Please Help, It's destroying my cpu

Computing.Net > Forums > Windows 95/98 > Please Help, It's destroying my cpu

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Please Help, It's destroying my cpu

Name: driver24
Date: June 4, 2004 at 11:15:07 Pacific
OS: pentium 2
CPU/Ram: 9gb

Comment:

Good day, This has been a horrible week for me and my cpu. It started with the cspad homepage. I read many threads and finally got rid of it. But on the same day I felt I had a virus. Because several windwows would open by themselves. When i clicked on ctrl atl del I noticed something called smili, winoldap, and some other things. I downloaded moo soft's The Cleaner. It detected several problems like coolwebsearch and several other things. I thought I saved the log but I can't find it. Anyways i'm not familiar with all the tech stuff. So I choose to quarintine the trojans. Did I do the right thing or should I choose to delete?
Also my homepage keeps resetting to about;blank It's really agrivating me because I needed to do a report on my cpu but it has taking me almost 2 hours just to get to computing.net Ads keep popping up and my yahoo pop up blocker keeps disappearing.
I try'd downloading mcAfee and Norton but it'll download and then tell me couldn't complete installation because a file is missing. So I try'd going to House Call (the online virus scan) and everytime I get there I get an error message and windows restarts. I have ran spy-bot, cwshedder, hijackthis, moo soft cleaner, and ad aware. They all find malware, etc... and says it's removed but then it keeps coming back after I restart.
The worse part has been when I get online. When I click search or enter the ie will freeze for about 5 minutes. That's why it's taken me so long to get to computing.net today. Many times when I click enter or search or click on a link to go to a page----The system will freeze for 5 minutes and then go to a porn page or never load. I have noticed that when I right click and open link in a new window things work fine. But when signing in at computing.net, yahoo, etc... You can't click open link in a new window. So I have to cick enter or go and it takes 5 minutes to either go to the link or some porn site.
I apologize for this long message, let me try and sum it up
Something has hijacked my homepage.
I can't finish installing virus software.
I had some trojans and clicked quarantine.
But cpu is still freezing when I click enter, search, go, or on a link. It freezes for about 5 minutes then some porn sites pop up or the page never loads.
I also try'd to download a picture editor and after downloading about half way through the installation it said installation couldn't finish file missing.
The same problem happened when trying to install virus software. I don't know if this is the result of malware or trojans or if I deleted the wrong file using hijackthis.
I have ran moo soft's The Cleaner, Spy-bot,Ad aware, cwshedder, and hijackthis.
I'm not having problems with any other programs on my cpu--only when i'm using ie. And the main problem is clicking on a link, enter, go, etc... But when I can click open link in a new window everything works fine most of the time. Also pop up block keeps disappearing, homepage resets to about blank, and clicking on certain links makes a bunch of porn sites pop up.
Here are my ad a ware and hijackthis logs. I think I may have got rid of cspad but something else is on my cpu making it act crazy. Thanks very much.
I'm using a gateway pentium2 9gb, win98se. I'm online using bellsouth dsl 2wire. 192mb and 68% free.
while typing this i'm currently running moo soft the cleaner scan again. I got a message saying windows temp does not exist create it yes or no? It ask me this everytime it finds a virus this time i clicked yes create it. The trojan it found is JS Cassandra. The file c:\windows\temporary internet files\content.ie5\8bjzucl5\speed[1].gif cannot be displayed. The file has been quarantined.
These were the dangerous files that ad aware found. I clicked on quarantine.
Started registry scan
��
Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

BuddyLinks Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{7D39A396-CBB8-4739-B97C-83FAA4682E00}

ClearSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\CLRSCH

ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_USERS
Object : .default\Software\PurityScan

ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\PurityScan

ClickSpring Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\ClickSpring

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : asd3.testmyie2

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : asd3.testmyie2.1

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{fd9bc004-8331-4457-b830-4759ff704c22}

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhook.searchhookobject

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhook.searchhookobject.1

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEFeatSL_Uninstall

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchHook

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShowSearch

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{129c733d-d07c-4e34-a5e6-d675a016cfae}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho.1

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{4fc95edd-4796-4966-9049-29649c80111d}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{8B8F6968-2F24-41E3-B653-E9613226F14D}

eUniverse Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{de289bfa-737b-4abb-a4ec-f8753551b875}

WhenU Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\WhenU

WhenU Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WUSE.1

WhenU Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : WUSN.1

Win32.Backdoor.Jeem Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SYSTEM\CurrentControlSet\Services\Swartax

CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 1c3943

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 4lkf83

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : vk8593

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 2340v93

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 4c34

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : c0948273

Win32.Backdoor.Jeem Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Welcome
Value : 398349873

And this is my last hijackthis log.

Logfile of HijackThis v1.97.7
Scan saved at 1:28:28 PM, on 06/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\2WIRE\GATEWAY\2PORTALMON.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\THE CLEANER\CLEANER.exe
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.exe
C:\WINDOWS\TEMP\HIJACKTHIS.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_3_16_0.DLL
O2 - BHO: (no name) - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - C:\WINDOWS\SR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_3_16_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\GATEWAY\2PORTALMON.exe
O4 - HKLM\..\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\PROGRAM FILES\THE CLEANER\tcm.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [a�] "C:\PROGRAM FILES\A2\a2guard.exe"
O9 - Extra button: PowerWord (HKLM)
O9 - Extra button: Joyo (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Microsoft� JavaScript� Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O15 - Trusted Zone: http://www.mt-download.com
O15 - Trusted Zone: http://www.myexexex.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab

Sorry for this long post and I appreciate your time and help.

Sponsored Link

Ads by Google

Response Number 1

Name: ham30
Date: June 4, 2004 at 12:41:39 Pacific

Reply:

WOW, that's the second biggest post I have ever seen.

Response Number 2

Name: Dan Penny
Date: June 4, 2004 at 13:10:58 Pacific

Reply:

Yeah, and it may get removed. The Security and Virus forum is the place for these, and then only after having met certain criteria.

Response Number 3

Name: jboy
Date: June 4, 2004 at 19:48:23 Pacific

Reply:

Sure - I saw one with over 400 lines - about a half a dozen different logs (deleted)
Reposted in S & V (for now)

We have nothing against ideas. We're against people spreading them. - General Augusto Pinochet of Chile

Response Number 4

Name: luscalzo
Date: June 4, 2004 at 23:02:38 Pacific

Reply:

Got 3 viruses in my computer: trojan horse PSW.Briss.G PSW.Agent G PSW Agent H and can't get rid of them. AVG hasn't been able to fix the problem. I've already downloaded highjackthis and the logfile is available. Please help. Thank you from Brazil!
Lucienne

Response Number 5

Name: PsycheIt
Date: July 10, 2004 at 00:10:29 Pacific

Reply:

Yeah its a long message... why not try helping this guy?
My suggestion would be to first, boot up in safe mode (on win98, hold ctrl as the system boots) and run your virus/malware scanners, or installing them if they still need to be installed. And if you get a choice to quarintine or delete, you might as well delete them.
If running in safemode doesnt disable your viruses and whatnot then you can try to disable them through the msconfig utility (start/run/msconfig) switch to the startup tab and uncheck any programs that are not legitimate. SYSTRAY, Taskmon, scanregw, loadqm, ptsnoop, are normal so dont worry about them. There will be others that are legitimate and may be vital for your computer to operate normally but by disabling everything that is not needed hopfully it will allow you to run (or install) your virus scanner and remove the problem.
Checking the autoexec and config.sys tabs for suspicious processes is also a good idea. You can prevent them from loading (if needed) outright by choosing a selective startup in the general tab, however this will prevent some of your computers processes to operate correctly (internet, external devices, etc).
Also if you finnally get the ability to install programs, get opera as a alternative to Internet Explorer. Most virus are configured to operate through the most widely used software (windows, Iexplorer, outlook express etc.)
Anyway, i hope this may help in some way, but if not your only option may be to format your harddrive and start fresh. Oh and AVG free edition is the virus scanner i would recommend if need be.
And remember if you get frusturated, go take a walk, breath some fresh air, relax, and them come back to your problems with a clear mind. Good luck.

evolution yahoo pop linux net ads join WINOLDAP why does it take some users so long to log on to a windows 2003 server doma windows files must be installed for your installation to proceed homepage keeps resetting why does my computer take so long to start up psw.agent.yxb psw.agent why does internet explorer take so long to load	crazy porn how fast is my cpu application cannot be executed. The file object clsid punkbuster kicked player for 0 minutes .pub extension vlookup and sum buffer overrun detected winword.exe cannot remember password when sign in network computer Internet says it's connected but isn't
See More

Response Number 6

Name: jboy
Date: July 10, 2004 at 00:28:59 Pacific

Reply:

Pretty doubtful anyone else is even monitoring this post - you do realize it's over a month old, right?
Posts that long seldom get read in their entirety - and really, rarely is that much information needed (if ever).
Security & Virus was the most appropriate forum for those concerns - computing.net has a policy concerning the posting of HJT logs - as you are no doubt aware.

We have nothing against ideas. We're against people spreading them. - General Augusto Pinochet of Chile

Sponsored Link

Ads by Google

IE Smallest font size eve...

DVD RW or CD RW

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows 95/98 Forum Home

Sponsored links

Ads by Google

Results for: Please Help, It's destroying my cpu

Please Help, My PC locks up when I go to C:\

Summary

www.computing.net/answers/windows-95/please-help-my-pc-locks-up-when-i-go-to-c/5303.html

Please Help!! no browser new.net

Summary

www.computing.net/answers/windows-95/please-help-no-browser-newnet/164006.html

Please Please Please help

Summary

www.computing.net/answers/windows-95/please-please-please-help/45282.html

From the Geek Dictionary
burn - Burn is a term used to indicate that someone has insulted you in a way in w...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
server security issues

error loading win xp

setting an environment variable in WMP?

New battery problem Toshiba Portege Laptop

Users policies new windows 2008 server

All Awaiting Reply

Tom's News
Nintendo DS Flash Cards are Legal Says Judge

Go Retro: Dragon's Lair Confirmed for iPhone

Sony's PSPgo May Get External UMD Reader

Report: Teen Internet Addicts Likely to Self-Harm

Violent Games Still Marketed to Kids, Says FTC

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE