..and deliver us from KeyLoggers! PLEASE!

Chaslang, I wrote about my slow browser (Firefox), & my connection troubles. HJT found no issues but you did suggest a few things could be tweaked.

I began to suspect something else, so I ran KL-Detector12, and it found some suspicious activity. However, if I do have a keystroke logger on my computer (my keyboard does do some strange things like stopping at intervals like it just did as I was writing this, and Ive found my password & username for my ISP changed twice now) I dont know how to remove it, or even to identify it. Could you please take a look at this logfile & tell me what to do?? I have to resolve all of these wierd issues that are driving me to another cardiac arrest,. The stress has been unbelievable.

Thanks. If I did this wrong, please advise.

 

*sigh*...It doesnt look like the file attached. Ill try again.

 

Well thats a relief at least, Chaslang, thank you. But how did my password field change to a longer password, then the 2nd time, my ISP username was change to something completely different all on its own (zjm, or some such wierd word), & the password field was empty...without my ever having been to those connection control pages?

What could cause that? No one else uses my computer.

 

No, chas, I have never allowed anyone access to my computer, & I live alone with my pittie-mix as my companion dog. She allows no one in this house but me & whoever I invite. Never let the password out to anyone, in any form. Its only in my head. I never access it remotely.

However, it is the same password as I use on one high security site, so I thought it could be a keystroke thief, which is why I used KL to find out. And no, Im not multiple personality...LOL

Im completely baffled. And the creeping speed of downloading pages is killin' me...*sigh*...You see I only make $600 a month disability. The only other money I can make to make ends meet is via my computer. So Im in a very dangerous position right now, nearing eviction. I cant save myself without a working connection. Graphics on a page barely can download either. I might be lucky to get 4 on a google image search page.

What can I do to unearth the source of this mystery?

 

Chas....I've tried for the last hour to an hour & a half to download the Rootkit, & am still trying. Ill post the file for you as soon as I can get it to download & I run it.

I dont know if this info will help you to understand whats going on in my system.

The other night the (Firefox...IE hardly works at all) browsing was crawling as usual, the page graphics not downloading fully. I was getting the usual "The operation timed out...", and "<page> could not be found. Please check the name & try again" errors. I was into my system info & all the system info was automatically refreshing as I'd click on each category. Suddenly, my browser started zooming & working beautifully, even at only 33.6 (dialup). I was elated. I surfed & chatted for sometime, thinking it was repaired.

Then my son wanted to use the computer. Since the 'puter seemed to need a reboot, I did this, then logged into his username & went to dialup into my ISP for him to be on.

This came up: "There was an error reading the connection time. Please contact your ISP for further assistance. Error 1"

I couldnt find anything pertaining to this error in 2000 Pro Help.

When I went back into MY username, the same problems were occuring as before. Slow, timeouts, & addresses not being found.

With this, do any lightbulbs come on for you that may expalin what the problem is? I dont recall at all what refreshed that may have caused my browsing to speed up as it did. I was too excited that it started working so well. Ive tried to refresh everything again several times, to no avail.

Going back to try to download the Rootkit again, til it works.

 

chas..not trying to step on your toes here.....

Felinity...is your email working ok? If it is I can try emailing rookit revealer to you using the email addy you registered with..the file is only 207kb.

 

AbbeySue, my email is yahoo & is extremely slow...the login page appears as mainly blue text, with most of it on the left side of my screen rather than the right, the way it used to be. Few if any graphics appear.

Still it may be easier to get the file that way than this way. im still fighting time-outs & cannot-be-founds and all. *sigh*...Im so exasperated.

Thank you so much for the help here. As administrator, you have my email listed & can send to it? Is SpySweeper a large file, & if not, can that also be sent?

 

No problem at all. Glad to help if I can. Have sent rookit revealer to the email listed in your profile. SpySweeper is a much larger file...a bit over 8mb but I'll use a file splitter for that one. If you aren't familiar with how that works, the file will be split into several smaller pieces so I can email them to you separately. Once you have managed to download them you click on the first one and it will reassemble the file so you can then run the installer and proceed with chaslangs instructions.

If you can't download them through your computer is there another computer you could access your yahoo email through and download the files to a floppy or similar then transfer them to your computer?

 

NP chas. I can just imagine her frustration at not being able to download via the traditional method...maybe this will work..*crosses fingers*

@ Felinity...all files have been sent your way. Good luck!

 

Unfortunately, AbbySue, there is no other computer I can use. None of my neighbors have one with internet access, & Im a mile & a half's walk from the nearest library where internet access is available. I cant walk that far so soon after open-heart, and cant afford a cab at all.

My PC runs fine on its own, slightly slow, but as Chas (I think) said, 2000 is usually slower anyway in loading than other OS'. Its only when connected to the internet that this creeping & errors occur.

I cannot seem to burn any CDs either. I tried yesterday. My Samsung CD can detect a music CD & play it through WMP, but it cannot detect a blank CD for some reason & keeps asking me to insert a CD even after I have put a blank one in there.

Ive never sued files sent with a file splitter but Ill give that my best shot in getting them reassembled as you described.

I have a good zip drive but (wouldnt you now?) I have no zip discs. My floppy drive wirks fine & I have a few of those to use for the smaller files.

Chas, I was finally able to update Ad-Aware & SpyBot successfully, & they found nothing wrong.

Ill go now to yahoo & try to get the files AbbySue sent.

Ill be back with you both as soon as I possibly am able. Im really hoping RootKit Revealer will find the cause of all this.

You two are great! Thanks..BBS

 

Chas, we did HJT in the other thread,

"http://forum.majorgeeks.com/showthread.php?t=84777", but

Ill do it again this way too, as you suggest, if the exe will

download correctly.

Im encountering the same issues in trying to download the

files AbbySue sent me in Ym mail...the page not loading fully,

timing out, and the one time the RootKit Revealer did

download, the zipfile is shown as a "No zip file, bad zip file or

part of a split/spanned file". WinZip wont open it.

I just downloaded the HJT exe from the link, Chas, but when I try to click on it it says this, with a big red "X" icon: "C:\Documents and Settings\Owner\Desktop\HijackThis.exe is not a valid Win32 application", and the icon for the .exe is the generic white square with the blue strip across the top of it.

Now what? Im so sorry this is such a pain for you too.

Is it possible that the slow connection is causing the downloads to load only partially then timing out?

Ill keep trying. Is there a link for RootKit like this one?

 

I did uninstall Registry Pro, & Viewpoint, & Propel...I exited FreeRam earlier (which loads automatically on booting up), but just went to uninstall it completely, and whaddayaknow??...Its not listed on my Add/Remove Software window now! I find that highly unusual. Im looking into this a bit more too, & Ill do the HJT again as you suggested.

 

Here is the HJT logfile just done while logegd on, Chaslang & AbbySue. Ill sit back & wait with all toes & fingers crossed in hopes something will show up this time.

 

I found the uninstall info in FreeRam's Readme notes & uninstalled it. It said files in use by FreeRam will not be removed til I reboot. Should I try that now? I should add that Ive used FreeRam for at least a year with no issues before now, but I guess anything's possible.

 

OK Chaslang, I checked...all those programs were definitely gone from the add/remove programs list. I rebooted & I have the logfile to attach rather than copy/paste, as you may not get it for sometime at this time of night.

ALSO...I cleared the cache again & the cookies this time, before rebooting, and my ZoneAlarm reset down to the Free edition, because my Pro trial time had run out. This means the Firewall began alerting me to every blocked access that occured. i have had an endless stream of them, many beginning with the same 1st numbers of my IP number. BUT many were different & involved UDP ports. Ill see if I can get a logfile of all the blocked IP numbers & the ports involved.

And no...My ISP isnt Level 3. Its a very neat & clean dialup service I have recommended highly to family & friends, offered by DSLExtreme out of California.

Ill send the ZAlog file from yesterday before I was receiving the visual alerts, but they were still coming in automatically to the system.

The ones from today have not been automatically logged yet, but they look much like the ones from yesterday.

The HJT log I just ran before logging onto my ISP is included here.

PLEASE tell me that between these two logs & the info I just wrote here, you can sniff out what might be causing all my browsing issues.

Dang "attach files" option wont show for me, just the text, so I have to copy/paste.

~~~~~~~~

Edit by chaslang: Inline HJT log attached

~~~~~~~~~~~~

ZoneAlarm Logging Client v6.0.XXX.XXX
Windows 2000-5.0.XXXX-Service Pack 4-SP
type,date,time,source,destination,transport (Security)
type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
type,date,time,source,destination,action,service (IM Security)
type,date,time,source,destination,program,action (Malicious Code Protection)
type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)
type,date,time,name,type,mode (Anti-Spyware)

ACCESS,2006/02/16,16:34:06 -5:00 GMT,TAPI 3.0 Dialer and IP Multicast Conference Viewer was temporarily blocked from connecting to the local zone (127.0.0.1ort 2355).,N/A,N/A
ACCESS,2006/02/16,16:34:06 -5:00 GMT,TAPI 3.0 Dialer and IP Multicast Conference Viewer was temporarily blocked from connecting to the local zone (127.0.0.1ort 2356).,N/A,N/A
FWIN,2006/02/16,16:39:00 -5:00 GMT,209.160.64.47:1036,4.88.23.166:1434,UDP
FWIN,2006/02/16,16:40:40 -5:00 GMT,65.60.146.223:18652,4.88.23.166:1026,UDP
FWIN,2006/02/16,16:41:54 -5:00 GMT,200.183.156.78:1029,4.88.23.166:137,UDP
FWIN,2006/02/16,16:44:58 -5:00 GMT,4.88.51.120:3160,4.88.23.166:135,TCP (flags:S)
FWIN,2006/02/16,16:45:14 -5:00 GMT,4.88.163.102:4047,4.88.23.166:135,TCP (flags:S)
FWIN,2006/02/16,16:46:14 -5:00 GMT,4.88.7.176:4824,4.88.23.166:139,TCP (flags:S)
FWIN,2006/02/16,16:47:32 -5:00 GMT,4.88.74.62:3316,4.88.23.166:135,TCP (flags:S)
FWIN,2006/02/16,16:49:48 -5:00 GMT,4.153.243.30:1085,4.88.23.166:445,TCP (flags:S)
FWIN,2006/02/16,16:52:24 -5:00 GMT,221.1.204.231:36635,4.88.23.166:1026,UDP
FWIN,2006/02/16,16:52:28 -5:00 GMT,4.88.11.134:1700,4.88.23.166:445,TCP (flags:S)
FWIN,2006/02/16,16:52:38 -5:00 GMT,4.88.51.120:2452,4.88.23.166:135,TCP (flags:S)
FWIN,2006/02/16,16:54:34 -5:00 GMT,221.12.40.144:43625,4.88.23.166:1029,UDP
FWIN,2006/02/16,16:55:14 -5:00 GMT,4.88.0.56:3760,4.88.23.166:135,TCP (flags:S)
FWIN,2006/02/16,16:58:14 -5:00 GMT,4.88.11.134:3160,4.88.23.166:445,TCP (flags:S)
FWIN,2006/02/16,16:58:24 -5:00 GMT,4.88.11.134:3437,4.88.23.166:139,TCP (flags:S)
FWIN,2006/02/16,17:01:26 -5:00 GMT,4.88.167.24:2430,4.88.23.166:445,TCP (flags:S)
FWIN,2006/02/16,17:01:26 -5:00 GMT,4.88.19.101:2568,4.88.23.166:135,TCP (flags:S)
FWIN,2006/02/16,17:04:20 -5:00 GMT,65.109.13.61:16273,4.88.23.166:1026,UDP
FWIN,2006/02/16,17:06:36 -5:00 GMT,4.88.74.165:4968,4.88.23.166:135,TCP (flags:S)
FWIN,2006/02/16,17:09:32 -5:00 GMT,4.88.11.209:4314,4.88.23.166:135,TCP (flags:S)
FWIN,2006/02/16,17:13:10 -5:00 GMT,218.61.35.52:44187,4.88.23.166:1028,UDP
FWIN,2006/02/16,17:20:14 -5:00 GMT,59.10.62.18:6000,4.88.23.166:7212,TCP (flags:S)
FWIN,2006/02/16,17:27:34 -5:00 GMT,65.79.144.254:24143,4.88.23.166:1026,UDP
FWIN,2006/02/16,21:35:42 -5:00 GMT,4.88.36.153:3961,4.88.19.109:135,TCP (flags:S)
FWIN,2006/02/16,21:37:20 -5:00 GMT,65.84.247.99:3040,4.88.19.109:1026,UDP
FWIN,2006/02/16,21:37:22 -5:00 GMT,219.146.161.10:59512,4.88.19.109:1030,UDP
FWIN,2006/02/16,21:38:44 -5:00 GMT,219.254.232.50:1031,4.88.19.109:137,UDP
FWIN,2006/02/16,21:40:48 -5:00 GMT,4.88.1.99:4494,4.88.19.109:135,TCP (flags:S)
FWIN,2006/02/16,21:40:48 -5:00 GMT,4.88.36.153:2204,4.88.19.109:445,TCP (flags:S)
FWIN,2006/02/16,21:41:06 -5:00 GMT,221.1.206.132:60011,4.88.19.109:1026,UDP
FWIN,2006/02/16,21:41:06 -5:00 GMT,221.1.206.132:60011,4.88.19.109:1029,UDP
FWIN,2006/02/16,21:44:14 -5:00 GMT,4.88.71.17:3018,4.88.19.109:445,TCP (flags:S)
FWIN,2006/02/16,21:44:14 -5:00 GMT,4.88.71.17:3404,4.88.19.109:445,TCP (flags:S)
FWIN,2006/02/16,21:44:14 -5:00 GMT,4.88.71.17:3728,4.88.19.109:139,TCP (flags:S)
FWIN,2006/02/16,21:44:56 -5:00 GMT,4.88.46.99:1612,4.88.19.109:139,TCP (flags:S)
FWIN,2006/02/16,21:48:54 -5:00 GMT,4.88.26.67:4627,4.88.19.109:139,TCP (flags:S)
FWIN,2006/02/16,21:49:54 -5:00 GMT,4.88.60.244:4672,4.88.19.109:139,TCP (flags:S)
FWIN,2006/02/16,21:50:16 -5:00 GMT,4.88.26.69:2514,4.88.19.109:445,TCP (flags:S)
FWIN,2006/02/16,21:50:16 -5:00 GMT,4.88.164.158:1028,4.88.19.109:445,TCP (flags:S)
FWIN,2006/02/16,21:51:40 -5:00 GMT,4.88.26.67:3308,4.88.19.109:445,TCP (flags:S)
FWIN,2006/02/16,21:51:50 -5:00 GMT,65.55.37.227:29851,4.88.19.109:1026,UDP
PE,2006/02/16,22:00:48 -5:00 GMT,Services and Controller app,209.244.0.3:53,N/A
PE,2006/02/16,22:01:38 -5:00 GMT,Services and Controller app,209.244.0.3:53,N/A
PE,2006/02/16,22:02:02 -5:00 GMT,Firefox,127.0.0.1:1037,N/A
FWIN,2006/02/16,22:02:26 -5:00 GMT,4.88.60.244:4084,4.88.20.237:139,TCP (flags:S)
FWIN,2006/02/16,22:02:58 -5:00 GMT,4.88.167.24:4522,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:03:00 -5:00 GMT,4.88.71.183:4791,4.88.20.237:135,TCP (flags:S)
FWIN,2006/02/16,22:04:20 -5:00 GMT,4.88.75.87:2494,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:10:12 -5:00 GMT,4.88.25.188:3480,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:12:26 -5:00 GMT,4.88.166.93:3180,4.88.20.237:139,TCP (flags:S)
FWIN,2006/02/16,22:12:26 -5:00 GMT,4.88.166.93:3179,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:12:26 -5:00 GMT,4.88.166.93:3177,4.88.20.237:445,TCP (flags:S)
PE,2006/02/16,22:13:06 -5:00 GMT,Zone Labs Client,67.19.72.101:53,N/A
FWIN,2006/02/16,22:13:44 -5:00 GMT,4.154.51.149:2932,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:13:46 -5:00 GMT,4.88.36.153:1961,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:13:46 -5:00 GMT,4.88.36.153:1959,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:14:26 -5:00 GMT,4.88.163.199:4905,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:14:28 -5:00 GMT,4.88.26.69:2567,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:14:28 -5:00 GMT,4.88.26.69:2563,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:14:28 -5:00 GMT,4.88.26.69:2565,4.88.20.237:139,TCP (flags:S)
FWIN,2006/02/16,22:18:36 -5:00 GMT,59.10.62.18:6000,4.88.20.237:7212,TCP (flags:S)
FWIN,2006/02/16,22:18:56 -5:00 GMT,61.180.228.244:52028,4.88.20.237:1027,UDP
PE,2006/02/16,22:18:58 -5:00 GMT,Internet Information Services,0.0.0.0:1027,N/A
FWIN,2006/02/16,22:20:16 -5:00 GMT,65.199.3.162:19909,4.88.20.237:1026,UDP
FWIN,2006/02/16,22:20:26 -5:00 GMT,4.88.46.99:3234,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:22:36 -5:00 GMT,4.88.75.87:3734,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:25:50 -5:00 GMT,4.88.167.24:2621,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:26:46 -5:00 GMT,216.196.76.57:28960,4.88.20.237:1026,UDP
FWIN,2006/02/16,22:27:52 -5:00 GMT,4.88.47.158:3401,4.88.20.237:135,TCP (flags:S)
FWIN,2006/02/16,22:27:52 -5:00 GMT,4.88.3.196:4313,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:28:08 -5:00 GMT,4.88.3.196:2966,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:28:08 -5:00 GMT,4.88.75.87:1748,4.88.20.237:1433,TCP (flags:S)
FWIN,2006/02/16,22:29:54 -5:00 GMT,196.7.186.79:20489,4.88.20.237:1026,UDP
FWIN,2006/02/16,22:30:38 -5:00 GMT,4.88.51.120:1066,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:31:18 -5:00 GMT,4.88.75.87:2135,4.88.20.237:139,TCP (flags:S)
FWIN,2006/02/16,22:31:50 -5:00 GMT,4.88.26.69:2060,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:32:08 -5:00 GMT,4.88.36.153:3764,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:34:32 -5:00 GMT,4.88.3.196:2947,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,22:39:14 -5:00 GMT,65.104.1.137:11491,4.88.20.237:1026,UDP
FWIN,2006/02/16,22:42:02 -5:00 GMT,221.208.208.3:33577,4.88.20.237:1026,UDP
FWIN,2006/02/16,22:45:08 -5:00 GMT,222.173.187.45:1057,4.88.20.237:1434,UDP
FWIN,2006/02/16,22:50:50 -5:00 GMT,4.88.40.42:2908,4.88.20.237:135,TCP (flags:S)
FWIN,2006/02/16,22:55:02 -5:00 GMT,221.203.145.59:51586,4.88.20.237:1028,UDP
FWIN,2006/02/16,22:55:50 -5:00 GMT,4.88.4.181:2957,4.88.20.237:135,TCP (flags:S)
FWIN,2006/02/16,22:56:48 -5:00 GMT,65.0.214.53:26208,4.88.20.237:1026,UDP
FWIN,2006/02/16,22:57:56 -5:00 GMT,221.1.204.254:33420,4.88.20.237:1028,UDP
FWIN,2006/02/16,23:01:14 -5:00 GMT,4.88.62.83:3632,4.88.20.237:445,TCP (flags:S)
FWIN,2006/02/16,23:03:24 -5:00 GMT,4.88.164.36:2800,4.88.20.237:135,TCP (flags:S)
FWIN,2006/02/16,23:03:38 -5:00 GMT,65.98.97.70:14316,4.88.20.237:1026,UDP
FWIN,2006/02/16,23:05:42 -5:00 GMT,4.88.51.120:3923,4.88.20.237:135,TCP (flags:S)

 

*sigh*...OK Chaslang...I downloaded Ccleaner (I thought, because the proper icon was showing afterward, and it did take almost an hour for it to 'complete')...then followed every other instruction here listed. Everything, to the letter. But I could not run Ccleaner.

The computer is still running the same way, slow as a snail to load pages, with many MANY missing graphics & programs unable to download fully, timing out notoriously & stating that many pages "could not be found"..

I include the HJT log I ran after booting back up afterward, before logging online...and Ill try to run one here too, right after logging onto online, so if theres a difference, it can be noted.

As far as this is concerned,

"...R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/c...rnet-0,00.html.."

I did nothing to do with this. I have no idea what it is or where it came from.

Also, as per this question, quoted..

"...Is the below IP address the one you say is for your ISP?
4.88.23.166 = [ dialup-4.88.23.166.Dial1.Atlanta1.Level3.net ]

If so, notice it is actually part of Level 3 Communications that I asked about...."

I dont know how Level 3 Inc. keeps trying to get into my ports unless they are affiliated somehow with my dialup service through DSLExtreme, my ISP. But I do know that ZoneAlarm keeps refusing them, blocking the "intrusion".

Program Settings I set for ZoneAlarm, too, reset everytime I reboot. I have to grant permissions all over again.

Services & Controller Ap. wants access & to accept connections from the internet as does Generic Host Processes and Internet Information Services. Im not sure which should have full acess to trusted & Internet zones & which to limit, so I grant permissions to them each time they ask.

On my ZoneAlarm's Firewall zone page are listed two items, the first, my system's:

3Com Etherlink PCI, IP Address 0.0.0.0./0.0.0.0. Adapter Subnet

and the 2nd, Im not sure of, if it isnt DSLExtreme:

WAN (PPP/SLIP) 4.88.20.57./255.255.255.255 Adapter Subnet

What does this all mean?

(BTW this page, under "go advanced", will not give me the option of "attach files" now...its just text...so here is the C/P)

HJT after Reboot from safe Mode:
~~~~~~~~~~~~~~~~~~~~~~

Edit by chaslang: Inline log attached

 

Now here is a new HJT logfile i just did, after being logged onto the internet:

Edit by chaslang: Inline log attached

 

Oh Chas I spent over an hour on the phone with my ISP tech support last night, & after all the analyzing & tweaking, they decided it has to be my phone company.

The 1st two ISP numbers you'd said were showing when I log on were DNS numbers, they said, & the others were other DSLExtreme members' systems trying to find IP numbers they'd had before, or something like that. Level 3 supplies connection for their members, like me, who arent in California near DSLExtreme's offices.

I dont get it, but they seemed to know what they were talking about.

Now I have tech for the phone company coming out on Monday to check the outside & inside lines at a high charge to me that I cant afford. But after a month of this non-stop, Im so physically, mentally & emotionally worn out from all this that I just cant keep fighting with it. I just want it to work again.

Im ready to just pay someone to wipe it clean & start over with XP or something. And maybe put a v.92 modem in it to boot while they're at it. But its just a Pentium 3, so...I dont know.

Thank you for all the work you put into it, & AbbySue too, for sending all those files to me in email. When I get this fixed, at least Ill have Rootkit & Spysweeper ready to go, thanks to her.

Ill send my friends here, for sure. You've been great support & informative too, & really earn the support us members give this site. When I have it, Ill put my money where my mouth is too.

 

Chas, its been awhile since I was able to log in. I hope my problem is memorable enough. When I first came here, I ran another thread first, then started this one, not knowing we needed to keep everything in one thread. Heres the other one:

http://forum.majorgeeks.com/showthread.php?t=84777

Then we came to this one.

I was finally able to download & run Rootkit Revealer in a moment when my system ran normally and at a decent speed, & Ive attached the very short results it gave. But as soon as I disconnected & rebiooted, the same problem recurred.

I still cant get SpySweeper, but I was able to update SpyBot, Spyware Blaster & Ad-Aware. Ad-Aware found 8 Alexa issues & deleted them, but it still runs as slowly, graphics not downloading, & programs cant download from online. Does Rootkit Revealer show anything signifigant?

It wont let me attach a file here so I have to copy & paste it.

HKLM\S-1-5-21-436374069-1202660629-1957994488-1000\Software\Yahoo\Pager\profiles\wildfelinity\Alerts\Total Login Tries 3/9/2006 3:04 PM 4 bytes Data mismatch between Windows API and raw hive data.

Thats all it gives.

 

Well, Chas, AbbySue, after all of this, and all the diagnostics & everything, you were right on the money when we'd run the process of elimination. It was indeed my old v.90 modem. It had finally petered out.

I have replaced it with a new v.92 modem, & it is running superbly.

Thank you for ALL of the help with this major headache.

Now for a couple of other puzzling problems I've been dealing with. Ill post the new threads.