Low in Memory Message

Suddenly in the past few days I am getting a message stating my computer is low in memory and unable to process. This is coming up trying to use my utilities even tho I am not connected to the Internet. My computer shows sufficient memory available.
In other words, I can log onto the Internet and go from site to site unless it tries to use one of my utilities or plug-ins. I am using Win98 along with IE. Sometimes it will indicate it cannot display a .dll, etc. I checked my available memory and it shows sufficient.
Have I acquired a virus that has affected Win98? Does Win98 beed to be reloaded to get rid of the problem? I ran Defrag and that went o.k. with no messages.
Can you help me correct this situation and get rid of this error message?
Thanks
Claire

 

Do you have any "Free Disk" space available on your C:\ Drive?

1) Open My Computer
2) Right-click C:
3) Left-click "Properties ".

How much free disk space does it show for C:\?

 

And how much RAM?

More than 512mg?

Resources free are?

=====
All of this information is available to you via "Msinfo32 ">system information category:

Click taskbars>startbutton>runline>type msinfo32 and hit enter. Read the information needed and either copyNpaste nfo here or manualy type it in.

 

You may have something running in the background "bleeding" memory. It could be a poorly coded application, or a virus. You could try Housecall and the Trojan scans listed below.
It wouldn't hurt to download Spybot, do it's online update, then let it Check for Problems, let it remove all, if any, already checked off.
If it does find something, use HijackThis to do a scan. After the scan is over, the Scan button will say Save Log. Post the log on here, do not Fix anything with HijackThis, yet.
The links are below.

 

Here is the info I got so far.
120MB RAM
69% system resources free
Windows-managed swap file on drive C (14799MB free)
Available space on drive C: 14799MB of 19114MB (FAT32)

I ran Spybot and let it remove what was checked off.
I tried to download HijackThis at the site and it would not do anything. So I got nowhere on that. Not sure what is wrong there.
However I did get some answers for you but still got the problem. I will await the next step. Thanks for your help so far.
Claire

 

http://tomcoyote.com/hjt/
It appears the link in my signature is not a good one. The one above should work. Yes, it does look like the other page.

 

Logfile of HijackThis v1.97.7
Scan saved at 9:29:25 AM, on 4/28/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\TASKMON.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\FVPROTECT.EXE
C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\HIGHJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.angelfire.com/ms2/xstlion/MYOPERAHOTLIST.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: Window Shades - {B5B57F4F-EFA5-11D4-A971-444553540000} - C:\PROGRA~1\GMMCOM~1\WINDOW~1\WINDOW~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Norton Antivirus AV] C:\WINDOWS\FVProtect.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Startup: Wal-Mart Connect Tray Icon.lnk = C:\wmconnect\wmtray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Blink (HKLM)
O9 - Extra button: MaxManager (HKLM)
O9 - Extra 'Tools' menuitem: &MaxManager (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mng: c:\progra~1\intern~1\PLUGINS\NpHcd32.dll
O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\nphcd32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab

 

sounds like a virus

 

I have no idea what Spybot removed, but it did take something off.
I think your problem is being low on resources, too many things running
In HijackThis, put a check on these items then click on Fix.

O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: Window Shades - {B5B57F4F-EFA5-11D4-A971-444553540000} - C:\PROGRA~1\GMMCOM~1\WINDOW~1\WINDOW~1.DLL (file missing)
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q

These two items have file connected to them and are useless. When done, close HijackThis. The Clocksync is part of Spyware, and will give you problems. I realize it keeps the clock in time, but it may put bad stuff back on.

Go to Start\Run and type in Msconfig and press Enter. Click on Startup tab, and uncheck these items.

[QAGENT] C:\QUICKENW\QAGENT.EXE
[TaskMonitor] C:\WINDOWS\taskmon.exe
[WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
[Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
[CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
[AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
[LoadQM] loadqm.exe
[AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
[TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

The Taskmon and Loadqm entries are useless.

The Quiken entry is it doing background downloading, takes advantage of unused bandwidth to download current financial information anytime your computer is connected to the Internet, if you do not do this, have it unchecked.

The items pertaining to Adaptec do not need to load at startup everytime, it will work when you start them via shortcut in Start\Programs.
The same goes for the Works items.

The TkBellExe is RealPlayer trying to update itself continually, not needed.

Uncheck the following only if you do not have something scheduled for you computer to do by itself, such as updating Anti Virus program. I prefer to do things myself, so I have it removed.

[SchedulingAgent] mstask.exe

StillImageMonitor is a huge resouce hog, too big to have at startup, the scanner can still be started via Start\Programs shortcut.

After unchecking these items, reboot, and you will see the difference.
Empty the Temporary Internet Files checking the box for All Offline Content when you do.
Go to Control Panel\Internet Options, click on Delete Files to do this.
Then use Windows Explorer, browse to C:\Windows\Temp and delete all files and folders there.

 

O.K. I have done as you suggested in HijackThis as of 8:30a.m. Now it is just a case of running the computer for awhile, whether it be the Internet or my utilities. I will let you know how things are going.
My thanks for taking so much time to work with me and get my computer up to speed. For as much as I use my computer, I am glad to know I can ask questions somewhere. You folks at WindowsBBS offer a great service and it is greatly appreciated.
Claire

 

Thanks for posting back, hope all is well for you.

 

I am back. It seems I have a worm called NETSKY which is probably a good cause for the above problems of memory. I came across this by accident as I was looking for a download from an email and found all these extra files. I did a search for NETSKY and found 36 folders with files(82 repetitve files(2.32mb) in each) and I also found within the folders, sub-directories with the same 82 files. So taking this into account, here is where the memory is being eaten up.
After going to PC-Cillin and doing a scan there, it says I have no problem. Yep, so it says but I know different.
Needless to say, after spending some time deleting all the files from all the folders mentioned in the search, the folders/files are back. So, I guess this is what a worm is all about.
I checked my history file and that is gone as to what sites I went to or what site brought this to my computer. Is there anyway I can recover the sites visited on April 22? At 5.23a.m. on Apr22 this worm started to hit my computer. This could be eastern or central time. It would be good to check that area even tho I know from my search what software I used cuz that is where these 82 files are sitting.
Maybe you can recognize some of these files as to which Netsky worm I have. Here is an example of the files found in different folders like Aceftp2, Start Menu/Programs, Adobe Acrobat. Opera7, within my Program Files folder,just happens to have one of the folders with the 82 files so I copied all 82 file names but this is just the tail end.
108. C:\Program Files\Opera7\download\Star Office 9.exe
109. C:\Program Files\Opera7\download\Teen **** 15.jpg.pif
110. C:\Program Files\Opera7\download\The Sims 4 beta.exe
111. C:\Program Files\Opera7\download\Ulead Keygen 2004.exe
112. C:\Program Files\Opera7\download\Visual Studio Net Crack all.exe
113. C:\Program Files\Opera7\download\Win Longhorn re.exe
114. C:\Program Files\Opera7\download\WinAmp 13 full.exe
115. C:\Program Files\Opera7\download\Windows 2000 Sourcecode.doc.exe
116. C:\Program Files\Opera7\download\Windows 2003 crack.exe
117. C:\Program Files\Opera7\download\Windows XP crack.exe
118. C:\Program Files\Opera7\download\WinXP eBook newest.doc.exe
119. C:\Program Files\Opera7\download\XXX hardcore pics.jpg.exe

Any ideas of what to do next!
#1 Is there anyway I can recover the sites visited on April 22? I only go back 5 days.
#2 Since HouseCais an example of the files found in different folders like Aceftp2, Start Menu/Programs, Adobe Acrobat. Opera7, within my Program Files folder,just happens to have one of the folders with the 82 files so I copied all 82 file names but this is just the tail end.
108. C:\Program Files\Opera7\download\Star Office 9.exe
109. C:\Program Files\Opera7\download\Teen **** 15.jpg.pif
110. C:\Program Files\Opera7\download\The Sims 4 beta.exe
111. C:\Program Files\Opera7\download\Ulead Keygen 2004.exe
112. C:\Program Files\Opera7\download\Visual Studio Net Crack all.exe
113. C:\Program Files\Opera7\download\Win Longhorn re.exe
114. C:\Program Files\Opera7\download\WinAmp 13 full.exe
115. C:\Program Files\Opera7\download\Windows 2000 Sourcecode.doc.exe
116. C:\Program Files\Opera7\download\Windows 2003 crack.exe
117. C:\Program Files\Opera7\download\Windows XP crack.exe
118. C:\Program Files\Opera7\download\WinXP eBook newest.doc.exe
119. C:\Program Files\Opera7\download\XXX hardcore pics.jpg.exe

Any ideas of what to do next!
#1 Is there anyway I can recover the sites visited on April 22? I only go back 5 days.
#2 Since HouseCall says there is no probes found in different folders like Aceftp2, Start Menu/Programs, Adobe Acrobat. Opera7, within my Program Files folder,just happens to have one of the folders with the 82 files so I copied all 82 file names but this is just the tail end.
108. C:\Program Files\Opera7\download\Star Office 9.exe
109. C:\Program Files\Opera7\download\Teen **** 15.jpg.pif
110. C:\Program Files\Opera7\download\The Sims 4 beta.exe
111. C:\Program Files\Opera7\download\Ulead Keygen 2004.exe
112. C:\Program Files\Opera7\download\Visual Studio Net Crack all.exe
113. C:\Program Files\Opera7\download\Win Longhorn re.exe
114. C:\Program Files\Opera7\download\WinAmp 13 full.exe
115. C:\Program Files\Opera7\download\Windows 2000 Sourcecode.doc.exe
116. C:\Program Files\Opera7\download\Windows 2003 crack.exe
117. C:\Program Files\Opera7\download\Windows XP crack.exe
118. C:\Program Files\Opera7\download\WinXP eBook newest.doc.exe
119. C:\Program Files\Opera7\download\XXX hardcore pics.jpg.exe

Any ideas of what to do next!
#1 Is there anyway I can recover the sites visited on April 22? I only go back 5 days.
#2 Since HouseCall says there is no probes found in different folders like Aceftp2, Start Menu/Programs, Adobe Acrobat. Opera7, within my Program Files folder,just happens to have one of the folders with the 82 files so I copied all 82 file names but this is just the tail end.
108. C:\Program Files\Opera7\download\Star Office 9.exe
109. C:\Program Files\Opera7\download\Teen **** 15.jpg.pif
110. C:\Program Files\Opera7\download\The Sims 4 beta.exe
111. C:\Program Files\Opera7\download\Ulead Keygen 2004.exe
112. C:\Program Files\Opera7\download\Visual Studio Net Crack all.exe
113. C:\Program Files\Opera7\download\Win Longhorn re.exe
114. C:\Program Files\Opera7\download\WinAmp 13 full.exe
115. C:\Program Files\Opera7\download\Windows 2000 Sourcecode.doc.exe
116. C:\Program Files\Opera7\download\Windows 2003 crack.exe
117. C:\Program Files\Opera7\download\Windows XP crack.exe
118. C:\Program Files\Opera7\download\WinXP eBook newest.doc.exe
119. C:\Program Files\Opera7\download\XXX hardcore pics.jpg.exe

Any ideas of what to do next!
#1 Is there anyway I can recover the sites visited on April 22? I only go back 5 days.
#2 Since HouseCall says there is no problem, WHERE DO I go to locate NETSKY.exe on the C: drive and delete it? It surely is sitting someplace but not to my naked eye.

 

knew it,, now just remove them.

easyest way; take out the infected drive and slave it to another computer and scan and remove.

 

The big clue on some of those downloads is the double extension. Such as the files ending in .Jpg.Pif and .Doc.Exe. You normally do not see the real extension on some of those downloads, as they are recognized file types. JPG and DOC are usually a recognized file type, however, with the second extension, they are shown as part of the file name. So the file "WinXP eBook newest.doc.exe" only shows up to you as "WinXP eBook newest.doc ", so you think it is safe. As for those other downloads, I cannot comment on as they are used for pirating software, and you take your chances with them.

 

Here is the latest and last information on my quest. I did use the Symantec link that also found AND DELETED all the .EXE files associated with Netsky.P virus. I also checked the MSCONFIG for unwanted files at startup, etc. So I have my computer back in order including the used up memory.
This was quite an experience just knowing my computer had a virus was bad enough but also how easy it was to have infested my computer.
Thanks to everyone for your assistance.
Claire