[gottaBKD]

Hi There,
Love you folks and I have not been here in a while... :up:

I have an IBM all-in-one Netvista, running win98 SE 4.10.222 A.
Lately, I run out of memory real quick.
In System Properties > Performance > System Resources = 16% free.

This happens even after closing all windows, I only get back around 13 to 16% memory, programs open slowly, IE takes some time to "find the page". When I open anotehr browser window, it goes back down to 7%free.
Quite annoying to say the least.

It was running fine last week, but now seems slow. Hmmm wonder if I have a spyware issue?

Is there a way to force the resources back to normal (ie by using an F key or something?)
I keep having to reboot to get the performance back up there?

Not sure what I should do next..... maybe Highjack this?

Any suggestions would help.
Thanks

 

[WhitPhil]

The percentage you are seeing is for what is left of System Resources not what is left for memory. Resources are finite regardless of how much ram is installed.

After a cold boot, they should be in the 80% range. Anything substantially lower than this, generally indicates too many apps starting that are not needed. It can also indicate a malware infection.

The best next step is to post a HJT log.

 

[flavallee]

Right-click MY COMPUTER, then click Properties. What is the amount of RAM listed in the "General" and/or "Performance" tabs?

Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. What many entries there have a checkmark next to them?

-------------------------------------------------------------------------------------

Post a HijackThis log, as requested.

-------------------------------------------------------------------------------------

 

[gottaBKD]

Hi Guys... thanks for the help

First here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 4:15:38 PM, on 1/14/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\SIS630_V1.01G\UTILITY\SISTRAY.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-CA\MSNAPPAU.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus04\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.5000.1021\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\PROGRAM FILES\SIS630_V1.01G\UTILITY\SISTRAY.EXE
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE" /Q
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?rand=200341814
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {E3BD7B65-669B-49D4-881A-68DEF9D92E5D} (BackWeb Lite Install Runner) - http://www.cbchomedelivery.com/focus_group/installer/Focus_Group_Client.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://msltv.multicastmedia.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v44/collapse/collapse.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_ansi.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://sympatico.zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab48295.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab

I have 304.0 amount of ram.
Under "startup", I have unchecked all that is not necessary but have left the following:

PC Doctor
System Tray
Mouse suite 98 Daemon
Sis Tray
Config Safe and
Webshots

These are the normal ones that have been running, everything else has been unchecked. I had heard tat the onlly one nexessary was Configsafe and System Tray so......?

Thanks for your help..

 

[flavallee]

ScanRegistry should be among the list, but I don't see it listed. If it's not in the MSCONFIG "Startup" list so you can re-enable it, read the sticky on how to get it back.

Personally, I wouldn't allow Spyware Doctor to run in the background all the time. You can manually run a scan with it once or twice a week.

--------------------------------------------------------------------------------------

 

[gottaBKD]

Thanks Flav.... for the useful info. :up:

I have copied and pasted the sticky to a word document and will run it once I get off the forum.
I am assuming that the only thing I need to add is the scan registry, as my SYSTEM Tray and SIS Tray (what is the difference between the two? Are they related to each other?) are in the startup file... correct?

Did you happen to see anything in the HJT log that I should delete as well. May as well do it all at once right?

Thanks for your help and I will let you know how it goes!

 

[flavallee]

SystemTray

http://www.sysinfo.org/startuplist.php?filter=SystemTray

(5th one down in the list)

Sis Tray

http://www.sysinfo.org/startuplist.php?filter=SiS+Tray

ScanRegistry

http://www.sysinfo.org/startuplist.php?filter=ScanRegistry

(3rd one down in the list)

-------------------------------------------------------------------------------------

I can't say much for that long list of activeX controls(O16 entries) your computer has. Go into the C:\WINDOWS\DOWNLOADED PROGRAM FILES folder and see how many of them you can delete. Definitely delete any that show a status of "Damaged". After you open the folder, click View - Details.

-------------------------------------------------------------------------------------

 

[gottaBKD]

Thanks Flav :up:

 

[flavallee]

You're welcome. :up: