helppppppppp ............ not technically challenged just mystified
Running 98se with all current microsoft patches
Do have one 256 ram card not being recognized but other one is working.... so that is only known hardware issue.....
I have run in last two days.......
ran multiple antivirus programs including but not limited to AVG, Housecalls, Panda
ran multiple Trojan / adware vendor scans
cleaned registry
ran SFC utility
cleaned out dead files, registry entries, etc.
emptied all tmp files and objects via Windows/Temp and file search *.tmp
emptied cookies (is done at reach reboot automatically but i also do while browsing)
strengthened cookie handling parameters vie IE and ZA
scan disk
defrag
uninstalled and reinstalled ram cards (no easy feat on an HP Pav)
ran hijack this ( scan log attached)
I do run a firewall ..... ZA
ran Internet Explorer Repair (twice)
Uninstalled and reinstalled any potentially suspect applications
Uninstalled MS JAVA and installed SUN JAVA ( re post i saw here somewhere this week)
Symptoms as follows:
1. usb mouse drags..... i.e. .. feels heavy .. reinstalled updated driver .. didn't help
2. getting multiple program crashes in applications or "unable to load" errors
3. getting invalid page faults, GPF errors ( kernel 32 usually), mmtask.exe errors ( today) .. deleted mmtask.exe
4. intermittent .... and i do mean intermittent..... clicking upon rebooting
5. mouse goes spastic ..
6. multiple instances of programs open and continue opening or windows flash ( like ms message OS windows asking you what you want to do, close app, etc.) ... when this occurs and i attempt to reboot .. popup from tray for start .. reboot .. does not pop up but pc does a " restart" when i try to access shut down on start panel
7. in chat programs.. ( messenger, icq, yahoo, halsoft) all of a sudden all my typing goes "vertical" .... may be 3 hours or 3 minutes before this occurs after a fresh reboot .. shutdown... not restart ....
HIJACK THIS scan log below ... for some ungodly reason have multiple instances of kernel32.dll running and are not even all the same file (dif dates)
Last accessed: 4/11/04
Last modified: 3/24/04 6:50:18 PM
#:7 [C:\WINDOWS\SYSTEM\mmtask.tsk]
File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
ProcessID: 4294852005
Threads: 1
Priority: Normal
File Size: 460 KB
Version: 4.10.0.2222
File Version: 4.10.2222
Product Version: 4.10.2222
Copyright: Copyright (C) Microsoft Corp. 1991-1999
Company Name: Microsoft Corporation
File Description: Win32 Kernel core component
Internal Name: KERNEL32
Original Filename: KERNEL32.DLL
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 3/24/04 6:50:17 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:8 [C:\WINDOWS\SYSTEM\MSGLOOP.EXE]
File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
ProcessID: 4294849925
Threads: 1
Priority: Normal
File Size: 460 KB
Version: 4.10.0.2222
File Version: 4.10.2222
Product Version: 4.10.2222
Copyright: Copyright (C) Microsoft Corp. 1991-1999
Company Name: Microsoft Corporation
File Description: Win32 Kernel core component
Internal Name: KERNEL32
Original Filename: KERNEL32.DLL
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 3/24/04 6:50:17 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:9 [C:\WINDOWS\SYSTEM\MSG32.EXE]
File Path: C:\WINDOWS\SYSTEM\MSG32.EXE
ProcessID: 4294855901
Threads: 1
Priority: Real Time
File Size: 16 KB
Version: 4.5.0.2112
File Version: 4.05.00.2112
Product Version: 4.05.00.2112
Copyright: Copyright © Rockwell Corporation 1996-1998.
Company Name: Rockwell Corporation
File Description: Rockwell WaveStream Message Server
Internal Name: MSGLOOP.EXE
Original Filename: MSGLOOP.EXE
Product Name: WaveStream\Endless Wave
Created on: 1/30/01 8:07:44 PM
Last accessed: 4/11/04
Last modified: 5/24/99 6:39:04 PM
#:10 [C:\WINDOWS\TASKMON.EXE]
File Path: C:\WINDOWS\TASKMON.EXE
ProcessID: 4294778241
Threads: 1
Priority: Normal
File Size: 28 KB
Version: 4.10.0.1998
File Version: 4.10.1998
Product Version: 4.10.1998
Copyright: Copyright (C) Microsoft Corp. 1998
Company Name: Microsoft Corporation
File Description: Task Monitor
Internal Name: TaskMon
Original Filename: TASKMON.EXE
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 1/30/01 8:07:44 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:11 [C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]
File Path: C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
ProcessID: 4294834941
Threads: 1
Priority: Normal
File Size: 51 KB
Version: 1.7.0.0
File Version: 1, 7, 0, 0
Product Version: 1, 7, 0, 0
Copyright: Copyright © 1998
Company Name: Hewlett-Packard Company
File Description: hpsysdrv
Internal Name: hpsysdrv
Original Filename: hpsysdrv.exe
Product Name: hpsysdrv
Created on: 11/17/99 5:13:22 AM
Last accessed: 4/11/04
Last modified: 5/7/98 9:04:38 AM
#:12 [C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE]
File Path: C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
ProcessID: 4294822733
Threads: 5
Priority: Normal
File Size: 292 KB
Version: 7.0.0.221
File Version: 7,0,0,221
Product Version: 7.0.0.221
Copyright: Copyright © 2004, GRISOFT, s.r.o.
Company Name: GRISOFT, s.r.o.
File Description: AVG Control Center
Internal Name: AvgCC
Original Filename: AvgCC.EXE
Product Name: AVG Anti-Virus System
Created on: 3/24/04 6:50:18 PM
Last accessed: 4/11/04
Last modified: 3/24/04 6:50:20 PM
#:13 [C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE]
File Path: C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
ProcessID: 4294829221
Threads: 18
Priority: Normal
File Size: 182 KB
Version: 7.0.0.225
File Version: 7,0,0,225
Product Version: 7.0.0.225
Copyright: Copyright © 2004, GRISOFT, s.r.o.
Company Name: GRISOFT, s.r.o.
File Description: AVG E-Mail Scanner
Internal Name: avgemc
Original Filename: avgemc.exe
Product Name: AVG Anti-Virus System
Created on: 3/24/04 6:50:19 PM
Last accessed: 4/11/04
Last modified: 3/24/04 6:50:20 PM
#:14 [C:\WINDOWS\RunDLL.exe]
File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
ProcessID: 4294804865
Threads: 1
Priority: Normal
File Size: 460 KB
Version: 4.10.0.2222
File Version: 4.10.2222
Product Version: 4.10.2222
Copyright: Copyright (C) Microsoft Corp. 1991-1999
Company Name: Microsoft Corporation
File Description: Win32 Kernel core component
Internal Name: KERNEL32
Original Filename: KERNEL32.DLL
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 3/24/04 6:50:19 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:15 [C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE]
File Path: C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
ProcessID: 4294728373
Threads: 6
Priority: Normal
File Size: 401 KB
Version: 3.7.98.0
File Version: 3.7.098
Product Version: 3.7.098
Copyright: Copyright © 1998-2003, Zone Labs Inc.
Company Name: Zone Labs Inc.
File Description: ZoneAlarm Pro
Internal Name: zapro
Original Filename: zapro.exe
Product Name: ZoneAlarm Pro
Created on: 3/19/03 10:55:50 PM
Last accessed: 4/11/04
Last modified: 2/14/03 1:54:02 PM
#:16 [C:\WINDOWS\SYSTEM\DDHELP.EXE]
File Path: C:\WINDOWS\SYSTEM\DDHELP.EXE
ProcessID: 4294623121
Threads: 2
Priority: Real Time
File Size: 32 KB
Version: 4.9.0.900
File Version: 4.09.00.0900
Product Version: 4.09.00.0900
Copyright: Copyright © Microsoft Corp. 1994-2002
Company Name: Microsoft Corporation
File Description: Microsoft DirectX Helper
Internal Name: DDHelp.exe
Original Filename: DDHelp.exe
Product Name: Microsoft® DirectX for Windows®
Created on: 4/16/03 12:38:18 PM
Last accessed: 4/11/04
Last modified: 12/12/02 12:14:32 AM
#:17 [C:\WINDOWS\SYSTEM\PSTORES.EXE]
File Path: C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID: 4294765365
Threads: 3
Priority: Normal
File Size: 79 KB
Version: 5.0.1877.3
File Version: 5.00.1877.3
Product Version: 5.00.1877.3
Copyright: Copyright (C) Microsoft Corp. 1981-1998
Company Name: Microsoft Corporation
File Description: Protected storage server
Internal Name: Protected storage server
Original Filename: Protected storage server
Product Name: Microsoft(R) Windows NT(R) Operating System
Created on: 4/16/03 12:38:18 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:18 [C:\WINDOWS\EXPLORER.EXE]
File Path: C:\WINDOWS\EXPLORER.EXE
ProcessID: 4294770169
Threads: 17
Priority: Normal
File Size: 176 KB
Version: 4.72.3110.1
File Version: 4.72.3110.1
Product Version: 4.72.3110.1
Copyright: Copyright (C) Microsoft Corp. 1981-1997
Company Name: Microsoft Corporation
File Description: Windows Explorer
Internal Name: explorer
Original Filename: EXPLORER.EXE
Product Name: Microsoft(R) Windows NT(R) Operating System
Created on: 4/16/03 12:38:18 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:19 [C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE]
File Path: C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE
ProcessID: 4294628625
Threads: 4
Priority: Normal
File Size: 404 KB
Version: 1.0.0.1
File Version: 1, 0, 0, 1
Product Version: 1, 0, 0, 1
Copyright: Copyright (C) 2003
Company Name: ,
File Description: HiJack MFC Application
Internal Name: System Hijack Scanner
Original Filename: HiJackNT.EXE
Product Name: System Hijack Scanner
Created on: 5/14/03 8:19:48 PM
Last accessed: 4/11/04
Last modified: 5/14/03 8:19:48 PM
System Hijack Scanner Entries:
---------------
R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main, window title=Microsoft Internet Explorer provided by Verizon Online
R2 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, Default=http://home.microsoft.com/access/autosearch.asp?p=%s
O3 - ToolBar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - Start Up: C:\WINDOWS\Start Menu\Programs\StartUp\MRU-Blaster Scheduler.lnk
O4 - Start Up: C:\WINDOWS\Start Menu\Programs\StartUp\MRU-Blaster Silent Clean.lnk
O4 - Global Start Up: C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm Pro.lnk
O5 - control.ini [don't load]: snd.cpl=no
O5 - control.ini [don't load]: joystick.cpl=no
O5 - control.ini [don't load]: midimap.drv=no
O8 - Extra Context Menu Items: &NeoTrace It! -
O9 - Extra Button: Related - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
O9 - Extra Tools Menu Item: Show &Related Links - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
O11 - Options Group: [JAVA_SUN] Java (Sun)
O12 - Plugin For .spop - C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone:http://*.verizon.net
O15 - Trusted Zone: https://www.verizon.net
O15 - Trusted Zone: *://www.verizon.net
O15 - Trusted Zone: http://www.excite.com
O15 - Trusted Zone: http://graphicsbycitygirl2.0catch.com
O15 - Trusted Zone: https://www.acninc.net
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} (CV3 Class) - http://windowsupdate.microsoft.com/R848/V31Controls/x86/w98/en/actsetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.telcopoint.com/distro/hmvcfe.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37887.0236921296
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: ChatClient ((no name)) - http://216.126.214.195/taw/chat/ChatClient.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX
your input valued
Running 98se with all current microsoft patches
Do have one 256 ram card not being recognized but other one is working.... so that is only known hardware issue.....
I have run in last two days.......
ran multiple antivirus programs including but not limited to AVG, Housecalls, Panda
ran multiple Trojan / adware vendor scans
cleaned registry
ran SFC utility
cleaned out dead files, registry entries, etc.
emptied all tmp files and objects via Windows/Temp and file search *.tmp
emptied cookies (is done at reach reboot automatically but i also do while browsing)
strengthened cookie handling parameters vie IE and ZA
scan disk
defrag
uninstalled and reinstalled ram cards (no easy feat on an HP Pav)
ran hijack this ( scan log attached)
I do run a firewall ..... ZA
ran Internet Explorer Repair (twice)
Uninstalled and reinstalled any potentially suspect applications
Uninstalled MS JAVA and installed SUN JAVA ( re post i saw here somewhere this week)
Symptoms as follows:
1. usb mouse drags..... i.e. .. feels heavy .. reinstalled updated driver .. didn't help
2. getting multiple program crashes in applications or "unable to load" errors
3. getting invalid page faults, GPF errors ( kernel 32 usually), mmtask.exe errors ( today) .. deleted mmtask.exe
4. intermittent .... and i do mean intermittent..... clicking upon rebooting
5. mouse goes spastic ..
6. multiple instances of programs open and continue opening or windows flash ( like ms message OS windows asking you what you want to do, close app, etc.) ... when this occurs and i attempt to reboot .. popup from tray for start .. reboot .. does not pop up but pc does a " restart" when i try to access shut down on start panel
7. in chat programs.. ( messenger, icq, yahoo, halsoft) all of a sudden all my typing goes "vertical" .... may be 3 hours or 3 minutes before this occurs after a fresh reboot .. shutdown... not restart ....
HIJACK THIS scan log below ... for some ungodly reason have multiple instances of kernel32.dll running and are not even all the same file (dif dates)
Last accessed: 4/11/04
Last modified: 3/24/04 6:50:18 PM
#:7 [C:\WINDOWS\SYSTEM\mmtask.tsk]
File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
ProcessID: 4294852005
Threads: 1
Priority: Normal
File Size: 460 KB
Version: 4.10.0.2222
File Version: 4.10.2222
Product Version: 4.10.2222
Copyright: Copyright (C) Microsoft Corp. 1991-1999
Company Name: Microsoft Corporation
File Description: Win32 Kernel core component
Internal Name: KERNEL32
Original Filename: KERNEL32.DLL
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 3/24/04 6:50:17 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:8 [C:\WINDOWS\SYSTEM\MSGLOOP.EXE]
File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
ProcessID: 4294849925
Threads: 1
Priority: Normal
File Size: 460 KB
Version: 4.10.0.2222
File Version: 4.10.2222
Product Version: 4.10.2222
Copyright: Copyright (C) Microsoft Corp. 1991-1999
Company Name: Microsoft Corporation
File Description: Win32 Kernel core component
Internal Name: KERNEL32
Original Filename: KERNEL32.DLL
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 3/24/04 6:50:17 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:9 [C:\WINDOWS\SYSTEM\MSG32.EXE]
File Path: C:\WINDOWS\SYSTEM\MSG32.EXE
ProcessID: 4294855901
Threads: 1
Priority: Real Time
File Size: 16 KB
Version: 4.5.0.2112
File Version: 4.05.00.2112
Product Version: 4.05.00.2112
Copyright: Copyright © Rockwell Corporation 1996-1998.
Company Name: Rockwell Corporation
File Description: Rockwell WaveStream Message Server
Internal Name: MSGLOOP.EXE
Original Filename: MSGLOOP.EXE
Product Name: WaveStream\Endless Wave
Created on: 1/30/01 8:07:44 PM
Last accessed: 4/11/04
Last modified: 5/24/99 6:39:04 PM
#:10 [C:\WINDOWS\TASKMON.EXE]
File Path: C:\WINDOWS\TASKMON.EXE
ProcessID: 4294778241
Threads: 1
Priority: Normal
File Size: 28 KB
Version: 4.10.0.1998
File Version: 4.10.1998
Product Version: 4.10.1998
Copyright: Copyright (C) Microsoft Corp. 1998
Company Name: Microsoft Corporation
File Description: Task Monitor
Internal Name: TaskMon
Original Filename: TASKMON.EXE
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 1/30/01 8:07:44 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:11 [C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]
File Path: C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
ProcessID: 4294834941
Threads: 1
Priority: Normal
File Size: 51 KB
Version: 1.7.0.0
File Version: 1, 7, 0, 0
Product Version: 1, 7, 0, 0
Copyright: Copyright © 1998
Company Name: Hewlett-Packard Company
File Description: hpsysdrv
Internal Name: hpsysdrv
Original Filename: hpsysdrv.exe
Product Name: hpsysdrv
Created on: 11/17/99 5:13:22 AM
Last accessed: 4/11/04
Last modified: 5/7/98 9:04:38 AM
#:12 [C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE]
File Path: C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
ProcessID: 4294822733
Threads: 5
Priority: Normal
File Size: 292 KB
Version: 7.0.0.221
File Version: 7,0,0,221
Product Version: 7.0.0.221
Copyright: Copyright © 2004, GRISOFT, s.r.o.
Company Name: GRISOFT, s.r.o.
File Description: AVG Control Center
Internal Name: AvgCC
Original Filename: AvgCC.EXE
Product Name: AVG Anti-Virus System
Created on: 3/24/04 6:50:18 PM
Last accessed: 4/11/04
Last modified: 3/24/04 6:50:20 PM
#:13 [C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE]
File Path: C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
ProcessID: 4294829221
Threads: 18
Priority: Normal
File Size: 182 KB
Version: 7.0.0.225
File Version: 7,0,0,225
Product Version: 7.0.0.225
Copyright: Copyright © 2004, GRISOFT, s.r.o.
Company Name: GRISOFT, s.r.o.
File Description: AVG E-Mail Scanner
Internal Name: avgemc
Original Filename: avgemc.exe
Product Name: AVG Anti-Virus System
Created on: 3/24/04 6:50:19 PM
Last accessed: 4/11/04
Last modified: 3/24/04 6:50:20 PM
#:14 [C:\WINDOWS\RunDLL.exe]
File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
ProcessID: 4294804865
Threads: 1
Priority: Normal
File Size: 460 KB
Version: 4.10.0.2222
File Version: 4.10.2222
Product Version: 4.10.2222
Copyright: Copyright (C) Microsoft Corp. 1991-1999
Company Name: Microsoft Corporation
File Description: Win32 Kernel core component
Internal Name: KERNEL32
Original Filename: KERNEL32.DLL
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 3/24/04 6:50:19 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:15 [C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE]
File Path: C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
ProcessID: 4294728373
Threads: 6
Priority: Normal
File Size: 401 KB
Version: 3.7.98.0
File Version: 3.7.098
Product Version: 3.7.098
Copyright: Copyright © 1998-2003, Zone Labs Inc.
Company Name: Zone Labs Inc.
File Description: ZoneAlarm Pro
Internal Name: zapro
Original Filename: zapro.exe
Product Name: ZoneAlarm Pro
Created on: 3/19/03 10:55:50 PM
Last accessed: 4/11/04
Last modified: 2/14/03 1:54:02 PM
#:16 [C:\WINDOWS\SYSTEM\DDHELP.EXE]
File Path: C:\WINDOWS\SYSTEM\DDHELP.EXE
ProcessID: 4294623121
Threads: 2
Priority: Real Time
File Size: 32 KB
Version: 4.9.0.900
File Version: 4.09.00.0900
Product Version: 4.09.00.0900
Copyright: Copyright © Microsoft Corp. 1994-2002
Company Name: Microsoft Corporation
File Description: Microsoft DirectX Helper
Internal Name: DDHelp.exe
Original Filename: DDHelp.exe
Product Name: Microsoft® DirectX for Windows®
Created on: 4/16/03 12:38:18 PM
Last accessed: 4/11/04
Last modified: 12/12/02 12:14:32 AM
#:17 [C:\WINDOWS\SYSTEM\PSTORES.EXE]
File Path: C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID: 4294765365
Threads: 3
Priority: Normal
File Size: 79 KB
Version: 5.0.1877.3
File Version: 5.00.1877.3
Product Version: 5.00.1877.3
Copyright: Copyright (C) Microsoft Corp. 1981-1998
Company Name: Microsoft Corporation
File Description: Protected storage server
Internal Name: Protected storage server
Original Filename: Protected storage server
Product Name: Microsoft(R) Windows NT(R) Operating System
Created on: 4/16/03 12:38:18 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:18 [C:\WINDOWS\EXPLORER.EXE]
File Path: C:\WINDOWS\EXPLORER.EXE
ProcessID: 4294770169
Threads: 17
Priority: Normal
File Size: 176 KB
Version: 4.72.3110.1
File Version: 4.72.3110.1
Product Version: 4.72.3110.1
Copyright: Copyright (C) Microsoft Corp. 1981-1997
Company Name: Microsoft Corporation
File Description: Windows Explorer
Internal Name: explorer
Original Filename: EXPLORER.EXE
Product Name: Microsoft(R) Windows NT(R) Operating System
Created on: 4/16/03 12:38:18 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM
#:19 [C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE]
File Path: C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE
ProcessID: 4294628625
Threads: 4
Priority: Normal
File Size: 404 KB
Version: 1.0.0.1
File Version: 1, 0, 0, 1
Product Version: 1, 0, 0, 1
Copyright: Copyright (C) 2003
Company Name: ,
File Description: HiJack MFC Application
Internal Name: System Hijack Scanner
Original Filename: HiJackNT.EXE
Product Name: System Hijack Scanner
Created on: 5/14/03 8:19:48 PM
Last accessed: 4/11/04
Last modified: 5/14/03 8:19:48 PM
System Hijack Scanner Entries:
---------------
R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main, window title=Microsoft Internet Explorer provided by Verizon Online
R2 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, Default=http://home.microsoft.com/access/autosearch.asp?p=%s
O3 - ToolBar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - Start Up: C:\WINDOWS\Start Menu\Programs\StartUp\MRU-Blaster Scheduler.lnk
O4 - Start Up: C:\WINDOWS\Start Menu\Programs\StartUp\MRU-Blaster Silent Clean.lnk
O4 - Global Start Up: C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm Pro.lnk
O5 - control.ini [don't load]: snd.cpl=no
O5 - control.ini [don't load]: joystick.cpl=no
O5 - control.ini [don't load]: midimap.drv=no
O8 - Extra Context Menu Items: &NeoTrace It! -
O9 - Extra Button: Related - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
O9 - Extra Tools Menu Item: Show &Related Links - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
O11 - Options Group: [JAVA_SUN] Java (Sun)
O12 - Plugin For .spop - C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone:http://*.verizon.net
O15 - Trusted Zone: https://www.verizon.net
O15 - Trusted Zone: *://www.verizon.net
O15 - Trusted Zone: http://www.excite.com
O15 - Trusted Zone: http://graphicsbycitygirl2.0catch.com
O15 - Trusted Zone: https://www.acninc.net
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} (CV3 Class) - http://windowsupdate.microsoft.com/R848/V31Controls/x86/w98/en/actsetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.telcopoint.com/distro/hmvcfe.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37887.0236921296
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: ChatClient ((no name)) - http://216.126.214.195/taw/chat/ChatClient.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX
your input valued