recently i am getting all sorts of memory problems..RAM. i do ctrl+alt+del and there are only rnapp and explorer running, i got a good few gigas free on my hardrive, i've had the problem about a week... how can i find out what's hogging the memory and fix it?

hmmm... i don't know, but maybe you should check this site: http://www.pcworld.com/downloads/file_description/0,fid,22441,00.asp

rnapp

You sure that isn't what's causing it? Either that, or the process is hiding itself from the list. If you had XP, you could see all of the running processes. Too bad.

i got windows 98...how can i see and disable all the hiding programs that run themselves? i already done adaware scan...

bump. this problem is getting worse and worse......MY COMPUTER IS ABOUT TO EXPLODEEEEEEEEEEEEEE!

http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/HijackThis.shtml (this will probably only run is safemode if you got a real bad virus) it logs EVERY program running. post the list in this topic. (or pm me)

Logfile of HijackThis v1.99.1
Scan saved at 23:22:51, on 12/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MIRANDA\MIRANDA32.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?pgdoc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://69.50.184.51/find4u/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://aifind.inf/?id=54
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\SYSTEM\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities 2002\NPROTECT.EXE
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities 2002\NPROTECT.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\SYSTEM\SYSTEM.EXE
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAM FILES\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

fix it fix it!!!!!!

oh and also a theory of mine- could there be some file or program or dll or crap that is responcable to delete and free up system memory after tasks are done? could this devise be damaged for me?

It looks like you've been hit by some spyware or adware... not ceraint, but there are some entries in that log which look suspicious. Has your home page changed itself recently?

Download and run Ad-Aware and Spybot Search & Destroy, also check your virus scanner is up to date and do a scan.

i've scanned for spy/ad ware, i don't have an anti-virus, what was suspicious? i'll try take care of it.

You should always have an anti-virus. There are several free ones out there that do the job quite well, and you should try getting on right away. One I use is avast antivirus from awill software (free!).

besise that what else can i do? i'm getting one.

oh and also a theory of mine- could there be some file or program or dll or crap that is responcable to delete and free up system memory after tasks are done? could this devise be damaged for me?
probably not..

the following should be killed, unless you have a good reason...
also, if you've got no virus scanner, I presume those virus scanner entry's are faked by viruses or something? or do you have a virus scanner and you dont know abouth it?
so:
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?pgdoc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://69.50.184.51/find4u/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://aifind.inf/?id=54
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\SYSTEM\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities 2002\NPROTECT.EXE
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities 2002\NPROTECT.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\SYSTEM\SYSTEM.EXE
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAM FILES\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

***please note that you dont delete java runtime, stuff might not work as intended***

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/contr...UC/MsnPUpld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-D5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_41.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com...ex/HMAtchmt.ocx
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

if you dump that all, you'd have to reinstall the virus scanner... (if you think you dont have any, its probably not good anyways) and maybe the google toolbar if you want to. some other stuff might not be the same, so you might have to set some stuff, but this makes sure that you dont keep any unnececary stuff. also, do you have phone-internet? because theres a phone driver there, as well as a network driver... (you share phone internet via network?)

any please comment on this before you actually delete these...

First of all, Get a copy of Windows XP.

Secondly, get some damn AntiVirus.

DO NOT DO WHAT Alex SAID!

Getting rid of all of those entries could cause serious problems with Norton, which may end up with you needing to reinstall Windows (I'm speaking from experience here - when Norton gets messed up, it can be very hard to get it working again)!

(sorry about that Alex, but it is a bad idea to remove stuff unless you know what it's doing. There are a few system entries that shouldn't be removed which you had marked)

oh and also a theory of mine- could there be some file or program or dll or crap that is responcable to delete and free up system memory after tasks are done? could this devise be damaged for me?
Not that I know of - you shouldn't need such a program anyway (when a process exits Windows goes and frees up usually all of the memory it was using).


Anyway, looking at your HijackThis log, it appears that you have been hit by a variant of CoolWebSearch. Download and run CWShredder (http://www.intermute.com/spysubtract/cwshredder_download.html), which should kill it.

It also looks like Norton Internet Security or Norton AntiVirus is installed and running. It looks like it might be versoin 2002, but you may have an upgrade to that installed. Anyway, run Norton (there should be an icon for it in the start menu, under "Norton" or "Symantec"), and run LiveUpdate to ge the latest virus definitions. Then do a full system scan.

Also, download and run both Spybot Search & Destroy (http://www.safer-networking.org/en/download/index.html) and Ad-Aware (http://www.lavasoftusa.com/software/adaware/), and update both of them (the internal updateers should do the trick). Then do full system scans (might be called "in-depth" in Ad-Aware) with both of them. Do NOT be tempted by other spyware removers that you may see - most of those actually contain spyware and do more harm than good.

If you have any problems with updating those programs, or doing the system scans, then post here and let us know (some spyware tries to actively intefere with antivirus and antispyware).


Once that's done, if any of those programs find anything then please post details of it (like what nasty was found). Also post a new HijackThis log.


(BTW, the lines in HijackThis that caught my eye are the ones below. Don't remove them with HijackThis yet - it's better for them to be removed by spybot/adaware if detected by them, as some nasties hook deep into the system and can cause problems if not removed properly)

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?pgdoc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://69.50.184.51/find4u/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://aifind.inf/?id=54
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\SYSTEM\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\SYSTEM\SYSTEM.EXE
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

my anti virus expired ages ago..

Logfile of HijackThis v1.99.1
Scan saved at 16:11:16, on 13/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MIRANDA\MIRANDA32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities 2002\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities 2002\NPROTECT.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAM FILES\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx



new hijack this log

thats just what i said, antivirus expired, can be removed... you should try http://www.free-av.de/ i have this too, it is good, this is not one of the infamous "spyware removals" that actually adds more. this antivirus is completely free and doesnt expire.
[/advertizing]

but maybe you shouldnt listen to me, My version of Spybot SD doesnt even detect everything, so I go about deleting spyware manually, to good results so far, (smooth running win2000, even with real low systeem specs. (266mhz, 96mb-ram, 16mb-video))

Yep, looks all clean now. If you're still getting problems then post again, and we'll just have to try harder :D

Sorry about that Alex, but it's always a bad idea to just remove everything. Sure, the shotgun approach will often work, but it'll often kill a lot of other stuff on your system and leave pieces behind. It's very important with antivirus programs to be careful and not leave bits behind, else you can end up with really fun problems.

As far as anti-virus programs go, the only one I've had real experience with has been Norton (btw, it seems that when you istall norton it resets the subscription period to one year from the date of installation. So you could try uninstalling and then reinstalling it). I do know that free ones exist, and if they work then by all means use them. I just would caution against going for any old "free" one, as a lot of supposed spyware removers and the like actually contain spyware (even some pay-for ones). I would try Alex's one, just note that the link is to a German site (there's a link to an English version on that page but it timed out on me).


Oh Alex, I see your "real low systeem specs" and raise you a P166 MMX laptop with 96MB ram, 2MB video and a 3GB disk with NTFS compression *on* running Win2k, with Norton 2k4 installed.
It ran JJ2 quite nicely as well at 640x480, with medium-high settings.

Edit: if you install a new anti-virus program, then uninstall all other anti-virus programs first. Same goes for firewalls. Anti-virus programs tend to intefere with each other in strange ways.

bashes back with p2-133mhz, 16mb-ram, with 0 video (integrated into system ram), and 1.2gb fat32/compressed win95, ran jj2 on all high, quite fast, (30 or so fps) also really nice sound card.

you're right... also, the page should be in english if you change .de for .com

Hmmm, windows 98 :r

If you have had your computer for a year or more, backup all your files and format your harddrive. I've found out from experience, that formatting and reinstalling windows will clear up almost any problem you could have. It's like starting from scratch, but you will be sure that you got rid of any malicious files that would cause your computer to be messed up. You probably will save more time by just erasing eveything and reinstalling, than getting frustrated by not being able to fix your computer.

And do what Nimrod said. 98 is :r get XP if your computer supports it. Many enhancements over 98. Also, If you decide to do this, format your harddrive to the NTFS file system. You are currently using FAT32 now. NTFS is MUCH faster and will give you better overall performance.

bashes back with p2-133mhz, 16mb-ram, with 0 video (integrated into system ram), and 1.2gb fat32/compressed win95, ran jj2 on all high, quite fast, (30 or so fps) also really nice sound card.

you're right... also, the page should be in english if you change .de for .com
Yeah, but that's a) a Pentium 2 and b) running Win95 (which was designed for the 486 and even less disk space). Mine was running Win2k.

yweah,m but this windows 95 has never chrashed or been reinstalled since '96 or somethiung, when we bought this laptop...

Yep, looks all clean now. If you're still getting problems then post again, and we'll just have to try harder
i'm posting again /:

Any error messages? If so, then post the exact message (take screenshots if necessary (but please save as GIF to save bandwidth)).

Get <a href = "http://free.grisoft.com/freeweb.php">AVG</a> and uninstall all other virus stuff, unless you re-subscribed to Norton. Update it, and run it. Also, re-update and run your Ad-aware and Spybot programs. Then give us a HijackThis Dump.