Just in the last 2 days, whenever I open my email using outlook express, ver.6, my hard drive starts working, as though something is being copied or deleted, but nothing is. It just goes on and on, sounding like something is being written to it. I have tried using Norton utility but nothing is detected. My memory is also apparently being used in this process as everything slows down. What could this be. i have looked for viruses but unless you know which one you may be looking for... My suspicion is that I am sending out emails, aka the klez virus, though I can't detect it. what else could this be?

Hi brandypeppy and welcome to cth.

Please go here and download Spybot Search&Destroy:
http://www.safer-networking.org/index.php?lang=en&page=download

Check for updates before running the program. A tutorial can be found under help. You can safely delete what it finds.

Do likewise with Adaware SE that can be found here:
http://lavasoft.element5.com/software/adaware/

Thank you but I've already done these. A Norton check shows I am missing mscoree.dll. I am on a dsl network, could this be causing the problem? Is outlook looking for a file that is corrupt, thereby running on and on?

Hi brandypeppy

Please go here and download hijack this:

http://allsecpros.com/

or

http://www.majorgeeks.com/download3155.html

Create a new folder on your hdd and name it HJT.

To do this go into My Computer and double click on your hdd then right click and select New then Folder and name it HJT.

Unzip HJT into the new folder. Launch HJT, click Scan, and click Save Log. Post the log in the cyber safety forum but don’t make any changes.

In your new post please explain what programs you have run to date.

Okay, I have the hijack this and I can scan and create a log for the results. However, when I click on the log to open, my symantecfixklez program automatically comes up to start a scan and I can't figure out how to uninstall this program so this won't happen. Is there any other way I can post my hijack results or is there any way to open this log file without it triggering my symantec program?

I just figured a way to save this to notepad, and here is the log for hijack this:

Logfile of HijackThis v1.98.2
Scan saved at 12:32:54 PM, on 10/25/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MPRMMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\M2AUDMON.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\NORTON CRASHGUARD\CGMENU.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSGTAG\MSGTAG.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\NOW SOFTWARE\NOW UP-TO-DATE\NUDQDAY.EXE
C:\PROGRAM FILES\NOW SOFTWARE\NOW CONTACT\QUICKCTW.EXE
C:\PROGRAM FILES\NORTON CRASHGUARD\CG16EH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwon.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe
O4 - HKLM\..\Run: [mmpti] C:\WINDOWS\SYSTEM\m1mmpti.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON CRASHGUARD\CGMenu.EXE"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [rmmon] C:\WINDOWS\SYSTEM\mprmmon.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSGTAG] "C:\PROGRAM FILES\MSGTAG\MSGTAG.EXE" /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Global Startup: QuickDay.lnk = C:\Program Files\Now Software\Now Up-to-Date\NUDQDay.exe
O4 - Global Startup: QuickContact.lnk = C:\Program Files\Now Software\Now Contact\QuickCTW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {22D6F312-0000-0000-0000-000000000000} - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = centurytel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.230.192.251,209.142.152.253

Hi brandypeppy

Please post your problem and log in the cyber safety forum where the hjt experts hang out.

In your new post please explain your problem and the fact you have run spybot and adaware.