Four Problems that Might Be Related Genius Required

[BobP]

My computer has been driving me nuts. I hope some computer
genius here knows what to do. Win98/2

There are four main problems that may be related.

The PS/2 scroll/ball mouse wanders off on it's own especially
while a page is loading or intensive, tried a new mouse no
change.

The CPU is hard up against 100% all the time in System Monitor
though a shareware called EF Process Manager shows it bouncing
all over the place even while I'm doing nothing, the others I
tried just seem to put System Monitor results in their window.
(If you think 100% all the time is ok, you're wrong. ;-)

The hard drive light maintains a constant flicker, one process
manager shows files being randomly visited but not by what.

System Monitor shows about 200megs of the 786megs of memory
in use even when I'm doing nothing. It's like something is
running in the background nothing can find.

History, this all started when the system began freezing up and
got worse. After testing or replacing everything else the last
resort was the PCchips 756 motherboard with a new of the same
which fixed the locking up problem.

While searching for the cause of the lockups I made the mistake
of running a free trial of System Mechanic. It compressed the
registry and deleted the drivers for my cdroms and video. Scan
drive said my C: files were being reported wrong size and "fixed"
far too many before I caught on.

After many reinstalls of Win98 and drivers I ended with the four
above problems.

I've run Spybot, Adaware, Cleaner, scanreg/fix, norton anti-virus
only of their stuff, numerous shareware and freeware process managers,
tested memory to 1,200%, swapped power supply, blew the dust, new
thermal pad, no conflicts, no hooks, searched the forum archive
for ideas, what can this be?

System: P3 600/512/100, 786 memory (never been a problem) PCchips
MB with onboard video and sound (yes I know) Compaq 240 watt PS and
case, cdrom and cdrom burner with dvd player, 80meg maxtor HD, 56k
modem, PS/2 mouse, win98/2.


Logfile of HijackThis v1.98.2
Scan saved at 2:22:04 PM, on 10/11/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LUCKMAN INTERACTIVE\ANONYMOUS COOKIE\ANCOOKIE.EXE
C:\PROGRAM FILES\RC'S COMPUTER LAB\STAYON PRO!\STAYON PRO.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - Startup: Anonymous Cookie 1.0.lnk = C:\Program Files\Luckman Interactive\Anonymous Cookie\AnCookie.exe
O4 - Startup: StayOn Pro.lnk = C:\Program Files\RC's Computer Lab\StayOn Pro!\StayOn Pro.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .wmv: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll

end thanks BobP :

[rjfvillarosa]

A quick google search on Luckman ancookie.exe, RC's computer lab and getright.exe revealed spyware associations with all three of these applications. You may have installed them to help with your dial up connection but have you checked to see what they are doing. Try unchecking them in msconfig/startup. Restart your machine and have another look at the performance of your machine.

[glc]

1. http://support.microsoft.com/kb/q253912/

2. Roll your IE back to 5.x, it's a 50/50 proposition whether 98 runs right with 6.0.

[Jomama]

I agree with GLC, Ver 6. is just too bulky for 98.
Also that PS is a little undersized for all those drives, IMHO. Two opticals and a HD?

[BobP]

Quote:

Originally Posted by rjfvillarosa A quick google search on Luckman ancookie.exe, RC's computer lab and getright.exe revealed spyware associations with all three of these applications. You may have installed them to help with your dial up connection but have you checked to see what they are doing. Try unchecking them in msconfig/startup. Restart your machine and have another look at the performance of your machine.

These versions of Luckman ancookie, RC's computer lab and getright are old like four or five years old perhaps before they got bad. For example the RC computer lab's StayOnPro is the only thing that keeps my carrier from dropping connection every fifteen minutes. Anyway, I've tried going into msconfig and unchecking the main five boxes which gives me a start very much like safe mode (and in safe mode) I get the same problems, wiggy mouse, 100% cpu, 200megs of memory missing and constant hard drive flickering light. It isn't a question of preformance right now, it's staying alive. Bobp

[BobP]

Quote:

Originally Posted by glc 1. http://support.microsoft.com/kb/q253912/ 2. Roll your IE back to 5.x, it's a 50/50 proposition whether 98 runs right with 6.0.

I upgraded from IE 5.5 to 6.0 in an attempt to escape my problem, as I can see no apparent difference (excpet I lost java virtual machine in the process) I will see if I can recover or find 5.5 again. As for the memory, I actually have software that requires more then 512 to run in memory without grinding the hard drive continously, restricting memory to 512 or less creates new problems for me where I wasn't having a problem before. BobP

[glc]

You don't have to restrict the memory, just the Vcache.

Have you considered upgrading to a quality motherboard (something not built by PC Chips and one with an Intel chipset) and Win2K or XP?

If you use add/remove programs, and remove IE6, one of the options is restore previous version.

[BobP]

Quote:

Originally Posted by glc You don't have to restrict the memory, just the Vcache. Have you considered upgrading to a quality motherboard (something not built by PC Chips and one with an Intel chipset) and Win2K or XP? If you use add/remove programs, and remove IE6, one of the options is restore previous version.

Back to IE 5, no apparant difference. Pulled the hard drive out and put it in an old PII 440, same problems confirming to me it's software related. Figure the PCchips board with onboard video and sound puts me equal to buying a new eMachine to replace this puter. I need some new ideas. BobP

[glc]

Is another wipe and reinstall out of the question? The only other thing I can think of is hard drive problems - you could run Powermax diagnostics on it.

[BobP]

A format is a last resort, lose too much when I can only copy files and directories since a backup would restore the bugs as well.

I did fix the wandering mouse problem where it would scoot left or right during page loads and other intensive work. It was simply a bad new mouse replacing a bad not so old mouse. I had bought five new mice from a computer surplus outlet and so far two out of three are bad. No matter why you think it can't be the mouse, try a good new one.

Though as I write this the hard drive light is still flickering and the cpu hard against 100%, I just know something is running loops in the background and it's driving me nuts I can't find it and kill it.

Anyone ever buy one of those roms on ebay that are supposed to fix everything?

Bobp

[glc]

I don't see anything in your log that would cause heavy CPU usage other than possibly the 3 things that have already been mentioned. Why don't you use msconfig to selectively disable startup items and see if the problem goes away?

[BobP]

Quote:

Originally Posted by glc I don't see anything in your log that would cause heavy CPU usage other than possibly the 3 things that have already been mentioned. Why don't you use msconfig to selectively disable startup items and see if the problem goes away?

I've tried msconfig checking Selective Process and unchecking the process boxes, gives me kind of a homemade safe mode effect, but the problems are still there and there in safe mode too. Anyone who tries this can run into some problems as windows tends to want to reconfigure some things like tossing onboard video drivers. This has to be really unusual or really stupid or I'd have found it by now. BobP

[rjfvillarosa]

This is a little bit of a stab in the dark. This is a link to an application (freeware I might add) called "MyUninstaller". It is far more powerfull and revealing than the standard windows uninstaller and you never know it might just show you something that is installed that you are unaware of.
You can get it here http://www.nirsoft.net/ click utilities and scroll down, it is there.

[bdunn]

Get rid of IE alltogether with Ieradicator from www.litepc.com. free software section. Just make sure to install another browser first. Firefox is a wonderful choice.

What version of Norton Antivirus? I've seen this happen with version 2003 on several occasions. The solution was to un-install and re-install it. One of the live updates did this. 4 or 5 people called me the same week. Apparently it didn't get along with certain hw/sw combinations but symantec must have found and replaced it within a few days. You still had to un-install to get rid of the bad update.

Download and run crap cleaner (www.ccleaner.com), spybot (http://security.kolla.de), and avast cleaner.

[damontgo]

this is also a stab in the dark, but in one of my internet classes last year the prof. did an in class demonstration of how easy it was to get infected by a trojan... i forget which one it was... but it allowed absolute access to the machine.. provided a remote desktop, allowed you to open and close cd/dvd drives, mess up mouse, etc. and i think it was by running scripts on the infected machine? could this be possible??

Oh one more thing... none of the adware/spyware/virus scan utils. we ran on the infected machine came up with anything... b/c i guess there's a way to sort of bind this trojan to another file/folder/ compressed file, etc. so that it apprears legit. The example we used was by binding it to this NES emulator, and sure enough, after the host accepted the file, a little GUI for the infected machine popped up.

Also, if anyone knows which trojan i'm talking about, could you name it?? i can't think of the name and its bugging me. Most likely not the prob i think, but possible