Tech Support Guy banner

Win 98 Sys Resource going wild.

2374 Views 35 Replies 7 Participants Last post by  tampien
My resource meter changes from very low to normal high every few seconds. It eventually goes to low of like 10-15% and issues a warning that a fatal exception could occur. I try to delete a running program as it suggests but am not able to do that. System freezes and I have to shut off computer manually. I cannot get the start-shutdown function to work.

This all happens with in a few minutes to at the most a half hour after I have turned the computer on. Got any ideas as to what I might be able to do to fix this?

It's just the System Resource that gets so low.

Sincerely, David Tampien
[email protected]
Not open for further replies.
21 - 36 of 36 Posts
Thanks Nite Hawk, I have now done what you suggested. Is there someway I can look into "system resource" to see what is using it up? Keep in mind that it doesn't diminish in any a rational it's full now it's empty. There is no pattern to it. It happens weather or not we are even using the computer and will eventually freeze up.
You might try going into MSconfig and uncheck your popup stopper and then click apply and OK. It will have you REBOOT. Sometimes these popup stoppers can cause as much grief as they block.

IF no change, go back into MS config and re-check the popup stopper and then click apply and OK. Again, REBOOT.
I'm not sure what has transpired in the two days since you posted your log, but I see a couple there that noone has advised removing.

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -

Restart your computer.

That last one is Look2Me related. Just because you have that one it is possible that you have more than just that. You may well have been infected by the full blown Look2Me parasite.

Please do this:

Download the KillBox from here:

Unzip it to it's own folder and click on Find in the upper right corner then click on Find msg{}.dll. This will open a new window that will create a list of .dll's. In that window click on File then Create Log. A box will pop up asking if you want to "Show log in notepad?". Click Yes and the log will open in notepad. Got to Edit > Select All then Edit > Copy. Come back here and paste the contents of that log in a reply.
See less See more
I have done as you said. In killbox it worked unitl copy to notepad. It didn't copy even though I requested it. Have I possibly done something incorrectly?
Did it open in notepad?
No it didn't open in Notepad. When I clicked the small window just disappeared.
OK we can find out if you have the files I was looking for another way.

Do a file search for each of the following files one at a time.


Let us know if any of those were found.
I didn't find any of these files.
That's the good news. The bad news is we still don't know what's causing the fluctuation in your resources.
Do I possibly have to reformat my computer?
Let's see a fresh Hijack This log.
Logfile of HijackThis v1.97.7
Scan saved at 5:50:55 PM, on 3/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =*
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =*
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Quicksilver Online Service, Inc.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Live Menu.lnk = C:\Program Files\eFax Messenger Plus\Dllcmd32.exe
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) -
O16 - DPF: {9C4A08D4-0F64-4D51-9422-B01EA9E217F0} (WebDeployer2.ctlLoader) -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) -
O16 - DPF: {79BB2CA8-6079-462B-B68A-C7AAA588FD8A} (WebDeployerUtil.ctlUtil) -
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} -
O16 - DPF: {944868EA-9796-4A1C-B1BE-7C21AF553DDD} (Global Communicator Setup) -
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {F5692A44-3746-4CAE-BAEB-10FB33E38DD4} (VMSwitcher Class) -
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} ( Secure Postal Account Registration) -
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) -
See less See more
Go here

Scroll to the bottom of the page and look for the Submit file section.

Click on Browse

Navigate to the C:\WINDOWS folder and upload the .... WAST.EXE.... file and let us know what you find.

This file may be hidden so click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"
Current object: WAST.EXE

WAST.EXE Infected: TrojanDownloader.Win32.VB.ah
WAST.EXE Infected: TrojanDownloader.Win32.VB.ah

Known viruses: 84565 Updated: 24.03.2004
File size (Kb): 68 Scan time: 00:00:01
Speed (Kb/sec): 69 Virus bodies: 2
Archives: 0 Packed: 0
Folders: 0 Files: 1
Suspicious: 0 Warnings: 0
See less See more
Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"


Restart to safe mode and delete:


How to start your computer in safe mode.
Okay...I've done that and sorry to say the meter still jumps from 80% to 40% and back then right now it's 24%. Got any more ideas? You are certainly helping and I will be glad to donate.
21 - 36 of 36 Posts
Not open for further replies.