Major Problem with CPU

[phoenixfire92983]

Quote:

Originally Posted by KeinikuSuki

You can't use system restore unless you have Windows XP or ME which would be a good reason that attempting to run system restore wouldn't work. Which operating system are you using?

I am using Windows 98 sec. edition. Is there any chance that spyware had something to do with all of this. Because before, I was having a lot of trouble getting rid of ebatesmoemoneymaker, savenow, wtools, and wsup. Now, they never pop up.

[KeinikuSuki]

Quote:

Originally Posted by phoenixfire92983

I am using Windows 98 sec. edition. Is there any chance that spyware had something to do with all of this. Because before, I was having a lot of trouble getting rid of ebatesmoemoneymaker, savenow, wtools, and wsup. Now, they never pop up.

Your quickest and easiest option is probably what was suggested before, reformat your hard drive. However, if you have a lot of files you dont want to back up, or want to go the hard way:

1. Scan for Viruses (with up to date virus definitions). If you dont have one, you can get a free version of AVG at www.grisoft.com.

My bets are that you have some viruses.

2. Download, install, and run Spybot Search and Destroy from www.download.com.

3. Download, install, and run Lavasoft AdAware from www.download.com.

4. Download HijackThis! by right clicking HERE and selecting "Save Target As". Run the program and select "Scan" and then "Save Log" as soon as it is saved it will open. Post the contents of the log file in this thread.

[phoenixfire92983]

Sorry it took so long...here's the results:

1. Yeah, the first thing I did after the crash was update Norton Anti Virus and scan. But there were no viruses found.

2 and 3. Thanks a ton for these programs. They got rid of a lot of junk that was on my cpu like ebate money maker, gain.gator, etc...

4. K, below is the log from HijackThis!

Logfile of HijackThis v1.97.7
Scan saved at 8:36:29 PM, on 6/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\IDRIVE\FILO\IDRIVEPROXY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE
C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\7W0SECAT\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [idriveServer] C:\WINDOWS\SYSTEM\idrive\Filo\idriveproxy.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [iamapp] rundll32.exe
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\IomegaWare\Commander.exe
O4 - Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exe
O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: IomegaWare.lnk = C:\Program Files\Iomega\IomegaWare\Commander.exe
O4 - User Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exe
O4 - User Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O4 - User Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe
O4 - User Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Clip to i-drive (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Dell Home (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {D1D6534D-197A-11D3-8039-00500471A15D} (FunctionProxy Class) - https://www.idrive.com/site/download/WinFilo.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/08bd1b5ce1cacd...tzip/RdxIE.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...yiebio4025.cab
O16 - DPF: Yahoo! Checkers - http://download.yahoo.com/games/clients/y/ks0_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...153.6851388889

[AnimeOni]

Wow. You have a lot of things running. First of all, you have two spywares.

O10 - Hijacked Internet access by New.Net --> spyware. Kaaza browser enhancer.
- webshots. Major Spyware and uses up a lot of processes. Made by the makers of Gator.com (cant remember the new name - alixa or something) marketing company.
Your system looks "OK" but it can be much better.

I have seen a lot of systems like yours and my overall recommendation is to backup your system and do a clean install. Remove applications that you do not use if a total reinstall is not wanted.

a few things you can remove,
- Norton crashguard. It has been known to cause system crashes and slowdowns.
- Yahoo checkers plug-in. If you do not use it, remove it.
- Iomega QuickSync. a nice inventory tool but is system intensive. Not necessary.

I would also recommend using regcleaner.exe from Microsoft. this may fix some registry problems after removing apps. or use Toniarts (http://www.toniarts.com) Easy Cleaner to help clean up your system.
________
Marijuana

[KeinikuSuki]

In addition to the items listed above, the following line needs to be checked and fixed.

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/08bd1b5ce1cacd...tzip/RdxIE.cab

In order to properly fix items, it is important you close all Internet Explorer and My Computer windows before pressing the Fix Button.

In the event fixing the items failes (IE you run HijackThis! again and it still shows up), Restart the computer in safe mode (by mashing the F8 key at start up). After the computer has booted to the safe mode desktop, run HijackThis (ensure Internet Explorer has not been run since the computer has restarted) and fix the items again.

[Jinto]

I still wonder about the backdatet system data. What would cause such an error in W98SE?
Well, you can do a registry backup yourself (just to avoid future problems). The two files system.dat and user.dat are the physical database files that build the registry. These files should be located in your windows directory. Copy and paste them somewhere (in a directory you can easily access from DOS-mode <=means foldername length should be not more than 8 characters and located on a drive you can directly access after boot up) to have a backup of these files. Maybe you will find such a backup usefull someday.

[_Sin_]

Quote:

Originally Posted by Jinto Lin

I still wonder about the backdatet system data. What would cause such an error in W98SE?
Well, you can do a registry backup yourself (just to avoid future problems). The two files system.dat and user.dat are the physical database files that build the registry. These files should be located in your windows directory. Copy and paste them somewhere (in a directory you can easily access from DOS-mode <=means foldername length should be not more than 8 characters and located on a drive you can directly access after boot up) to have a backup of these files. Maybe you will find such a backup usefull someday.

You can also export your registry to a .reg file and reconstruct the registry with the regedit.exe under DOS. I'm not sure what the command parameter was because I did this long time ago and I can't check since I'm using Win XP but I faintly recall it being: Regedit.exe /c <name>.reg.

Exporting the Registry:

Start menu-->Run-->regedit. Click on Files-->Export. Make sure you export all of the registry not only a part of it.