ScanDisk can't scan to the end

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Mapoleon1er

Thread Starter
Joined
Jul 12, 2003
Messages
21
Since a few days I'm not able to have ScanDisk finishing his work. He always launch the scanning and then begin again and again, etc. etc. I can't neither defrag the system. As ScanDisk tell me there are other programs writting on the disk, I've made a few scans with the last versions of Spybot and Ad-Aware, found many spywares and deleted them. But my problem is not solved : ScanDisk still can't finish his work. I watched the list of programs that have tried to connect to the internet in my ZoneAlarm firewall and I see some entries that I find strange : what are "C:\WINDOWS\LOADER.EXE", "C:\PROGRAM FILES\RSNET\RSEDNCLIENT.EXE" and "C:\PROGRAM FILES\DIVX\DIVX PRO CODEC\GAIN_TRICKLER_3202.EXE" ?

Here is the log of HIJACK if it helps...

Logfile of HijackThis v1.97.0
Scan saved at 16:38:15, on 10.09.2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\MSREXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MYIE2\MYIE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O7 "EPUSB1:" /M "Stylus C42"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\OFFICE\1036\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: Ajouter au tueur de pub - C:\PROGRAM FILES\MYIE2\config/blacklist.htm
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Organise-notes (HKLM)
O9 - Extra button: Finagle (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/fr/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37768.4173148148
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/217c1129a7919ab8ef05/netzip/RdxIE601_fr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
 
Joined
Oct 9, 2001
Messages
9,396
run hijackthis again and put a checkmark against these entries....
.....then,close all browser and outlook windows and "fix checked"

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/217c1129a7919a...RdxIE601_fr.cab


other than these 2 your log is clean.......maybe this is better posted in our hardware forum?

take care;)
 

Mapoleon1er

Thread Starter
Joined
Jul 12, 2003
Messages
21
OK, thank you, I deleted these two entries. But ScanDisk still isn't able to finish his work. I don't know what to do next. No idea about what this LOADER.EXE is ? I don't think my problem is a hardware one coz my hard drive is not that old or that full.
 
Joined
Jun 19, 2003
Messages
1,241
Hi Steve and Mapolean1er,

Steve, what does the F2 entry refer to? I've got both Merijn and Brendan's HJT tutorials here and it doesn't mention them, and Google doesn't seem to have anything about it. :confused:

Cheers

Liam
 
Joined
Oct 9, 2001
Messages
9,396
good spot liam....i must admit i rushed by the item without noticing.
and i havent seen that one before.

F0 - system.ini: Shell=
is more like it.


AHA!.............take a look at the H/T version number.
probably an updated scan engine....no doubt we will be informed
of any changes.
 
Joined
Jun 19, 2003
Messages
1,241
Cheers Steve,

V 1.97. We're going to have to find out soon, :) I'm half way through a log in a different thread, also with an F2 entry; and there's enough going on with out having to relearn HJT entries.. :D

I'll go and see what I can find out, otherwise it's going to be a long night ahead.. :)

Cheers

Liam
 

Mapoleon1er

Thread Starter
Joined
Jul 12, 2003
Messages
21
Originally posted by VirtualMe:
How about theses two?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Should I delete them ?
 
Joined
Jun 19, 2003
Messages
1,241
Hi Steve,

Just been over to Spyware info, and Merijn has this to say...

Load and Run keys from Registry in Windows NT/2k/XP are now listed as F2 and F3.

So I guess we just treat F0 as F2 and F1 as F3.

Cheers

Liam
 
Joined
Oct 9, 2001
Messages
9,396
Originally posted by e-liam:
Hi Steve,

Just been over to Spyware info, and Merijn has this to say...

Load and Run keys from Registry in Windows NT/2k/XP are now listed as F2 and F3.

So I guess we just treat F0 as F2 and F1 as F3.

Cheers

Liam
i did the same:D and also asked rollin`rog who is going to take a look in here.
 

Mapoleon1er

Thread Starter
Joined
Jul 12, 2003
Messages
21
I downloaded the anti-virus program AVG free version and I installed it. Then I had to reboot and ARGGG : I had a red screen with "BackDoor.Jeem" virus found in msrexe.exe ! I had to choose between : Yes, No and Heal. I tried Heal and my computer crashed. I had to reboot again and again and everytime it freezed my computer. So I rebooted in Safe Mode and removed the antivirus. Then I was able to boot normally. The fact is, now I know I have a virus, I can't install the antivirus because when I reboot it crashes and on the symantec website they just explain how to remove the virus with their antivirus...

How shoud I remove it ?

Please Help !
 
Joined
Dec 9, 2000
Messages
45,855
Actually what might have been better would have been to run AVG in Safe Mode.

When prompted, you can delete that file, it cannot be healed and it is not a system file.

Otherwise, you can manually delete it: C:\WINDOWS\SYSTEM\MSREXE.EXE

You will probably have to restart in Safe Mode to delete msrexe.exe in c:\windows\system

And when you do first install AVG, make sure you do NOT have the option selected to scan on startup.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top