[kpow]

Many thanks in advance to anyone willing to help, and I apologize for the length of this. I don't know what else to do with this thing-- all I seem to have done on my own is learn 5,000 things not to do the next time around.
(CPU specs: Windows XP Pro SP1, Intel Pentium® 4 2.00GHz, 256MB RAM, NVIDIA RIVA TNT2 Model 64 [Pro], 37GB hard drive )

Anyway: I've about given up on this computer. It's been crashing randomly for a few months now (all types of stop errors), which the Microsoft site has "diagnosed" as device driver and/or graphics driver problems. I've done everything I can to try and repair these driver issues, but I haven't yet found one! I've reinstalled new drivers for my graphics card and tablet, to no avail. The only possible problem drivers are the ones for my tablet, HP all-in-one printer, or graphics card-- and they all seem fine.

Recently it had been much better: blue screens had become a nonissue. It was still slow though, so yesterday I download Microsoft Antispyware to fix numerous trojan issues-- which it did. Unfortunately it took nearly four hours because the computer would crash every few minutes, before the virus scanner was done. I also had some problems with cryptic "failed to load resource DLL" error messages, but they seem to be gone now? During this time I also reinstalled "msconfig" and uninstalled Microsoft Antispyware.

During one of the reboots I chose "Last Good Configuration", and I don't know if it has anything to do with anything, but after that point I began to have a whole new slew of problems. It isn't crashing like it was anymore, but my "My Documents" and "Recycle Bin" icons are missing from my desktop, as well as icons from the Control Panel (namely the administrative tools), and I am not able to access the "All Programs" menu on the start menu-- nothing comes up. Whenever I open a new browser window a Windows Installer box pops up and then disappears.
Program issues, too. When I start AIM it says it "has encountered a problem and needs to close", but it will remain open as long as I don't click OK on the error message. I can't open Photoshop either-- it states a problem with personalization? Windows Media Player won't start either, and the "Search" function has long been unoperable. I rely heavily on Photoshop, so that's my main concern of the program issues; the others can wait.

And here's hijackthis and startuplist logs(startuplist log is without minor and empty sections because it seemed too long; I can post them if it might help):
~~~
Logfile of HijackThis v1.99.1
Scan saved at 4:28:40 PM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\My Documents\HijackThis1991.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Systweak Memory Optimizer] memtuneup.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

~~~

StartupList report, 7/24/2005, 4:32:49 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Admin\My Documents\HijackThis1991\HijackThis1991.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Unable to get Internet Explorer version!
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\My Documents\HijackThis1991\HijackThis1991.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Admin\Start Menu\Programs\System Tools\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
TClockEx = C:\Program Files\TClockEx\TCLOCKEX.EXE
Systweak Memory Optimizer = memtuneup.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\scrnsave.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry key not found*

--------------------------------------------------


Enumerating Download Program Files:

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Admin\LOCALS~1\Temp\tp7543.exe||C:\DOCUME~1\Admin\LOCALS~1\Temp\GLB1A2B.EXE||C:\Program Files\BearShare\BearShare.exe||C:\Program Files\BearShare\BSidle.dll


--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

DirectX For Microsoft® Windows = C:\WINDOWS\system32\fservice.exe

--------------------------------------------------

End of report, 4,096 bytes
Report generated in 0.020 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by kpow, 24 July 2005 - 08:31 PM.

[Advertisements]

this may be a malware problem.....the last known good configuration should not have cause your system ro revert, since it loads only part of the registry having to do with hardware, but I am perplexed by this

fservice.exe

which is a backdoor trojan....I would have expected the other programs to have got an easy one like that.

We have a division of labor here at Geeks to Go, and malware is handled in a different forum. Before we start fiddling with the rest of things, please go to the forum in my signature and follow the instructions at the top...once you get a clean bill of health, and if problems still exist, then return here to this thread.

I would drop the memory tweaker/optimizer---they rarely are a good idea in XP.


And if you do photoshop you need a TON more ram....256 with windows is inadeqaute but it is especially inadequate for photo

[gerryf]

this may be a malware problem.....the last known good configuration should not have cause your system ro revert, since it loads only part of the registry having to do with hardware, but I am perplexed by this

fservice.exe

which is a backdoor trojan....I would have expected the other programs to have got an easy one like that.

We have a division of labor here at Geeks to Go, and malware is handled in a different forum. Before we start fiddling with the rest of things, please go to the forum in my signature and follow the instructions at the top...once you get a clean bill of health, and if problems still exist, then return here to this thread.

I would drop the memory tweaker/optimizer---they rarely are a good idea in XP.


And if you do photoshop you need a TON more ram....256 with windows is inadeqaute but it is especially inadequate for photo

[kpow]

this may be a malware problem.....the last known good configuration should not have cause your system ro revert, since it loads only part of the registry having to do with hardware, but I am perplexed by this
fservice.exe
which is a backdoor trojan....I would have expected the other programs to have got an easy one like that.
We have a division of labor here at Geeks to Go, and malware is handled in a different forum. Before we start fiddling with the rest of things, please go to the forum in my signature and follow the instructions at the top...once you get a clean bill of health, and if problems still exist, then return here to this thread.
I would drop the memory tweaker/optimizer---they rarely are a good idea in XP.
And if you do photoshop you need a TON more ram....256 with windows is inadeqaute but it is especially inadequate for photo

Thank you! I've run every reliable malware scanner I could find, but it's everywhere (and SP2 just causes too many problems). I'll get rid of that trojan ASAP. About the RAM-- oh, I know, it's awful. I just don't have the money for a new computer (much less for RAM to add to a near-defunct PC, heh). Right now (well, when it was working) if I close everything else it runs well enough. Does it damage the computer, though?

Edited by kpow, 24 July 2005 - 04:23 PM.

[gerryf]

No, it does not damage the computer....just more wear and tear on the harddrive....

Please, though, visit the malware forum and follow the instructions

The 013 and 015 settings are also unsettling....

[kpow]

Well, at least now I can safely say my problems are not virus related. I'm posting from a different machine because my own won't boot properly.

I downloaded the programs you recommended, cleared nearly 2GB worth of temp files off the HD, and got rid of 13 various malware/trojans.
Unfortunately... I got another blue stop error (the IRQL one, I think) shortly after, tried restarting, and got some funky BIOS error message looking for a floppy or CD (WinXP boot disk, I'm assuming?). I had to unplug the computer to get the message to go away, and on that second restart it got to the "WinXP Pro" screen with the little blue loading bar, and hung there.

Unplugged PC again, tried it in safe mode, and it started successfully(if slowly...)! Then I ran Ewido again and in the middle of the scan the screen turned this peculiar blue (the winXP theme colour, not the error-message blue) with no text, nothing. Waited a bit, then rebooted (in the same manner, which I'm sure isn't good for the computer) and tried "Safe Mode with Networking", but it hung at the end of the list of drivers. I tried "Last Good Configuration" as well, only to have it give me a stop error after getting to the desktop. Should I even bother with "Safe Mode w/ Command Prompt"? I know stability in safe mode is a diagnostic as to whether the problem is software or hardware related, but I can't remember which is which.

Anyway, I keep unpowering and repowering the computer but it freezes on that screen every time. I'm hoping after an hour or two it'll be fine; it's frustratingly random.

Sorry again about the length. I figure the more details I include, the easier it is for you to understand what's happening. Thank you so much for your time; I really appreciate this.

EDIT- If it might help, a list of commonly seen stop errors.
Stop 0x0000000A or IRQL_NOT_LESS_OR_EQUAL
Stop 0x00000077 or KERNEL_STACK_INPAGE_ERROR
Stop 0x0000007A or KERNEL_DATA_INPAGE_ERROR
Stop 0x000000D1 or DRIVER_IRQL_NOT_LESS_OR_EQUAL
Stop 0x00000050 or PAGE_FAULT_IN_NONPAGED_AREA
Stop 0x000000EA or THREAD_STUCK_IN_DEVICE_DRIVER

EDIT #2- still not working.

Edited by kpow, 24 July 2005 - 08:40 PM.

[wannabe1]

Hi kpow...Welcome to G2G!

I'm with gerryf...your HJT log shows some serious issues (some virus related) that are best handled by the expertise available in the Malware Forum. I'm a far cry from an expert at reading these logs, so if I can see problems in there you can bet there are more I don't see. I'll bet they can get you fixed up. but you are beating your head against the wall if you don't pay them a visit. Just my humble opinion...

wannabe1