TheTechGuide Forum

General Category => Tech Clinic => Topic started by: jack1 on May 14, 2006, 12:55:45 PM

Title: My Compaq runs slow & locks up
Post by: jack1 on May 14, 2006, 12:55:45 PM

Having trouble with my Compaq Presario. It runs slow and will often lock up and will always lock up when trying to open my control panel using the start drop down menu, however I can open my control panel going through "my computer" on my desktop. can anyone help /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

Here is my Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:13:18 PM, on 5/14/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI ADAPTER\WMP54GV4.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\E_S4I2S1.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.4.0.0\HBSRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net/ (http://\"http://www.enter.net/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...archbar&LC=0409 (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c99&s=searchbar&LC=0409\")
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O2 - BHO: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.4.0.0\HBHOSTIE.DLL
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRAM FILES\COMET\BIN\AUTOSEARCH.DLL (file missing)
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\PROGRAM FILES\HOTBAR\BIN\4.4.0.0\HBHOSTIE.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\SYSTEM\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O7 "EPUSB1:" /M "Stylus C66"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home (http://\"http://jump.altavista.com/avie5/home\")
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search (http://\"http://jump.altavista.com/avie5/search\")
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\")
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\")
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (http://\"http://jump.altavista.com/avie5/home\") (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (http://\"http://jump.altavista.com/avie5/home\") (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\") (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\") (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (http://\"http://jump.altavista.com/avie5/linksearch\") (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (http://\"http://jump.altavista.com/avie5/linksearch\") (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (http://\"http://jump.altavista.com/avie5/hostsearch\") (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (http://\"http://jump.altavista.com/avie5/hostsearch\") (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab (http://\"http://www.dialpad.com/applet/vscp.cab\")
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB (http://\"http://www.callwave.com/include/cab/CWDL_DownLoad.CAB\")
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab (http://\"http://www.hpphoto.com/downloads/DownloadPhotos.cab\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")

Thanks!

Title: My Compaq runs slow & locks up
Post by: guestolo on May 14, 2006, 01:03:23 PM

Can you do the following please
Download and save to your Desktop
FxHotbar.exe (http://\"http://securityresponse.symantec.com/avcenter/FxHotbar.exe\") by Symantec's

Close down all other windows, including this one
Double click on FxHotbar.exe and click START
Let this finish scanning your computer
When it's done, restart the computer please

Back in Windows
Can you also run the following programs
If you have earlier versions, uninstall them thru add/remove programs before proceeding
Hold onto both of them, as they are yours for free

Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")

Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates

Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Back in Windows
Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
 or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process

Come back here and run another Scan and save logfile with Hijackthis and post a fresh log please

Can you also let me know what you are using for Anti-Virus protection
If you need a free solution, I have a link to one
It's not safe being on the Internet and downloading without AV protection

Title: My Compaq runs slow & locks up
Post by: jack1 on May 15, 2006, 12:53:10 PM

Guestolo,

Following is the latest Hijack-this report, after running the Ad-Aware  and Spybot programs.
I have also noticed when I shut down my computer I get a "windows notification" titled "WND for RNAdmin" stating that this is not reponding Then I have to click "end task" to continue the shut down process.

I had been using Grisoft AVG untill a couple days ago when I got fed up with time it took to virus scan incomming emails, 10 emails took about 8 minutes.

Here is the report:

 Logfile of HijackThis v1.99.1
Scan saved at 1:47:02 PM, on 5/15/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI ADAPTER\WMP54GV4.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\E_S4I2S1.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net/ (http://\"http://www.enter.net/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...archbar&LC=0409 (http://\"http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c99&s=searchbar&LC=0409\")
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRAM FILES\COMET\BIN\AUTOSEARCH.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\SYSTEM\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O7 "EPUSB1:" /M "Stylus C66"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home (http://\"http://jump.altavista.com/avie5/home\")
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search (http://\"http://jump.altavista.com/avie5/search\")
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\")
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\")
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (http://\"http://jump.altavista.com/avie5/home\") (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (http://\"http://jump.altavista.com/avie5/home\") (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\") (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\") (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (http://\"http://jump.altavista.com/avie5/linksearch\") (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (http://\"http://jump.altavista.com/avie5/linksearch\") (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (http://\"http://jump.altavista.com/avie5/hostsearch\") (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (http://\"http://jump.altavista.com/avie5/hostsearch\") (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab (http://\"http://www.dialpad.com/applet/vscp.cab\")
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB (http://\"http://www.callwave.com/include/cab/CWDL_DownLoad.CAB\")
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab (http://\"http://www.hpphoto.com/downloads/DownloadPhotos.cab\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")

Thanks

Title: My Compaq runs slow & locks up
Post by: guestolo on May 15, 2006, 02:15:50 PM

Quote

I had been using Grisoft AVG untill a couple days ago when I got fed up with time it took to virus scan incomming emails, 10 emails took about 8 minutes.

It really depends on the size of the files it's scanning, I've never had a problem with AVG
You should still have an active AV running in the background
I have links to other free versions, you only need one, but you do need one!

Quote

I get a "windows notification" titled "WND for RNAdmin"

Seems to be a problem with RealPlayer

Access your task manager (Hit Ctrl+Alt+Del)
End task on the following
EVNTSVC.EXE

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...archbar&LC=0409 (http://\"http://search.presario.net/scripts/redirec...archbar&LC=0409\")
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - C:\PROGRAM FILES\COMET\BIN\AUTOSEARCH.DLL (file missing)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot


After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Access your add/remove programs via control panel and remove RealPlayer

Reboot the computer afterwards

Back in Windows
Find and delete this folder if found
C:\PROGRAM FILES\COMET <-this folder

I suggest that before installing any new AV
Use Internet Explorer and go to this website
Panda ActiveScan (http://\"http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2factivescan.htm&NRNODEGUID=%7b3B202047-35D4-4DA2-B310-B1DBEC2971F2%7d&NRCACHEHINT=Guest\")

    * Once you are on the Panda site click the Scan your PC button.
    * A new window will open...click the big Check Now button.
    * Enter your Country.
    * Enter your State/Province.
    * Enter your e-mail address.
    * Select either "Home User or Company."
    * Click the big Scan Now button.
    * Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.

* Click on MyComputer to start the scan.

When the scan is complete
 click See Report, then click Save Report and save it to your Desktop.

Come back here and post the report from Panda's and a new hijackthis log

NOTE: You can reinstall RealPlayer after we have you clean and when needed

Title: My Compaq runs slow & locks up
Post by: jack1 on May 15, 2006, 05:44:45 PM

Guestolo,

I followed your instructions, the "EVNTSVC.EXE" was not found on the task manager. In the add remove programs listing I found "REALONE PLAYER" and removed it. In windows the folder C:\Progra, Files\Comet was not present. Following are the Hijackthis and Panda reports:

Logfile of HijackThis v1.99.1
Scan saved at 6:27:06 PM, on 5/15/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI ADAPTER\WMP54GV4.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\E_S4I2S1.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enter.net/ (http://\"http://www.enter.net/\")
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\SYSTEM\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O7 "EPUSB1:" /M "Stylus C66"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home (http://\"http://jump.altavista.com/avie5/home\")
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search (http://\"http://jump.altavista.com/avie5/search\")
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\")
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\")
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (http://\"http://jump.altavista.com/avie5/home\") (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (http://\"http://jump.altavista.com/avie5/home\") (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\") (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (http://\"http://jump.altavista.com/avie5/babelfish\") (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (http://\"http://jump.altavista.com/avie5/linksearch\") (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (http://\"http://jump.altavista.com/avie5/linksearch\") (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (http://\"http://jump.altavista.com/avie5/hostsearch\") (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (http://\"http://jump.altavista.com/avie5/hostsearch\") (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: Serome Web2Phone - http://www.dialpad.com/applet/vscp.cab (http://\"http://www.dialpad.com/applet/vscp.cab\")
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB (http://\"http://www.callwave.com/include/cab/CWDL_DownLoad.CAB\")
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab (http://\"http://www.hpphoto.com/downloads/DownloadPhotos.cab\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")


Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Adware:adware/comet                                                             Not disinfected               Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/Comet                                                             Not disinfected               C:\WINDOWS\TEMP\ccu\comet.cab[csbho.dll]                                                                                                                                                                                                                        
Adware:Adware/Comet                                                             Not disinfected               C:\WINDOWS\TEMP\ccu\csbho.dll                                                                                                                                                                                                                                  
Spyware:Cookie/LinkExchange                                                     Not disinfected               C:\WINDOWS\Cookies\default@linkexchange[1].txt                                                                                                                                                                                                                  
Spyware:Cookie/Go                                                               Not disinfected               C:\WINDOWS\Cookies\default@go[2].txt                                                                                                                                                                                                                            
Spyware:Cookie/Preferences                                                      Not disinfected               C:\WINDOWS\Cookies\default@preferences[2].txt                                                                                                                                                                                                                  
Spyware:Cookie/Preferences                                                      Not disinfected               C:\WINDOWS\Cookies\default@preferences[1].txt                                                                                                                                                                                                                  
Spyware:Cookie/Kount                                                            Not disinfected               C:\WINDOWS\Cookies\anyuser@kount[1].txt                                                                                                                                                                                                                        
Spyware:Cookie/LinkExchange                                                     Not disinfected               C:\WINDOWS\Cookies\default@linkexchange[2].txt                                                                                                                                                                                                                  
Spyware:Cookie/Belnk                                                            Not disinfected               C:\WINDOWS\Cookies\[email protected][2].txt                                                                                                                                                                                                                    
Spyware:Cookie/LinkExchange                                                     Not disinfected               C:\WINDOWS\Cookies\default@linkexchange[3].txt                                                                                                                                                                                                                  
Spyware:Cookie/Go                                                               Not disinfected               C:\WINDOWS\Cookies\default@go[1].txt                                                                                                                                                                                                                            
Spyware:Cookie/LinkExchange                                                     Not disinfected               C:\WINDOWS\Cookies\default@linkexchange[4].txt                                                                                                                                                                                                                  
Spyware:Cookie/Preferences                                                      Not disinfected               C:\WINDOWS\Cookies\default@preferences[4].txt                                                                                                                                                                                                                  
Spyware:Cookie/Go                                                               Not disinfected               C:\WINDOWS\Cookies\default@go[3].txt                                                                                                                                                                                                                            
Spyware:Cookie/Atwola                                                           Not disinfected               C:\WINDOWS\Cookies\default@atwola[2].txt                                                                                                                                                                                                                        
Spyware:Cookie/myaffiliateprogram                                               Not disinfected               C:\WINDOWS\Cookies\[email protected][1].txt                                                                                                                                                                                                        
Spyware:Cookie/Go                                                               Not disinfected               C:\WINDOWS\Cookies\default@go[4].txt                                                                                                                                                                                                                            
Spyware:Cookie/YieldManager                                                     Not disinfected               C:\WINDOWS\Cookies\[email protected][1].txt                                                                                                                                                                                                              
Spyware:Cookie/myaffiliateprogram                                               Not disinfected               C:\WINDOWS\Cookies\[email protected][3].txt                                                                                                                                                                                                        
Spyware:Cookie/Affiliate fuel                                                   Not disinfected               C:\WINDOWS\Cookies\[email protected][2].txt                                                                                                                                                                                                            
Spyware:Cookie/Com.com                                                          Not disinfected               C:\WINDOWS\Cookies\default@com[1].txt                                                                                                                                                                                                                          
Spyware:Cookie/Apmebf                                                           Not disinfected               C:\WINDOWS\Cookies\default@apmebf[2].txt                                                                                                                                                                                                                        
Spyware:Cookie/Overture                                                         Not disinfected               C:\WINDOWS\Cookies\[email protected][1].txt                                                                                                                                                                                                                
Spyware:Cookie/Com.com                                                          Not disinfected               C:\WINDOWS\Cookies\default@com[2].txt                                                                                                                                                                                                                          
Spyware:Cookie/Atwola                                                           Not disinfected               C:\WINDOWS\Cookies\default@atwola[1].txt                                                                                                                                                                                                                        
Spyware:Cookie/Go                                                               Not disinfected               C:\WINDOWS\Cookies\default@go[5].txt                                                                                                                                                                                                                            
Spyware:Cookie/Belnk                                                            Not disinfected               C:\WINDOWS\Cookies\[email protected][2].txt                                                                                                                                                                                                                    
Spyware:Cookie/Go                                                               Not disinfected               C:\WINDOWS\Cookies\default@go[6].txt                                                                                                                                                                                                                            
Spyware:Cookie/Kount                                                            Not disinfected               C:\WINDOWS\Cookies\default@kount[1].txt

Title: My Compaq runs slow & locks up
Post by: guestolo on May 15, 2006, 07:10:23 PM

Can you do the following please
Let's ensure we get those temp files clean and cookies

==Download and install Windows CleanUp! 4.5.1 (http://\"http://www.stevengould.org/downloads/cleanup/CleanUp451.exe\")

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start >  Programs menu).
Press the CleanUp! button to start the program.
It may run in demo mode first time, you can allow it or run the actual cleanup at this point
We need to run the cleanup
When it's done, click Close

Don't reboot the computer yet

*Install  SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Could you now reboot your computer

Back in Windows, as mentioned, it is not safe running without virus protection
I would opt to reinstall AVG or try AVAST
Use only one please
Here's a link to both free versions
AVG 7 by Grisoft (http://\"http://free.grisoft.com/doc/2/lng/us/tpl/v5\")

Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")

After it is installed, make sure it is updated and run a full system scan

Come back here and let me know how things are running please

Title: My Compaq runs slow & locks up
Post by: jack1 on May 15, 2006, 09:33:47 PM

Guestolo,

I did everything you suggested on your last post. I re-installed AVG7 Grisoft. My lock ups have stopped and my speed has increased greatly. Even my email downloads are running super fast. Great work! Thanks so much. /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Jack1

Title: My Compaq runs slow & locks up
Post by: guestolo on May 16, 2006, 08:39:37 PM

Glad to help Jack1
I notice you don't run a Software firewall on your computer
I have links to free ones
Although you May be connected to a Hardware firewall
A software firewall is added protection
It will also block incoming connections but also alerts to outgoing connections that you have not authorized

Would you like a link to a free one to aid in your protections?