[gerryf]

I have been reticent to drop into this thread since JR has been on the ball, but if I may step in for a moment...you are using an old version of hijackthis....if you could download a newer one from a different machine and copy it to a floppy and put it on here, then post a new log, I would be glad to take a look....in the meantime, I am going to backtrack and read this thread from start to finish

[Advertisements]

Hey Ger,
How's it going....as in from one of the recent e-mails...I know that I have the old version of HiJackThis...I can't download anything on this computer right now. I can post another HiJackThis from the old version right now. I really want to get my computer fixed.
I would download the newier version, but not until after this ActiveX is fixed. I am running Windows 2000. I am also have trouble with my Paint, and everytime I open it, this is what comes up:
Windows - Virtual Memory Minimum Too Low
Your system is low on virtual memory. WIndows is increasiing hte size of your virtual memory paging file. During this process, memory requestsfor some applications may be denied. For more information, see help. ok
I don't know if there is anything else wrong with this computer. On April 22, 2005 I had about 7 virus's and I think they were Trojan's. I ran AVG. After I did that, I unistalled Msn Messenger & Yahoo and I tried to re-install it, and that's when I noticed that I can't download anything.

[liloltiredblood]

Hey Ger,
How's it going....as in from one of the recent e-mails...I know that I have the old version of HiJackThis...I can't download anything on this computer right now. I can post another HiJackThis from the old version right now. I really want to get my computer fixed.
I would download the newier version, but not until after this ActiveX is fixed. I am running Windows 2000. I am also have trouble with my Paint, and everytime I open it, this is what comes up:
Windows - Virtual Memory Minimum Too Low
Your system is low on virtual memory. WIndows is increasiing hte size of your virtual memory paging file. During this process, memory requestsfor some applications may be denied. For more information, see help. ok
I don't know if there is anything else wrong with this computer. On April 22, 2005 I had about 7 virus's and I think they were Trojan's. I ran AVG. After I did that, I unistalled Msn Messenger & Yahoo and I tried to re-install it, and that's when I noticed that I can't download anything.

[gerryf]

can you download with another computer and use a floppy to move it over to this one?

[liloltiredblood]

Sorry, no can do, this is the only computer I have right now....I tried to download the HiJackThis at my school...but that didn't work either...but I ran HiJackThis....from the old version and here it is....

Logfile of HijackThis v1.98.2
Scan saved at 9:26:53 PM, on 26/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nativeweb.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab

I am going to go back to my class and I'll get a disc and see if I can download the new version of HiJackThis and see if that will work...do you thinkyou can send me the link to it....I always have a hard time finding it...

[gerryf]

what occurs when you click on the link below?

http://www.thecomput.../hijackthis.zip

[liloltiredblood]

When I click on the link here at home this is what it says

Security Alert
Your current settings do not allow this file to be downloaded

[gerryf]

all right, from within IE, I want you to OPEN TOOLS > INTERNET OPTIONS, go to the SECURITY tab, choose INTERNET, then click DEFAULT button.

Next, click on the GENERAL tab, select DELETE FILES tab.

This could take a while

Next, I want you to close everything, then double click MY COMPUTER, choose your main drive, right click choose PROPERTIES...how much open space?

Next, close all then right click MY COMPUTER, choose MANAGE, then choose SERVICES AND APPLICATIONS, then SERVICES, then click ACTION, EXPORT REPORT. Export it as a csv file to your desktop, then open it in notepad and cut and paste here

[liloltiredblood]

hola, can you understand what I have just pasted?? looks difficult to read. anyhow i always clean temporary internet files and cookies and history.
I closed everything and than I checked how much space I had and it
Used Space: 3.38 GB
Free Space: 15.2 GB
Than there is the last part at the bottem...


Name Description Status Startup Type Log On As
Alerter Notifies selected users and computers of administrative alerts. Manual LocalSystem
Application Management Provides software installation services such as Assign, Publish, and Remove. Started Manual LocalSystem
Automatic Updates Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Started Automatic LocalSystem
AVG7 Alert Manager Server Started Automatic LocalSystem
AVG7 Update Service Started Automatic LocalSystem
Background Intelligent Transfer Service Transfers files in the background using idle network bandwidth. If the service is disabled, then any functions that depend on BITS, such as Windows Update or MSN Explorer will be unable to automatically download programs and other information. Manual LocalSystem
ClipBook Supports ClipBook Viewer, which allows pages to be seen by remote ClipBooks. Manual LocalSystem
COM+ Event System Provides automatic distribution of events to subscribing COM components. Started Manual LocalSystem
Computer Browser Maintains an up-to-date list of computers on your network and supplies the list to programs that request it. Automatic LocalSystem
DHCP Client Manages network configuration by registering and updating IP addresses and DNS names. Started Automatic LocalSystem
Distributed Link Tracking Client Sends notifications of files moving between NTFS volumes in a network domain. Started Automatic LocalSystem
Distributed Transaction Coordinator Coordinates transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers. Manual LocalSystem
DNS Client Resolves and caches Domain Name System (DNS) names. Started Automatic LocalSystem
Event Log Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer. Started Automatic LocalSystem
Fax Service Helps you send and receive faxes Manual LocalSystem
Indexing Service Manual LocalSystem
Internet Connection Sharing Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. Manual LocalSystem
IPSEC Policy Agent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Started Automatic LocalSystem
Logical Disk Manager Logical Disk Manager Watchdog Service Started Automatic LocalSystem
Logical Disk Manager Administrative Service Administrative service for disk management requests Manual LocalSystem
Messenger Sends and receives messages transmitted by administrators or by the Alerter service. Disabled LocalSystem
Net Logon Supports pass-through authentication of account logon events for computers in a domain. Manual LocalSystem
NetMeeting Remote Desktop Sharing Allows authorized people to remotely access your Windows desktop using NetMeeting. Manual LocalSystem
Network Connections Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Started Manual LocalSystem
Network DDE Provides network transport and security for dynamic data exchange (DDE). Manual LocalSystem
Network DDE DSDM Manages shared dynamic data exchange and is used by Network DDE Manual LocalSystem
NT LM Security Support Provider Provides security to remote procedure call (RPC) programs that use transports other than named pipes. Manual LocalSystem
Performance Logs and Alerts Configures performance logs and alerts. Manual LocalSystem
Plug and Play Manages device installation and configuration and notifies programs of device changes. Started Automatic LocalSystem
Portable Media Serial Number Service Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Manual LocalSystem
Print Spooler Loads files to memory for later printing. Started Automatic LocalSystem
Protected Storage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Started Automatic LocalSystem
QoS RSVP Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. Manual LocalSystem
Remote Access Auto Connection Manager Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Manual LocalSystem
Remote Access Connection Manager Creates a network connection. Started Manual LocalSystem
Remote Procedure Call (RPC) Provides the endpoint mapper and other miscellaneous RPC services. Started Automatic LocalSystem
Remote Procedure Call (RPC) Locator Manages the RPC name service database. Manual LocalSystem
Remote Registry Service Allows remote registry manipulation. Started Automatic LocalSystem
Removable Storage Manages removable media, drives, and libraries. Started Automatic LocalSystem
Routing and Remote Access Offers routing services to businesses in local area and wide area network environments. Disabled LocalSystem
RunAs Service Enables starting processes under alternate credentials Started Automatic LocalSystem
Security Accounts Manager Stores security information for local user accounts. Started Automatic LocalSystem
Server Provides RPC support and file, print, and named pipe sharing. Started Automatic LocalSystem
Smart Card Manages and controls access to a smart card inserted into a smart card reader attached to the computer. Manual LocalSystem
Smart Card Helper Provides support for legacy smart card readers attached to the computer. Manual LocalSystem
Still Image Service Started Automatic LocalSystem
System Event Notification Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Started Automatic LocalSystem
Task Scheduler Enables a program to run at a designated time. Started Automatic LocalSystem
TCP/IP NetBIOS Helper Service Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Started Automatic LocalSystem
Telephony Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. Started Manual LocalSystem
Telnet Allows a remote user to log on to the system and run console programs using the command line. Manual LocalSystem
Uninterruptible Power Supply Manages an uninterruptible power supply (UPS) connected to the computer. Manual LocalSystem
Utility Manager Starts and configures accessibility tools from one window Manual LocalSystem
Windows Installer Installs, repairs and removes software according to instructions contained in .MSI files. Manual LocalSystem
Windows Management Instrumentation Provides system management information. Started Automatic LocalSystem
Windows Management Instrumentation Driver Extensions Provides systems management information to and from drivers. Started Manual LocalSystem
Windows Time Sets the computer clock. Manual LocalSystem
Wireless Configuration Provides authenticated network access control using IEEE 802.1x for wired and wireless Ethernet networks. Manual LocalSystem
WMDM PMSP Service Started Automatic LocalSystem
Workstation Provides network connections and communications. Started Automatic LocalSystem

[gerryf]

given a choice I would rather not read those....takes too long

OK, nothing there that explains this issue.


Start > Run, type
regedit

navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

On the right, doubleclick
IsInstalled
change the vaue from 1 to 0
exit regedit

Open MY COMPUTER,
choose your C drive,
choose winnt,
choose windows update files

locate ie6setup.exe...double click, sit back, let it reinstall

[liloltiredblood]

Hey,
I after I think after I clicked on the Default on Internet....and what ever else I did, I was able to check my hotmail....but i closed it right away and I downloaded the spyware and that shredder thing under neath your name....I did try to download the new version of HiJackThis, but why is it in Zip file??? I don't have that Zip thing...isn't there another way of downloading it?? I had already un-installed the old version of HiJackThis....was that bad too do????

[liloltiredblood]

oh yeah, sorry another thing...i still want to download msn messenger and yahoo messenger...i tried to go into msn messneger to download and all i get is a blank page...its completley white...i think its ok for the yahoo though...just the msn messenger I am having problems downloading

[gerryf]

http://www.thecomput.../hijackthis.exe

try that

[liloltiredblood]

ok, i downloaded the new version of the HiJackThis and I did a scan and here it is...is there anything i should fix or don't need??? Can I delete the file that I saved on my desktop the "csv file"??? I am stll having trouble with the "paint" But I guess we are going to do one thing at a time???
read from you laterz...jus me TB



Logfile of HijackThis v1.99.1
Scan saved at 3:04:33 AM, on 27/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay10...es/MsnPUpld.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

[gerryf]

yep, one step at a time....believe i or not, your hijack log looks ok, so let's move on to that paint issue.

Right click MY COMPUTER, choose PROPERTIES, choose ADVANCED, choose PERFORMANCE button in PERFORMANCE settings, and hit the CHANGE button under VIRTUAL MEMORY. Change the MAXIMUM to equal the SPACE AVAILABLE you will see listed above.

Then reboot.

Then check windows update...work?

[-=jonnyrotten=-]

Sorry, I didn't mean to abandon you, I've been busy the past couple of days. It looks like gerryf has this under control now though. It's a good thing because I was starting to run out of ideas. Anyways, I'll keep checking back on the progress and with new ideas I get. Good luck!

-=jonnyrotten=-