Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Removed Trojan with TrojanHunter 4.5 still like for you to have a look at HJT log

  1. #1
    Junior Member bigrabbit's Avatar
    Join Date
    Mar 2006
    Posts
    15

    Default Removed Trojan with TrojanHunter 4.5 still like for you to have a look at HJT log

    Hello everyone,
    First I would like to thank you for the service you provide. I was able to resolve most of my S&D questions by viewing other threads in the S&D forums. I would attempt to do the same with my HJT logs but have read in several threads that HJT logs are very "machine specific". SO......

    If you good people here would be kind enough to look at my latest HJT log, I would be very grateful. Thanks in advance for your time and efforts.

    I am currently using:
    ZoneAlarm Security Suite version:6.0.631.003
    TrueVector version:6.0.631.003
    Driver version:6.0.631.003
    Anti-virus Vet engine version:11.9.1.000
    Anti-virus signature DAT file version:11.9.9723.000
    Anti-spyware engine version:4.1.7.0
    Anti-spyware signature DAT file version:01.200603.235

    Spybot S&D teatimer version 1.4.0.2

    Spybot S&D version 1.4.0.3

    Trojan Hunter guard

    I also use AdAwareSE

    and have a Hosts file in place (mvp I believe)

    my system:
    OS Name Microsoft Windows
    Version 4.90.3000 Build 3000
    OS Manufacturer Microsoft Corporation
    System Manufacturer 00101890 XL773
    System Model 15144800000401
    System Type X86-based PC
    Processor Intel(r) Celeron(tm) processor GenuineIntel ~702 Mhz
    BIOS Version EPP revision 9.00
    Windows Directory C:\WINDOWS
    System Directory C:\WINDOWS\SYSTEM
    Boot Device \\Device\Harddisk0
    Total Physical Memory 190.45 MB
    Available Physical Memory 248.00 KB
    Total Virtual Memory 2.00 GB
    Available Virtual Memory 1.68 GB
    Page File Space 1.81 GB
    Page File C:\WINDOWS\WIN386.SWP

    And here is my latest HJT Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:59:09 PM, on 3/31/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\TROJANHUNTER 4.5\THGUARD.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\WUAUBOOT.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\HJT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.5\THGUARD.EXE"
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

    Again any help would be greatly appreciated
    Many Thanks to you all for the info I have already gleaned from this site.
    Thanks for your time and efforts, they are appreciated more than you know.
    BigRabbit

  2. #2
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    Hi

    Your log's clean...

    It's not very often someone posts as much information about their system as you have

    This does not look right to me ...

    Total Physical Memory 190.45 MB
    Available Physical Memory 248.00 KB

    For a start your RAM is all but used up & this will cause your system to run slow...

    Also your total RAM says 190.45 MB

    I presume you have 2 sticks .. 1 @ 128 & 1 @ 64 ... this would make 192.00 MB

    Unless this is a quirk of the winME o\s the total RAM should say 192.00 MB

    You may have faulty ram stick, do you get the occasional freeze or blue screen ?

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  3. #3
    Junior Member bigrabbit's Avatar
    Join Date
    Mar 2006
    Posts
    15

    Default

    Thank you!!!

    I am relieved to know that my HJT Log is clean.

    I will take a look at the memory settings.

    You are correct about the memory sticks. One is 128, one 64.

    Yes I do get occasional freezes and blue screens. System resources seem to degrade after using box for awhile.

    Any suggestions about the memory issue would be appreciated greatly.

    Thanks again for all of your help and the prompt response.
    Thanks for your time and efforts, they are appreciated more than you know.
    BigRabbit

  4. #4
    Junior Member bigrabbit's Avatar
    Join Date
    Mar 2006
    Posts
    15

    Default Postscript

    Did I post too much system information?
    Thanks for your time and efforts, they are appreciated more than you know.
    BigRabbit

  5. #5
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    Quote Originally Posted by bigrabbit
    Did I post too much system information?
    No...not at all ... usually we have to prize information out of posters, it was refreshing to see someone post their specs, without having to be asked, quite often we are not even told what operating system is being used

    If someone is getting freezes and blue screens, one of the first things to look at is the RAM...

    Now that you say you are getting these, I would definitely suspect the RAM...

    If you hadn't posted all that info, then we would not have seen the possible problem...

    You could try taking one stick out and running on just one... see if you still get freezes or blue screens ... check the system info with just one stick ... see if it shows the full amount ... 128 or 64 ...

    I'm not sure whether WinME will run on 64 MB ... if it doesn't, then you'll just need to put the other stick back and reboot...

    XP will just about run on 128 MB ... but not on 64 MB

    Win 98 will run OK on 64 MB

    WinME ?

    Make sure the power is switched off when you remove the case, and touch the case (to discharge any static) before you touch the RAM, or any other components.
    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  6. #6
    Junior Member bigrabbit's Avatar
    Join Date
    Mar 2006
    Posts
    15

    Default Thanks SteamWiz

    I will try your suggestion.

    You at thank the guys at GRC Newsgroups for the complete info.

    I lurk there a lot and occasionally post when I have issues with my machine.

    I am a novice but can usually take a hint and they have educated me somewhat about what it is like to voluntarily help folks like myself without any info to work with.

    Thanks for the reminder about discharging the static. I rarely go inside the box so the reminder is appreciated.

    I adjusted my page file space in the advanced settings of computer properties. I did that once before to resolve some memory issues but I still see that my Total physical memory is still the same.

    here are my new specs on memory:
    Total Physical Memory 190.45 MB
    Available Physical Memory 228.00 KB
    Total Virtual Memory 1.16 GB
    Available Virtual Memory 883.43 MB
    Page File Space 1,000.00 MB
    Page File C:\WIN386.SWP

    Do you think I have my Page File space set too large or too small?
    any suggestions appreciated.
    THANKS AGAIN!!!!!!!
    Thanks for your time and efforts, they are appreciated more than you know.
    BigRabbit

  7. #7
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    Hi

    The pagefile or swapfile, is sometimes referred to as virtual memory, actually it is a way of extending RAM and creating extra memory on your computer... The pagefile is used to swap memory in and out of RAM, the pagefile + the RAM goes up to make the virtual memory.

    Increasing the pagefile will have no effect on the physical memory, as they are two different things

    pagefile + RAM = virtual memory

    The default, or recommended, paging file size is equal to 1.5 times the total RAM

    In your case the pagefile size would be 288 MB ... BUT...

    IF you had say 512 MB RAM, then the page file would probably never be used, and you could keep the amount low...

    Your RAM is being fully used, and you are using about 120 MB of the pagefile, If you were to open a few more programs, then the amount of pagefile you would need would probably exceed the recommended 288 MB, causing you problems...

    Too low a pagefile size will cause problems...

    Too big a pagefile will cause NO problems, but possible waste harddrive space....

    If you are happy with it set at 1,000 MB then leave it there...

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  8. #8
    Junior Member bigrabbit's Avatar
    Join Date
    Mar 2006
    Posts
    15

    Thumbs up Thanks SteamWiz

    I did as you suggested and it would seem that the 128 stick is bad. when I pulled the 64 stick I still showed the same shortage. It seems logical to me that if it were a windows ME fluke the shortage would have been proportionately smaller but it was not. Of course my assumption of logic does not neccesarily apply to Windows ME. perhaps there is a set amount taken off the top for the maintainance of system restore for example. I don't know that, just postulating. Anyway, I may buy another 128 stick and see if that remedies the problem. If not then I will at least have more RAM to work with. Thanks again
    Thanks for your time and efforts, they are appreciated more than you know.
    BigRabbit

  9. #9
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    Did you try to boot with just the 64 MB stick ?

    If so, did it show the full 64 MB ?

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  10. #10
    Junior Member bigrabbit's Avatar
    Join Date
    Mar 2006
    Posts
    15

    Default afraid to do that

    I feared pulling the 64 stick since as you said my RAM was all but used up. do you think I should try it and if so should I go into msconfig startup and limit startup items?

    Thanks again steamwiz
    Thanks for your time and efforts, they are appreciated more than you know.
    BigRabbit

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •