# Computer slowdown



## faith (Mar 23, 2001)

My computer has been acting weird for a few days now. Very slow, with the mouse sometimes lagging, especially if I'm browsing. Pages taking forever to open, 0utlook is taking a long time too. Also, my clock has suddenly started losing time.

I'm running McAffee and I went to the site and recently updated. I did a scan on Panda and it found two viruses which it 'disinfected'. (Klez)

Last night I ran scan disk and defrag. The defrag never ran, and when I came down this morning there was a message that said: "Your computer does not have enough free memory to defragment this drive. Quit one or more programs and then try defragmenting this drive again."

There was nothing else running! I think my computer is possessed.  

Can anyone give me any insights into this? I'm game to try anything.

Windows98SE
Pentium III
384 RAM
16MB 3dfx Voodoo3 3000D AGP


----------



## mtbird (Dec 10, 2001)

Morning faith 
I think the "virus gurus" might want to look at what you have in your startups.
Download the Startup list program from here .........

http://www.lurkhere.com/~nicefiles/index.html

Copy / paste it back here and they can look at it for starters.

Debe


----------



## faith (Mar 23, 2001)

It took me ages to get startup to install, but here we go...
It's all Greek to me! (Should this thread be moved to Security?)

StartupList report, 10/9/02, 8:53:00 AM
StartupList version: 1.34.0
Started from : C:\WINDOWS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\H9C7CYGB\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\H9C7CYGB\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
HotSync Manager.lnk = C:\Program Files\Palm\HotSync.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
Change Lines = C:\chngline.exe
SystemTray = SysTray.Exe
TCASUTIEXE = TCAUDIAG.EXE -off
POINTER = C:\PROGRA~1\MSHARD~1\point32.exe
VsEcomrEXE = C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
RegShave = C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Alogserv = C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
LifeScape Media Detector = C:\Program Files\Picasa\PicasaMediaDetector.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Encompass_ENCMONTR = C:\Program Files\Encompass\ENCMONTR.EXE
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
McAfeeVirusScanService = C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
SchedulingAgent = mstask.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = c:\windows\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exeadvpack.dll

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\EASYPH~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 7/10/2002, 9:26:50)

[Rename]
NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SET90B2.TMP
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IEPEERS.RCX
C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\RSASIG.DLL
C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\XENROLL.DLL
C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSCAT32.DLL
C:\WINDOWS\SYSTEM\MSSIP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIP32.DLL
C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIGN32.DLL
C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTUI.DLL
C:\WINDOWS\SYSTEM\CRYPTNET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTNET.DLL
C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTEXT.DLL
C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DIGEST.DLL
C:\WINDOWS\SYSTEM\MSXMLR.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXMLR.DLL
C:\WINDOWS\SYSTEM\WLDAP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\WLDAP32.DLL
C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTMSFT.DLL
C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DXTRANS.DLL
C:\WINDOWS\SYSTEM\MSTIME.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSTIME.DLL
C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MMUTILSE.DLL
C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATING.DLL
C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\HLINK.DLL
C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PROCTEXE.OCX
C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\URL.DLL
C:\WINDOWS\SYSTEM\IMAGEHLP.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\IMAGEHLP.DLL
C:\WINDOWS\SYSTEM\COMCTL32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9341.TMP
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9360.TMP
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9361.TMP
C:\WINDOWS\SYSTEM\MSHTML.TLB=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9365.TMP
C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9366.TMP
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9367.TMP
C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9370.TMP
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9371.TMP
C:\WINDOWS\SYSTEM\JSCRIPT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9372.TMP
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9373.TMP
C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9374.TMP
C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9375.TMP
C:\WINDOWS\SYSTEM\ACTXPRXY.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9376.TMP
C:\WINDOWS\SYSTEM\MLANG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9377.TMP
C:\WINDOWS\SYSTEM\IMGUTIL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9378.TMP
C:\WINDOWS\SYSTEM\MSXML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM9379.TMP
C:\WINDOWS\SYSTEM\MSXMLA.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM937A.TMP
C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM93B3.TMP
C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM93B4.TMP
C:\WINDOWS\SYSTEM\SHDOC401.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM93B5.TMP
C:\WINDOWS\SYSTEM\SHD401LC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM93B6.TMP
C:\WINDOWS\SYSTEM\SHFOLDER.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACM93B7.TMP
C:\WINDOWS\SYSTEM\MSLS31.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMA002.TMP
NUL=C:\WINDOWS\SHELLI~1
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SETA075.TMP
NUL=C:\WINDOWS\SYSTEM\MSIDLE.DLL
C:\WINDOWS\SYSTEM\MSIDLE.DLL=C:\WINDOWS\SYSTEM\SETA080.TMP
c:\windows\SYSTEM\jscript.dll=c:\windows\SYSTEM\jscript.001
c:\windows\SYSTEM\OLEAUT32.DLL=c:\windows\SYSTEM\OLEAUT32.001
c:\windows\SYSTEM\OLEPRO32.DLL=c:\windows\SYSTEM\OLEPRO32.001
c:\windows\SYSTEM\STDOLE2.TLB=c:\windows\SYSTEM\STDOLE2.001

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

@ECHO OFF
REM [Header]
REM [CD-ROM Drive]
REM C:\WINDOWS\COMMAND\MSCDEX /D:MSCD001
REM [Miscellaneous]
REM [Display]
@SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.0\ADOBEC~1
C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\scan.exe c:\
@IF ERRORLEVEL 1 PAUSE

--------------------------------------------------

C:\CONFIG.SYS listing:

REM [Header] 
REM [CD-ROM Drive]
REM DEVICE=C:\CDROM\TAISATAP.SYS /D:MSCD001 /PIO
REM [Miscellaneous]
REM [Display]
DEVICE=c:\windows\setver.exe
[COMMON]
DEVICE=C:\DELL\RTC.CLK +R

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off
REM Notes:
REM DOSSTART.BAT is run whenenver you choose "Restart the computer 
REM in MS-DOS mode" from the Shutdown menu in Windows. It allows 
REM you to load programs that you might not want loaded in Windows, 
REM (because they have functional equivalents) but that you do 
REM want loaded under MS-DOS. The two primary candidates for 
REM this are MSCDEX and a real mode driver for the mouse you ship
REM with your system. Commands that you want present in both Windows
REM and MS-DOS should be placed in the Autoexec.bat in the 
REM \Image directory of your reference server. Please note that for
REM MSCDEX you will need to load the corresponding real-mode CD 
REM driver in Config.sys. This driver won't be used by Windows 98
REM but will be available prior to and after Windows 98 exits.
REM
REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
REM before Windows loads and access the CD-ROM. All you have to do
REM is press F8 and then run DOSSTART to load MSCDEX and your real
REM mode mouse driver (no need to remember the command line parameters
REM for these two files.
REM
REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
REM - The string following the /D: statement must explicitly match 
REM the string in CONFIG.SYS following your CD-ROM device driver.
REM MSCDEX.EXE /D:OEMCD001 /l:d
REM MOUSE.EXE
REM DOS MOUSE DRIVER ADDED BY MICROSOFT INTELLIPOINT SETUP
LH C:\PROGRA~1\MSHARD~1\MOUSE\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\SYSTEM\NZDD.DLL - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Communities.com Passport]
InProcServer32 = C:\WINDOWS\SYSTEM\CPACTIVEX.DLL
CODEBASE = http://cartoonorbit.cartoonnetwork.com/orbiter11002/ie/orbiter.cab

[Cult3D ActiveX Player]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IECULT.DLL
CODEBASE = http://www.cult3d.com/download/cult.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/download/ipixx.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1097/V31Controls/x86/w98/en/actsetup.cab

[Create and Print ActiveX Plug-in]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXCTP.DLL
CODEBASE = http://www.americangreetings.com/cnp/Install/AxCtp.cab

[PrintQuickActiveXSetup Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PRINTQUICKACTIVEX.DLL
CODEBASE = http://www.pqpc.com/plugin/win/ie/printQuick.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoftware.es/activescan/as/asinst.cab

--------------------------------------------------
End of report, 14,344 bytes
Report generated in 0.476 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## ddraigcoch (Mar 3, 2001)

WOW! That's a lot of stuff running & I see you're using Connect Direct, which is known for causing more trouble than the worth of it and you have Netzip Demon Spyware.

Go to Start, Run and type msconfig then press enter. Go to the start up tab and uncheck the following:

Change Lines 
RegShave 
LifeScape Media Detector 
Encompass_ENCMONTR 
AIM

Press Apply but don't reboot.

You should go to Add/Remove programs and uninstall Netzip Demon, then reboot.

Now install Spybot S&D from http://security.kolla.de/, but update it before scanning. To do this, go to Online, Check for updates and tick all the boxes for the updates (excluding the language packs if not needed). Then do a full scan and eliminate any spyware it finds.

I would also recommend running Hijack this to eliminate any BHO's left after removing Netzip, this is freeware from http://www.geocities.com/merijn_bellekom/new/files.html


----------



## faith (Mar 23, 2001)

Hi ddraigcoch,
I installed and ran spybot yesterday. I unchecked the things in startup you suggested. I looked in Add/Remove programs but there was no Netzip Demon to be seen. 

I would really prefer not to install Hijack while my computer is still so wonky. I'd hate to add more software into the already confusing mix. Thanks


----------



## ddraigcoch (Mar 3, 2001)

Hijack This doesn't need installing, you merely run it to disable the BHO's & you definitely need to get rid of Netzip


----------



## faith (Mar 23, 2001)

Here's what HijackThis came up with. I don't see any reference to Netzip...

Logfile of HijackThis v1.40.0
Scan saved at 12:46:56 PM, on 10/9/02
Platform: Windows 9x 4.10.2222

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.aol.com/netfind/refer/microsoft.ie4.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.srh.noaa.gov/data/forecasts/MAZ014.php?warnzone=maz014&warncounty=mac017
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.excite.com/microsoft/ie50
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
F1 - win.ini: run=hpfsched
O2 - BHO: C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
O3 - Toolbar: &Radio
O9 - Extra button: Related
O9 - Extra 'Tools' menuitem: Show &Related Links
O9 - Extra button: Real.com
O9 - Extra button: Messenger
O9 - Extra 'Tools' menuitem: MSN Messenger Service
O9 - Extra button: AIM


----------



## ddraigcoch (Mar 3, 2001)

Yes it's there:

O2 - BHO: C:\WINDOWS\SYSTEM\NZDD.DLL 

Check it & then let Hijack This fix it!


----------



## faith (Mar 23, 2001)

Done and done.


----------



## faith (Mar 23, 2001)

It's still slow... I'll try defrag tonight and see if it will allow it! Is there anything else I should be looking for?


----------



## faith (Mar 23, 2001)

It still won't defrag. "Not enough free memory..." :'-(

If I turn off system scan on McAfee, the browsing isn't quite as painfully slow and the mouse doesn't freeze up. What does that mean???


----------



## mtbird (Dec 10, 2001)

Hi faith.....
Try running your defrag in safe mode. On boot, hold down the CTRL key until you get to the start menu. Choose safe mode. 

You could have some conflicts with McAfee. Have you tried disabling it in msconfig and seeing if your puter runs any better ?
Start>run. Type in msconfig. Startup tab> uncheck any entries relating to McAfee. Reboot.

I never had any good experiences with McAfee. Finally switched to Norton, and haven't had a problem.

Hope this helps.

Debe


----------



## faith (Mar 23, 2001)

Thanks MT, I shut down my McAffee and did a defrag in Safe Mode. Things are running much better. ...so far. 

I'll have to see how the chatting goes tonight! Oh well, I guess I'll have to run out and buy Norton! Thanks again.


----------



## mtbird (Dec 10, 2001)

faith.....
I'll keep my fingers crossed that things will improve for you 

Glad we could help !


Debe


----------



## Firejay (Apr 26, 2002)

Faith, I run McAfee on 40+ machines, here and at home. Never had a problem once I updated to the latest version. However, there is nothing wrong with Nortons either. Just make sure to purchase the subscription service with whatever package you decide to run. 

FJ


----------



## faith (Mar 23, 2001)

Well, Firejay, my problems started in earnest when I downloaded and installed the update from McAffee. Of course, there's a good chance I did it wrong. 

Anyway, I went out today and bought Norton SystemWorks. Now I just have to read the book so I can learn how to use all the toys in it. I uninstalled McAffee and installed Norton and everything is as right as rain. I still have a mountain of crapola on my computer but we've been using it nonstop since 1998 and my son likes to download things... So I figure it's doing pretty well. Thanks for all your help. -faith


----------

