must be a win 2k or xp) is to take your drive out of your machine and slave it into the other machine. Look for the files and then delete them that way.
Good Luck I hoped this helps.
You can type del or delete and then a space and then the file name with the extension if it has one and it will delete the file. Be careful to make sure you don't delete system files.
Another option is if you have another windows machine (must be a win 2k or xp) is to take your drive out of your machine and slave it into the other machine. Look for the files and then delete them that way.
Good Luck I hoped this helps.
good suggestions tmireles, but i don't think that will help you with permission problems, as both in the recovery console and from another xp/2000 machine, permissions will be retained...but who knows, its always worth a shot
You might be right on this in recovery console. I had a bad virus I couldn't get rid off because it was starting up as a service and would not let me kill the process or anything else. It could not be deleted in regular or safe mode so I ended up trying the recovery console and this worked for me so not sure if the situation is the same.
If connected to another machine he might have to take ownership of the files but not real sure as I don't know if the access denied is just because the files are in use. But worth a try with another machine and if it doesn't work then we will have to walk him through how to take ownership of the files.
Its either that or reformat and re-install and I am guessing he doesn't want to do that.
If connected to another machine he might have to take ownership of the files but not real sure as I don't know if the access denied is just because the files are in use. But worth a try with another machine and if it doesn't work then we will have to walk him through how to take ownership of the files.
Its either that or reformat and re-install and I am guessing he doesn't want to do that.
Svchost.exe is a perfectly normal systemfile.
mainsrv.exe belongs to a program named ProPrinter.
smss.exe also is a perfectly normal systemfile.
About your freezing problem, check out your system temperatures, see if anything is overheating.
Greetings,
LucF