Hello everyone,
First I would like to thank you for the service you provide. I was able to resolve most of my S&D questions by viewing other threads in the S&D forums. I would attempt to do the same with my HJT logs but have read in several threads that HJT logs are very "machine specific". SO......

If you good people here would be kind enough to look at my latest HJT log, I would be very grateful. Thanks in advance for your time and efforts.

I am currently using:
ZoneAlarm Security Suite version:6.0.631.003
TrueVector version:6.0.631.003
Driver version:6.0.631.003
Anti-virus Vet engine version:11.9.1.000
Anti-virus signature DAT file version:11.9.9723.000
Anti-spyware engine version:4.1.7.0
Anti-spyware signature DAT file version:01.200603.235

Spybot S&D teatimer version 1.4.0.2

Spybot S&D version 1.4.0.3

Trojan Hunter guard

I also use AdAwareSE

and have a Hosts file in place (mvp I believe)

my system:
OS Name Microsoft Windows
Version 4.90.3000 Build 3000
OS Manufacturer Microsoft Corporation
System Manufacturer 00101890 XL773
System Model 15144800000401
System Type X86-based PC
Processor Intel(r) Celeron(tm) processor GenuineIntel ~702 Mhz
BIOS Version EPP revision 9.00
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\SYSTEM
Boot Device \\Device\Harddisk0
Total Physical Memory 190.45 MB
Available Physical Memory 248.00 KB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.68 GB
Page File Space 1.81 GB
Page File C:\WINDOWS\WIN386.SWP

And here is my latest HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:59:09 PM, on 3/31/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.5\THGUARD.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\WUAUBOOT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.5\THGUARD.EXE"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

Again any help would be greatly appreciated
Many Thanks to you all for the info I have already gleaned from this site.

Hi

Your log's clean...

It's not very often someone posts as much information about their system as you have

This does not look right to me ...

Total Physical Memory 190.45 MB
Available Physical Memory 248.00 KB

For a start your RAM is all but used up & this will cause your system to run slow...

Also your total RAM says 190.45 MB

I presume you have 2 sticks .. 1 @ 128 & 1 @ 64 ... this would make 192.00 MB

Unless this is a quirk of the winME o\s the total RAM should say 192.00 MB

You may have faulty ram stick, do you get the occasional freeze or blue screen ?

steam

Thank you!!!

I am relieved to know that my HJT Log is clean.

I will take a look at the memory settings.

You are correct about the memory sticks. One is 128, one 64.

Yes I do get occasional freezes and blue screens. System resources seem to degrade after using box for awhile.

Any suggestions about the memory issue would be appreciated greatly.

Thanks again for all of your help and the prompt response.

Did I post too much system information?

Did I post too much system information?

No...not at all ... usually we have to prize information out of posters, it was refreshing to see someone post their specs, without having to be asked, quite often we are not even told what operating system is being used ;)

If someone is getting freezes and blue screens, one of the first things to look at is the RAM...

Now that you say you are getting these, I would definitely suspect the RAM...

If you hadn't posted all that info, then we would not have seen the possible problem...

You could try taking one stick out and running on just one... see if you still get freezes or blue screens ... check the system info with just one stick ... see if it shows the full amount ... 128 or 64 ...

I'm not sure whether WinME will run on 64 MB ... if it doesn't, then you'll just need to put the other stick back and reboot...

XP will just about run on 128 MB ... but not on 64 MB

Win 98 will run OK on 64 MB

WinME ?

Make sure the power is switched off when you remove the case, and touch the case (to discharge any static) before you touch the RAM, or any other components.
steam

I will try your suggestion.

You at thank the guys at GRC Newsgroups for the complete info.

I lurk there a lot and occasionally post when I have issues with my machine.

I am a novice but can usually take a hint and they have educated me somewhat about what it is like to voluntarily help folks like myself without any info to work with.

Thanks for the reminder about discharging the static. I rarely go inside the box so the reminder is appreciated.

I adjusted my page file space in the advanced settings of computer properties. I did that once before to resolve some memory issues but I still see that my Total physical memory is still the same.

here are my new specs on memory:
Total Physical Memory 190.45 MB
Available Physical Memory 228.00 KB
Total Virtual Memory 1.16 GB
Available Virtual Memory 883.43 MB
Page File Space 1,000.00 MB
Page File C:\WIN386.SWP

Do you think I have my Page File space set too large or too small?
any suggestions appreciated.
THANKS AGAIN!!!!!!!

Hi

The pagefile or swapfile, is sometimes referred to as virtual memory, actually it is a way of extending RAM and creating extra memory on your computer... The pagefile is used to swap memory in and out of RAM, the pagefile + the RAM goes up to make the virtual memory.

Increasing the pagefile will have no effect on the physical memory, as they are two different things

pagefile + RAM = virtual memory

The default, or recommended, paging file size is equal to 1.5 times the total RAM

In your case the pagefile size would be 288 MB ... BUT...

IF you had say 512 MB RAM, then the page file would probably never be used, and you could keep the amount low...

Your RAM is being fully used, and you are using about 120 MB of the pagefile, If you were to open a few more programs, then the amount of pagefile you would need would probably exceed the recommended 288 MB, causing you problems...

Too low a pagefile size will cause problems...

Too big a pagefile will cause NO problems, but possible waste harddrive space....

If you are happy with it set at 1,000 MB then leave it there...

steam

I did as you suggested and it would seem that the 128 stick is bad. when I pulled the 64 stick I still showed the same shortage. It seems logical to me that if it were a windows ME fluke the shortage would have been proportionately smaller but it was not. Of course my assumption of logic does not neccesarily apply to Windows ME. perhaps there is a set amount taken off the top for the maintainance of system restore for example. I don't know that, just postulating. Anyway, I may buy another 128 stick and see if that remedies the problem. If not then I will at least have more RAM to work with. Thanks again

Did you try to boot with just the 64 MB stick ?

If so, did it show the full 64 MB ?

steam

I feared pulling the 64 stick since as you said my RAM was all but used up. do you think I should try it and if so should I go into msconfig startup and limit startup items?

Thanks again steamwiz

It should be OK with just either one of the sticks in... maybe slower, that's all...

What I would like to know is with just the 64MB in, does it show 64MB

Then we know for certain it is the 128MB stick which is showing short...

steam

:) I will put it on my to do list for tomorrow.

Since I last wrote, I have been checking out a program called autoruns from sysinternals. Are you familiar with the program?
I ran a scan with all options checked and it was unbelievable how many programs and registry entries are run at startup. I realize that a great many are necesary but it is hard to believe that they all are. I saved logs of the scans so if you are familiar with the program and have the time and inclination to look at it I will be happy to post that as well.
I thoroughly enjoyed your site as well as some of the others you listed. I have not had time to check them all thoroughly but have already benefited from my limited time there. I have bookmarked them all and will be spending some time there. Thank you for your continuing efforts at educating another newbie. I just hope I can retain all of this new information.

Thanks again for all of your time and effort
BigRabbit

Hi

Yes I have the autoruns program, a lot of programs run in the background and are neccessary...

Depending on your configuration and the programs you have installed, your autoruns will be unique... there may well be programs and files running which I do not recognise ... unless you think something doesn't look right ... it would take a lot of time to check it out, on the off-chance....



I thoroughly enjoyed your site ....


If that's the ASAP link you are referring to... that isn't my site, but it's a good site to look round...

Actually this is my site :- http://www.help2go.com/forum5.html

cheers

steam

Thanks to steam:D ,
Turns out the 128 stick is bad! I will have to get new one. May just get two since I am so short on Ram. May resolve the majority of my issues.
I thoroughly enjoyed your site steam. I have bookmarked it for continued reference. I am learning a lot by lurking in these forums and checking out all of the info sites recommended in them. Hope my brain can take the strain of all these new wrinkles.
Many thanks to you steam, you have been a Godsend.

HI

You're very welcome :)

Happy surfing

steam

As the problem appears to be resolved this topic will be archived. :)

If you need it re-opened please send me a pm and provide a link to the thread.

Glad we could help.