1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

win98se locking up, spastic mouse/windows, multiple running instances kernel32.dll

Discussion in 'Earlier Versions of Windows' started by 1TxLady, Apr 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. 1TxLady

    1TxLady Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    6
    helppppppppp ............ not technically challenged just mystified

    Running 98se with all current microsoft patches
    Do have one 256 ram card not being recognized but other one is working.... so that is only known hardware issue.....

    I have run in last two days.......
    ran multiple antivirus programs including but not limited to AVG, Housecalls, Panda
    ran multiple Trojan / adware vendor scans
    cleaned registry
    ran SFC utility
    cleaned out dead files, registry entries, etc.
    emptied all tmp files and objects via Windows/Temp and file search *.tmp
    emptied cookies (is done at reach reboot automatically but i also do while browsing)
    strengthened cookie handling parameters vie IE and ZA
    scan disk
    defrag
    uninstalled and reinstalled ram cards (no easy feat on an HP Pav)
    ran hijack this ( scan log attached)
    I do run a firewall ..... ZA
    ran Internet Explorer Repair (twice)
    Uninstalled and reinstalled any potentially suspect applications
    Uninstalled MS JAVA and installed SUN JAVA ( re post i saw here somewhere this week)


    Symptoms as follows:

    1. usb mouse drags..... i.e. .. feels heavy .. reinstalled updated driver .. didn't help

    2. getting multiple program crashes in applications or "unable to load" errors

    3. getting invalid page faults, GPF errors ( kernel 32 usually), mmtask.exe errors ( today) .. deleted mmtask.exe

    4. intermittent .... and i do mean intermittent..... clicking upon rebooting

    5. mouse goes spastic ..

    6. multiple instances of programs open and continue opening or windows flash ( like ms message OS windows asking you what you want to do, close app, etc.) ... when this occurs and i attempt to reboot .. popup from tray for start .. reboot .. does not pop up but pc does a " restart" when i try to access shut down on start panel

    7. in chat programs.. ( messenger, icq, yahoo, halsoft) all of a sudden all my typing goes "vertical" .... may be 3 hours or 3 minutes before this occurs after a fresh reboot .. shutdown... not restart ....



    HIJACK THIS scan log below ... for some ungodly reason have multiple instances of kernel32.dll running and are not even all the same file (dif dates)


    Last accessed: 4/11/04
    Last modified: 3/24/04 6:50:18 PM

    #:7 [C:\WINDOWS\SYSTEM\mmtask.tsk]
    File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
    ProcessID: 4294852005
    Threads: 1
    Priority: Normal
    File Size: 460 KB
    Version: 4.10.0.2222
    File Version: 4.10.2222
    Product Version: 4.10.2222
    Copyright: Copyright (C) Microsoft Corp. 1991-1999
    Company Name: Microsoft Corporation
    File Description: Win32 Kernel core component
    Internal Name: KERNEL32
    Original Filename: KERNEL32.DLL
    Product Name: Microsoft(R) Windows(R) Operating System
    Created on: 3/24/04 6:50:17 PM
    Last accessed: 4/11/04
    Last modified: 4/23/99 10:22:00 PM

    #:8 [C:\WINDOWS\SYSTEM\MSGLOOP.EXE]
    File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
    ProcessID: 4294849925
    Threads: 1
    Priority: Normal
    File Size: 460 KB
    Version: 4.10.0.2222
    File Version: 4.10.2222
    Product Version: 4.10.2222
    Copyright: Copyright (C) Microsoft Corp. 1991-1999
    Company Name: Microsoft Corporation
    File Description: Win32 Kernel core component
    Internal Name: KERNEL32
    Original Filename: KERNEL32.DLL
    Product Name: Microsoft(R) Windows(R) Operating System
    Created on: 3/24/04 6:50:17 PM
    Last accessed: 4/11/04
    Last modified: 4/23/99 10:22:00 PM

    #:9 [C:\WINDOWS\SYSTEM\MSG32.EXE]
    File Path: C:\WINDOWS\SYSTEM\MSG32.EXE
    ProcessID: 4294855901
    Threads: 1
    Priority: Real Time
    File Size: 16 KB
    Version: 4.5.0.2112
    File Version: 4.05.00.2112
    Product Version: 4.05.00.2112
    Copyright: Copyright © Rockwell Corporation 1996-1998.
    Company Name: Rockwell Corporation
    File Description: Rockwell WaveStream Message Server
    Internal Name: MSGLOOP.EXE
    Original Filename: MSGLOOP.EXE
    Product Name: WaveStream\Endless Wave
    Created on: 1/30/01 8:07:44 PM
    Last accessed: 4/11/04
    Last modified: 5/24/99 6:39:04 PM

    #:10 [C:\WINDOWS\TASKMON.EXE]
    File Path: C:\WINDOWS\TASKMON.EXE
    ProcessID: 4294778241
    Threads: 1
    Priority: Normal
    File Size: 28 KB
    Version: 4.10.0.1998
    File Version: 4.10.1998
    Product Version: 4.10.1998
    Copyright: Copyright (C) Microsoft Corp. 1998
    Company Name: Microsoft Corporation
    File Description: Task Monitor
    Internal Name: TaskMon
    Original Filename: TASKMON.EXE
    Product Name: Microsoft(R) Windows(R) Operating System
    Created on: 1/30/01 8:07:44 PM
    Last accessed: 4/11/04
    Last modified: 4/23/99 10:22:00 PM

    #:11 [C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]
    File Path: C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    ProcessID: 4294834941
    Threads: 1
    Priority: Normal
    File Size: 51 KB
    Version: 1.7.0.0
    File Version: 1, 7, 0, 0
    Product Version: 1, 7, 0, 0
    Copyright: Copyright © 1998
    Company Name: Hewlett-Packard Company
    File Description: hpsysdrv
    Internal Name: hpsysdrv
    Original Filename: hpsysdrv.exe
    Product Name: hpsysdrv
    Created on: 11/17/99 5:13:22 AM
    Last accessed: 4/11/04
    Last modified: 5/7/98 9:04:38 AM

    #:12 [C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE]
    File Path: C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
    ProcessID: 4294822733
    Threads: 5
    Priority: Normal
    File Size: 292 KB
    Version: 7.0.0.221
    File Version: 7,0,0,221
    Product Version: 7.0.0.221
    Copyright: Copyright © 2004, GRISOFT, s.r.o.
    Company Name: GRISOFT, s.r.o.
    File Description: AVG Control Center
    Internal Name: AvgCC
    Original Filename: AvgCC.EXE
    Product Name: AVG Anti-Virus System
    Created on: 3/24/04 6:50:18 PM
    Last accessed: 4/11/04
    Last modified: 3/24/04 6:50:20 PM

    #:13 [C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE]
    File Path: C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
    ProcessID: 4294829221
    Threads: 18
    Priority: Normal
    File Size: 182 KB
    Version: 7.0.0.225
    File Version: 7,0,0,225
    Product Version: 7.0.0.225
    Copyright: Copyright © 2004, GRISOFT, s.r.o.
    Company Name: GRISOFT, s.r.o.
    File Description: AVG E-Mail Scanner
    Internal Name: avgemc
    Original Filename: avgemc.exe
    Product Name: AVG Anti-Virus System
    Created on: 3/24/04 6:50:19 PM
    Last accessed: 4/11/04
    Last modified: 3/24/04 6:50:20 PM

    #:14 [C:\WINDOWS\RunDLL.exe]
    File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
    ProcessID: 4294804865
    Threads: 1
    Priority: Normal
    File Size: 460 KB
    Version: 4.10.0.2222
    File Version: 4.10.2222
    Product Version: 4.10.2222
    Copyright: Copyright (C) Microsoft Corp. 1991-1999
    Company Name: Microsoft Corporation
    File Description: Win32 Kernel core component
    Internal Name: KERNEL32
    Original Filename: KERNEL32.DLL
    Product Name: Microsoft(R) Windows(R) Operating System
    Created on: 3/24/04 6:50:19 PM
    Last accessed: 4/11/04
    Last modified: 4/23/99 10:22:00 PM

    #:15 [C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE]
    File Path: C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    ProcessID: 4294728373
    Threads: 6
    Priority: Normal
    File Size: 401 KB
    Version: 3.7.98.0
    File Version: 3.7.098
    Product Version: 3.7.098
    Copyright: Copyright © 1998-2003, Zone Labs Inc.
    Company Name: Zone Labs Inc.
    File Description: ZoneAlarm Pro
    Internal Name: zapro
    Original Filename: zapro.exe
    Product Name: ZoneAlarm Pro
    Created on: 3/19/03 10:55:50 PM
    Last accessed: 4/11/04
    Last modified: 2/14/03 1:54:02 PM

    #:16 [C:\WINDOWS\SYSTEM\DDHELP.EXE]
    File Path: C:\WINDOWS\SYSTEM\DDHELP.EXE
    ProcessID: 4294623121
    Threads: 2
    Priority: Real Time
    File Size: 32 KB
    Version: 4.9.0.900
    File Version: 4.09.00.0900
    Product Version: 4.09.00.0900
    Copyright: Copyright © Microsoft Corp. 1994-2002
    Company Name: Microsoft Corporation
    File Description: Microsoft DirectX Helper
    Internal Name: DDHelp.exe
    Original Filename: DDHelp.exe
    Product Name: Microsoft® DirectX for Windows®
    Created on: 4/16/03 12:38:18 PM
    Last accessed: 4/11/04
    Last modified: 12/12/02 12:14:32 AM

    #:17 [C:\WINDOWS\SYSTEM\PSTORES.EXE]
    File Path: C:\WINDOWS\SYSTEM\PSTORES.EXE
    ProcessID: 4294765365
    Threads: 3
    Priority: Normal
    File Size: 79 KB
    Version: 5.0.1877.3
    File Version: 5.00.1877.3
    Product Version: 5.00.1877.3
    Copyright: Copyright (C) Microsoft Corp. 1981-1998
    Company Name: Microsoft Corporation
    File Description: Protected storage server
    Internal Name: Protected storage server
    Original Filename: Protected storage server
    Product Name: Microsoft(R) Windows NT(R) Operating System
    Created on: 4/16/03 12:38:18 PM
    Last accessed: 4/11/04
    Last modified: 4/23/99 10:22:00 PM

    #:18 [C:\WINDOWS\EXPLORER.EXE]
    File Path: C:\WINDOWS\EXPLORER.EXE
    ProcessID: 4294770169
    Threads: 17
    Priority: Normal
    File Size: 176 KB
    Version: 4.72.3110.1
    File Version: 4.72.3110.1
    Product Version: 4.72.3110.1
    Copyright: Copyright (C) Microsoft Corp. 1981-1997
    Company Name: Microsoft Corporation
    File Description: Windows Explorer
    Internal Name: explorer
    Original Filename: EXPLORER.EXE
    Product Name: Microsoft(R) Windows NT(R) Operating System
    Created on: 4/16/03 12:38:18 PM
    Last accessed: 4/11/04
    Last modified: 4/23/99 10:22:00 PM

    #:19 [C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE]
    File Path: C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE
    ProcessID: 4294628625
    Threads: 4
    Priority: Normal
    File Size: 404 KB
    Version: 1.0.0.1
    File Version: 1, 0, 0, 1
    Product Version: 1, 0, 0, 1
    Copyright: Copyright (C) 2003
    Company Name: ,
    File Description: HiJack MFC Application
    Internal Name: System Hijack Scanner
    Original Filename: HiJackNT.EXE
    Product Name: System Hijack Scanner
    Created on: 5/14/03 8:19:48 PM
    Last accessed: 4/11/04
    Last modified: 5/14/03 8:19:48 PM



    System Hijack Scanner Entries:
    ---------------

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main, window title=Microsoft Internet Explorer provided by Verizon Online
    R2 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, Default=http://home.microsoft.com/access/autosearch.asp?p=%s
    O3 - ToolBar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
    O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
    O4 - Start Up: C:\WINDOWS\Start Menu\Programs\StartUp\MRU-Blaster Scheduler.lnk
    O4 - Start Up: C:\WINDOWS\Start Menu\Programs\StartUp\MRU-Blaster Silent Clean.lnk
    O4 - Global Start Up: C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm Pro.lnk
    O5 - control.ini [don't load]: snd.cpl=no
    O5 - control.ini [don't load]: joystick.cpl=no
    O5 - control.ini [don't load]: midimap.drv=no
    O8 - Extra Context Menu Items: &NeoTrace It! -
    O9 - Extra Button: Related - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
    O9 - Extra Tools Menu Item: Show &Related Links - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
    O11 - Options Group: [JAVA_SUN] Java (Sun)
    O12 - Plugin For .spop - C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone:http://*.verizon.net
    O15 - Trusted Zone: https://www.verizon.net
    O15 - Trusted Zone: *://www.verizon.net
    O15 - Trusted Zone: http://www.excite.com
    O15 - Trusted Zone: http://graphicsbycitygirl2.0catch.com
    O15 - Trusted Zone: https://www.acninc.net
    O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} (CV3 Class) - http://windowsupdate.microsoft.com/R848/V31Controls/x86/w98/en/actsetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.telcopoint.com/distro/hmvcfe.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37887.0236921296
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: ChatClient ((no name)) - http://216.126.214.195/taw/chat/ChatClient.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gateway.com/support/profiler/PCPitStop.CAB
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
    O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
    O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
    O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll
    O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
    O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
    O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
    O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX

    your input valued
     
  2. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    you may need to re-install Windows.

    First backup all your sensitive data:

    Backup all your Sensitive Data (Internet Explorer Favorites; Netscape Bookmarks, Address Book and Netscape Mail Folders; Outlook Express Address Books and Folders (compress any Netscape Mail or Outlook Express folders first) letters, pictures, databases, spreadsheets, music, etc.) to removable media for restoring later.

    Please the printable attachment for more information.
     

    Attached Files:

  3. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Looking at the O5 and O18 entries, did YOU make these changes and/or are you aware of them?

    Let's not get excited about re-installing Windows......yet.
     
  4. 1TxLady

    1TxLady Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    6
    to answer the first post ...... ughhhhhh Reformat !! but if i have to .... ok


    and to answer 2nd post .. no .. i did not make those entries . .. 005 , 018
     
  5. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Sorry for the delay, I was out for a few hours.

    Since O18 entries are very rare, and HJT creates back-ups, I'm going to suggest that we have HJT fix them. Let's try the O18's first and then the O5's if that doesn't help. It looks like the O5's are disable your sound. Not sure why???

    In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
    Next, close all browser Windows, and have HT fix all checked.

    O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
    O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
    O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
    O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll
    O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
    O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
    O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
    O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
    O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX



    Reboot


    Now download Spybot - Search & Destroy (if you haven't got the program installed already)

    After installing, first press Online, and search for, put a check mark at, and install all updates.

    Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

    Reboot

    Last, run HJT again and post your log again to see if anything was missed.

    Thanks
     
  6. 1TxLady

    1TxLady Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    6
    ty so much for your time and effort :) particularly since i view reformat as a four letter word!!!

    I downloaded, installed, configured and ran the latest versions of adaware and spybot prior to your post and have run both .... cleaning many registry entries I had missed in my search and destroy mission.

    I will follow your protocol above and report back with a new hijack log. That will clear the 018 issues hopefully.

    As for the 005 entries .....??????? and yes my sound is impacted but was the least of my worries :) :eek:
     
  7. 1TxLady

    1TxLady Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    6
    Log file attached....

    when i ran hijack the first time this evening, there were also no 005 or 018 entries .. and as you can see there are none now. The only log entry I question now is:

    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

    AND........I cannot get into my webmail acct at Excite since installing and runnin Spybot. I told Spybot to ignore... and is checked as excluded... but i still cannot sign in. I reset activex to ask permission and enabled java much as i did not want to, it let me in once , but not a second time after rebooting.

    On another note: ..... as i said in first post, I uninstalled ms java and installed sun java per a post here ... followed instructions to " T" ....... however, some web pages with graphics and anfy java do not display at all ? Is there a corruption in the Sun program i downloaded or? As I understood it, it should not matter with the Sun Java.

    Logfile of HijackThis v1.97.7
    Scan saved at 12:53:04 AM, on 4/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSGLOOP.EXE
    C:\WINDOWS\SYSTEM\MSG32.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\MEM MAX\MMDAEMON.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
    O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Control Pad (HKLM)
    O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
    O9 - Extra button: TREND MICRO HouseCall (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: www.verizon.net
    O15 - Trusted Zone: http://www.excite.com
    O15 - Trusted Zone: http://graphicsbycitygirl2.0catch.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.telcopoint.com/distro/hmvcfe.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37887.0236921296
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: ChatClient - http://216.126.214.195/taw/chat/ChatClient.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
    O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    Again......... ty so much for your assistance on this holiday !!
     
  8. Styxx

    Styxx Banned

    Joined:
    Sep 8, 2001
    Messages:
    4,888
    On the Java issue and not being able to login to certain sites. Part of that issue may be Zone Alarm (ZA) related. Be sure ZA is not set to restrict certain sites. There is no difference. Java is all by Sun. If you have incorrectly uninstalled it reverse that uninstall. In Control Panel open the Java control panel; re-enable Internet Explorer by re-ticking the option. You mightttry using the latest Netscape browser from http://channels.netscape.com/ns/browsers/default.jsp

    ***

    Ensure your Internet Explorer browser is properly configured, not too strictly:

    Open Internet Explorer (IE); Tools menu; Internet Options; Advanced tab; Click the Restore Defaults button; Click Apply; Click Ok. Close IE.

    Open (IE); Click the Tools menu; Point to Internet Options; Click the Security tab; Click the Default Level button; Click Apply; Click Ok. Close IE.

    Open IE; Click the Tools menu; Internet Options; Click the Security tab; Click the Custom Level button; Click Apply; Click Ok. Close IE. Start IE as desired.
     
  9. 1TxLady

    1TxLady Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    6
    did redownload and reinstall Sun Java .. changed IE options... resetting IE Java options allowed me to view my web mail .. but.. still does not show java enhanced graphics on some sites.. one of which being my own paintshop with graphics that are java enhanced.....and truly do appreciate the suggestion of Netscape but I gave up on Netscape long ago :)
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - win98se locking spastic
  1. Jelieber
    Replies:
    0
    Views:
    232
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219394

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice