[coachwife6]

Then it asks if I would like to continue receiving this message: yes, no, or cancel.

Click no.

don't worry about the sybot program for now. Let's do the above first.

[Advertisements]

Okay, so I did as you sugessted. As it was running, I left the computer unattended for a bit, and when I came back, it had crashed.

It has taken me an hour and a half to get it running again. It keeps giving me error messages for IE when it starts up, even though I am not using it.

Some of the fatal exception error paths I recorded are:

0028:C0043DD VXD VFAT(01) + 00001105

and

0028:cd032a45


I still can't get two of my spyware protection programs to run without crashing the computer, so I am working on that before I try the scan disk again.

Edit: I tried running the scan disk again, but monitored it. The computer crashed and it has taken me an hour to get it running. It still won't run the spy subtract program, which means it will crash at any moment.

It also diplays an IE error at the start up screen, even though I am not using IE... I use Mozilla.

Not sure what to do next.

Edited by lbr_008, 21 September 2005 - 07:05 PM.

[lbr_008]

Okay, so I did as you sugessted. As it was running, I left the computer unattended for a bit, and when I came back, it had crashed.

It has taken me an hour and a half to get it running again. It keeps giving me error messages for IE when it starts up, even though I am not using it.

Some of the fatal exception error paths I recorded are:

0028:C0043DD VXD VFAT(01) + 00001105

and

0028:cd032a45


I still can't get two of my spyware protection programs to run without crashing the computer, so I am working on that before I try the scan disk again.

Edit: I tried running the scan disk again, but monitored it. The computer crashed and it has taken me an hour to get it running. It still won't run the spy subtract program, which means it will crash at any moment.

It also diplays an IE error at the start up screen, even though I am not using IE... I use Mozilla.

Not sure what to do next.

Edited by lbr_008, 21 September 2005 - 07:05 PM.

[coachwife6]

How is it going?

[lbr_008]

I got it working again... but it was a real [bleep] to do.

Also, the spybot is getting more difficult to run. I have to keep closing more programs before it will run without crashing. I take this to mean my system resources are slowly getting more and more used up by the spyware on my computer.

[coachwife6]

I think this is hardware problem that needs to be fixed first. That's not my specialty, but I did some research and found this thread here:

Sounds like hard drive is going bad.
Download a utility from the hard drive mfg website, EX:
maxtor > www.maxtor.com
look for a utility that will check the drive (making sure it don't format or fdisk in the process).
This will check the reliability of the hard drive.
If the hard drive don't pass the test, it's time for a replacement.
If the hard drive passes the test, post back the results and we'll work from there.

http://discussions.v...5026#post985026

[lbr_008]

I went to the Maxtor site, but couldn't find anything for hard disk scanning. It all looked like disk storage to me... but maybe I missed something.

On the other guys thread, he said his defrag showed him that he had an unreadable sector, and that his scan disk couldn't repair it.

What happened with me was the scan disk couldn't read because it was interrupted by other programs writing to the disk... and then after I let it retry, my computer crashed from, I assume, the spyware hidden in it.

I'm not an expert on computers, but it seems like that my problem is different from the other guys problem.

Would it make any difference if I posted another Hijack this log file?

[coachwife6]

Yes, please do. I may have someone from the hardware forum come over and take a peek at this also. Did you ever get a silent runners log to run?

[lbr_008]

Yes, it's my reply dated Sep 17th (I think) on the first page of this thread.

I am going to do a hijack this and edit it into this reply... I can add another silent runners if you want.

Computer is acting very bad... I was offline for over a couple of hours, trying to get it to reboot. I'm sure it will crash again.

Edit: here is the hijack this log file:

Logfile of HijackThis v1.99.1
Scan saved at 4:45:02 PM, on 9/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/old
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [KodakCCS] c:\windows\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab

Edited by lbr_008, 27 September 2005 - 05:33 PM.

[coachwife6]

1. Click Start, point to Programs, point to Accessories, point to System Tools, click System Information, and then click System File Checker on the Tools menu.
2. Click one of the following options:
Scan For Altered Files
Extract One File From Installation Disk
NOTE: If you click Extract One File From Installation Disk, you can specify the file you want to extract.

3. Click Settings, choose the configuration you want to use in System File Checker Settings, click OK, and then click Start.

http://support.micro...b/185836/EN-US/

[lbr_008]

Ok - did it. It didn't report anything, or ask if it could fix any files. It just ran through once, and then it was done.

Either it automatically repaired without reporting, or it didn't find anything to report.

[coachwife6]

Is it running better?

[lbr_008]

No. It keeps running worse and worse. It runs out of system memory sooner and sooner, programs fail for no reason... and either I have to reboot on my own, or it will crash.

[coachwife6]

Please download Rootkit Revealer (link is at the very bottom of the page)

* Unzip it to your desktop.
* Open the rootkitrevealer folder and double-click rootkitrevealer.exe
* Click the Scan button (bottom right)
* It may take a while to scan (don't do anything while it's running)
* When it's done, go up to File > Save. Choose to save it to your desktop.
* Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

[coachwife6]

This is from Keith....one of our windows experts. Try this before doing the rootkit analysis.

Can he click start then right click my computer, click properties then advanced, click settings on the performance tab then click advanced, click change on virtual memory, put the dot in system managed, click set then OK

Can he download the most suitable file from these to run test on his RAM Memory

http://www.memtest.org/#downiso

[coachwife6]

And this is a suggestion from Murray S.

It would appear he is severely lacking in System Resources.. They need to dratically cut down on what they are opening and using and what opens with Windows to keep System Resources up!!