[NancyJane]

Hi wannabe! I apologize for responding you via e-mail, but every now and then, I can't log onto the g2g site.

I did the scans you recommended. The first one, panda-something said it found 1 adware "Adware:/cashbar in the Windows Registry. The second scan, don't remember the name, found "70" spywares....69 of them were cookies. One was Adw_cashfiesta.a"

Next?

[Advertisements]

Hi wannabe! Just checking in to see if you've heard anything back from MS. Sorry if I'm too anxious...just wanna get this fixed. I'm still getting the paging file error on boot-up as well as when loading "heavy" websites. Again, thanks for your help! - N

[NancyJane]

Hi wannabe! Just checking in to see if you've heard anything back from MS. Sorry if I'm too anxious...just wanna get this fixed. I'm still getting the paging file error on boot-up as well as when loading "heavy" websites. Again, thanks for your help! - N

[wannabe1]

NancyJane..

Microsoft has gotten back to me, but is in denial of an update haveing caused the problem...they gave me links to all the knowledge bases we have already looked at an tried. In looking through other forums and elswhere on the net, there are more than a few references to problems like this shoeing up immediately after automatic update sessions, but I've been unable to pin it down to a single update or even narrow it down to a number small enough that we could try removing them....

The only fix I have seen that took care of the problem effectively is to format and reinstall Windows...something that I usually reserve for more serious problems...I am still looking for another solution and have even posted a topic in the Tech forum so that all the Trusted Techs might have a go at it...no takers

I haven't forgotten you and am still looking for the answer...I'd rather find a solution than just eliminate it by starting over...however, I'll leave that decision to you...

Regarding the malware the scans found...I've found nothing on them causing this problem either, but would you post me a fres HiJackThis log to look at???

wannabe1

Edited by wannabe1, 07 December 2005 - 08:14 AM.

[NancyJane]

Hi wannabe! LTNS... Sorry to get back to you so late. I've been away and haven't been able to dedicate the time to my fix. I know you've asked for a hijack log to be posted. I'm not sure what that entails, but I'll work on it. I did want to give you an update. My paging error has worsened. Now, each time I start my computer, I get an error message about my virtual memory, asking me to enlarge it via control panel (which, I still cannot manually do). Oftentimes, if I have AOL and internet up and running, AOL will shut down because my virtual memory is overloaded. So my issue is progressing nicely... Anyway, thought I'd give you the update. I'll read up on hijack this and see what I need to do. Talk soon! - N

[NancyJane]

Logfile of HijackThis v1.99.1
Scan saved at 4:26:15 PM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Nancy Abbott\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Optimum Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ToolHelper - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S4.tmp"
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Advanced Searchbar\Toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05CE4481-8015-11D3-9811-C4DA9F000000} - http://www.topmoxie....mise_moxie0.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.co...pside_web18.cab
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.netmails....ielabia/wnb.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb07.pog...aploader_v6.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[NancyJane]

Hi wannabe! I wasn't sure if you wanted my hijack log in here, or in a different forum...so I kept it all in one place.

I followed all instructions, with adaware, trojan seeker, etc. I did have quite a few files I put in quarantine; and I ran into problems with pandaware and the other virus software, I couldn't get activex controls running...probably because of my NAV (which, I ended up having to uninstall/reinstall). If you require me to move my hijack post, let me know...

Thank you again for your help!!!

Nancy

[gerryf]

I don't care for all that stuff, but nothing should be causing that....

How much harddrive space do you have left? Double click MY COMPUTER, right click your drive, and choose PROPERTIES...should get a nice pie chart showing full size and free space.

[NancyJane]

hi gerryf... What stuff don't you care for? I dont' really know what the hijack log is or its purpose. Nonetheless... I have 12.1GB used space, and 6.95GB free space.

But...more important...what have you done with wannabe?

Nancy

[NancyJane]

hi wannabe...or gerryf...someone!?! I think my time is limited... I can't seem to keep any windows open for very long, as it just shuts down. My computer is getting progressively worse. Hopefully if there is a fix, we get to it before I lose access to the site. Thanks! - N

[wannabe1]

Sorry Nancy...somehow I got unsubscribed from the topic. Probably happened while the site was experiencig some difficulties after the upgrade. Let me review a bit and I'll get back to you shortly...I have resubscribed with this reply....

wannabe1

[wannabe1]

NancyJane...

There's a couple of bits in the log that should probably be addressed. I don't see anything that serious, but I'm not an expert at HJT logs. Why don't you post a fresh log in the Malware Forum and see what they think.

I'm looking into a couple of things and will get back to you as soon as I can...

wannabe1

[wannabe1]

Hi NancyJane...

...sorry this is taking so long...the resolution is proving a bit sticky. However, I may be on to something.

Open the Norton Anti Virus, click on "Options", and untick the box next to "Start Auto Protect when Windows Starts" and confirm the change. Reboot your machine and see if you can change the size of your paging file. Reboot again and see if the pagefile retained the settings you set.

Let me know what you find.

wannabe1

[NancyJane]

Hi wannabe... Did as you said...disabled autoprotect, increased the VM size and rebooted. Still got the error messages. Went back in, and changed it from manual size to system size, rebooted. Got the error messages a second time. That didn't seem to work. If you're on to something...I hope it's soon! VM issues are closing down my windows left and right. It's getting progressively worse, unfortunately. Nonetheless, I'm thankful for your help! - Nancy

[wannabe1]

Right click My Computer, select "Properties", and then the "Advanced" tab.

Under "Performance", click "Settings". Click on the "Advanced" tab, and then on the "Change" button.

Click on the "Custom Size" button, click in the "Initial Size" box, and make the size of the page file 0. Click in the "Maximum Size" box, and make the size of the page file 0.

Click "Set".

Now reboot your machine. After your system has restarted run Disk Defragmenter from System Tools.

Once the defrag has finished, go back to the Pagefile Settings above, and click on the change button. For the initial, and maximum pagefile size make it 1.5 times the amount of ram your have. ie: If you have 512mb of ram set the page file to 768mb.

Click on the "Set" button again, and reboot your system.

Does this help?

[NancyJane]

Evenin' wannabe! Did as you said...still no good. I made my initial size 256 and my maximum size 383 (I hope those were the right numbers). Under Paging File Size for all drives "currently allocated" remains stubbornly at zero.

I did, however, notice that this is what my system information says, in case it helps:

Total Physical Memory 256.00 MB
Available Physical Memory 49.86 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 234.09 MB

Let me know what you think...thanks! - N