slow shortcuts

[flybynight]

I'm having a minor annoyance problem. Whenever I am online, and try to use my shortcuts, particularly My Computer, it can take up to 30 seconds for the window to be displayed. I am running an AMD Athlon 950 352MB RAM, WIN 98. Once again, this only happens when I am online. Thanks for the help.

 

[SavvyLady]

run an updated virus scan or go to http://housecall.antivirus.com/ & run the free online scan.
Next go to run .. type in msinfo32 & then click softwear envirement then click startup ... go to edit & select all... then back to edit & copy.. paste it in here for us to see.

then
get this but don't run it til we see whats in the startup group

ad-aware for spyware removal... you may download it at http://www.lavasoft.de

 

[flybynight]

I have kept Norton updated. I also have Adaware, and use it frequently. I hope this helps.

CleanSweep Smart Sweep-Internet Sweep Startup Group "C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe"
Reminder Registry (Per-User Run) C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
ScanRegistry Registry (Machine Run) C:\WINDOWS\scanregw.exe /autorun
SystemTray Registry (Machine Run) SysTray.Exe
SiS Tray Registry (Machine Run)
Norton CrashGuard Monitor Registry (Machine Run) "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
SmcService Registry (Machine Run) C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
Norton Auto-Protect Registry (Machine Run) C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
CountrySelection Registry (Machine Run) pctptt.exe
PTSNOOP Registry (Machine Run) ptsnoop.exe
SymTray - Norton SystemWorks Registry (Machine Service) C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
SmcService Registry (Machine Service) C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
CSINJECT.EXE Registry (Machine Service) C:\PROGRA~1\NORTON~1\NORTON~3\CSINJECT.EXE

 

[Mosaic1]

You have a lot of Norton in your startup group. Try renaming csinject.

Also, uncheck csinsm32.exe from starting. It requires csinject to run.

That's a start. A couple of other entries are not necessary but are up to you.

Here are two links with information on the effects and how to disable csinject. http://service4.symantec.com/SUPPORT/cleansweep.nsf/docid/1999022413295728

http://service4.symantec.com/SUPPORT/cleansweep.nsf/docid/1999022413295728

 

[flybynight]

Thanks for the input. Still not working properly. The only thing I can figure is system resources drop from around 90% to about 50% or less when I am online. Any ideas?

 

[SavvyLady]

hi... you need to run Ad-aware http://www.lavasoft.de .... PTsnoop is spyware.... uncheck it in msconfig/startup
uncheck MS MONEY too... you don't need that to start when you reboot your PC
Do you know what this is?CountrySelection Registry (Machine Run) pctptt.exe
if not uncheck it as well as uncheck anything you don't need to open when you reboot

ok flybynight ........ after you finish running the spyware scanner I suggest you cleanup your system... check this out... http://www.piersontech.com/07-CleanHardDrive.htm

when you have finished that reboot into safe mode & run your scan disk & defrag

That should take care of it well... Post back & let us know please.


oops... you said you have Ad-Aware ... I missed it. Do you have the latest version?

this is what I found on PTSnoop........ Two descriptions I've come across - both valid as far as I can see :-
(1) Program installed with some modems that monitors the COM ports for the modem driver. Not needed from what I've read - may need a registry edit to get rid of it
(2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here for more info...

read this http://www.f-secure.com/v-descs/ptsnoop.shtml
Ptsnoop is a simple backdoor program written in Visual Basic. Being activated it first looks for active RAS connections and exits immediately if none is found.

If a connection is present, the backdoor installs itself to system by copying itself as PTSNOOP.EXE file to \Windows\System\ directory and modifying WIN.INI file. The backdoor adds its execution string after LOAD= variable in [Windows] section of WIN.INI file. Diring this operation WIN.INI file gets copied to WIN.ANA file, the backdoor's execution st ring is then added and WIN.INI file is deleted. Then WIN.ANA file is renamed to WIN.INI file. This way the backdoor will become active every time Windows starts. .................................etc...............
Considered a Trojan Virus
, this backdoor should be deleted from a system and WIN.INI file should be cleaned from backdoor's execution string after LOAD= variable

 

[flybynight]

How about this one? It won't let me uncheck Ptsnoop or the Countryselection thing. I uncheck them, restart, and they are still checked. Suggestions?

 

[SavvyLady]

OK ...........maybe you should go to the address I listed above & scan... it will tell you when detected how to get rid of it

to http://housecall.antivirus.com I mean


"HKLM - Software - Microsoft - Windows - Current Version - Run"
And delete the corresponding keys. That should completely remove them from msconfig.

 

[flybynight]

You lost me on that last part:

"HKLM - Software - Microsoft - Windows - Current Version - Run"
And delete the corresponding keys. That should completely remove them from msconfig.

 

[SavvyLady]

ok... go to run & type in regedit click ok
then go to HKLM/Software/Microsoft/Windows/Current Version/Run

delete
CountrySelection Registry (Machine Run) pctptt.exe
PTSNOOP Registry (Machine Run) ptsnoop.exe

 

[SavvyLady]

After you remove it in regedit reboot... when you come back to Windows if it searches /looks for Ptsnoop at startup, click the start button, go to run, run "msconfig", goto the wni.ini tab, click the plus "+" sign next the windows folder, one of the check boxes will say " load=PTsnoop" uncheck that box and if that does not do it erase the word PTsnoop so it says "load=" .

 

[flybynight]

Thought I got rid of them. I restarted and they're back. I'm starting to think they might be causing some of my problems.

 

[flybynight]

Went to win.ini tab, nothing there. Already says load=

 

[SavvyLady]

that is odd.... did you run the virus scan ...housecalls?
its reported to be a resorce hog

another thing... go to control panel & add remove ... see if its there & remove it

 

[flybynight]

I've run housecalls a couple times now. Also tried the add/remove. Nothing there. It's really dug in.