win98se locking up, spastic mouse/windows, multiple running instances kernel32.dll

[1TxLady]

helppppppppp ............ not technically challenged just mystified

Running 98se with all current microsoft patches
Do have one 256 ram card not being recognized but other one is working.... so that is only known hardware issue.....

I have run in last two days.......
ran multiple antivirus programs including but not limited to AVG, Housecalls, Panda
ran multiple Trojan / adware vendor scans
cleaned registry
ran SFC utility
cleaned out dead files, registry entries, etc.
emptied all tmp files and objects via Windows/Temp and file search *.tmp
emptied cookies (is done at reach reboot automatically but i also do while browsing)
strengthened cookie handling parameters vie IE and ZA
scan disk
defrag
uninstalled and reinstalled ram cards (no easy feat on an HP Pav)
ran hijack this ( scan log attached)
I do run a firewall ..... ZA
ran Internet Explorer Repair (twice)
Uninstalled and reinstalled any potentially suspect applications
Uninstalled MS JAVA and installed SUN JAVA ( re post i saw here somewhere this week)


Symptoms as follows:

1. usb mouse drags..... i.e. .. feels heavy .. reinstalled updated driver .. didn't help

2. getting multiple program crashes in applications or "unable to load" errors

3. getting invalid page faults, GPF errors ( kernel 32 usually), mmtask.exe errors ( today) .. deleted mmtask.exe

4. intermittent .... and i do mean intermittent..... clicking upon rebooting

5. mouse goes spastic ..

6. multiple instances of programs open and continue opening or windows flash ( like ms message OS windows asking you what you want to do, close app, etc.) ... when this occurs and i attempt to reboot .. popup from tray for start .. reboot .. does not pop up but pc does a " restart" when i try to access shut down on start panel

7. in chat programs.. ( messenger, icq, yahoo, halsoft) all of a sudden all my typing goes "vertical" .... may be 3 hours or 3 minutes before this occurs after a fresh reboot .. shutdown... not restart ....



HIJACK THIS scan log below ... for some ungodly reason have multiple instances of kernel32.dll running and are not even all the same file (dif dates)


Last accessed: 4/11/04
Last modified: 3/24/04 6:50:18 PM

#:7 [C:\WINDOWS\SYSTEM\mmtask.tsk]
File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
ProcessID: 4294852005
Threads: 1
Priority: Normal
File Size: 460 KB
Version: 4.10.0.2222
File Version: 4.10.2222
Product Version: 4.10.2222
Copyright: Copyright (C) Microsoft Corp. 1991-1999
Company Name: Microsoft Corporation
File Description: Win32 Kernel core component
Internal Name: KERNEL32
Original Filename: KERNEL32.DLL
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 3/24/04 6:50:17 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM

#:8 [C:\WINDOWS\SYSTEM\MSGLOOP.EXE]
File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
ProcessID: 4294849925
Threads: 1
Priority: Normal
File Size: 460 KB
Version: 4.10.0.2222
File Version: 4.10.2222
Product Version: 4.10.2222
Copyright: Copyright (C) Microsoft Corp. 1991-1999
Company Name: Microsoft Corporation
File Description: Win32 Kernel core component
Internal Name: KERNEL32
Original Filename: KERNEL32.DLL
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 3/24/04 6:50:17 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM

#:9 [C:\WINDOWS\SYSTEM\MSG32.EXE]
File Path: C:\WINDOWS\SYSTEM\MSG32.EXE
ProcessID: 4294855901
Threads: 1
Priority: Real Time
File Size: 16 KB
Version: 4.5.0.2112
File Version: 4.05.00.2112
Product Version: 4.05.00.2112
Copyright: Copyright © Rockwell Corporation 1996-1998.
Company Name: Rockwell Corporation
File Description: Rockwell WaveStream Message Server
Internal Name: MSGLOOP.EXE
Original Filename: MSGLOOP.EXE
Product Name: WaveStream\Endless Wave
Created on: 1/30/01 8:07:44 PM
Last accessed: 4/11/04
Last modified: 5/24/99 6:39:04 PM

#:10 [C:\WINDOWS\TASKMON.EXE]
File Path: C:\WINDOWS\TASKMON.EXE
ProcessID: 4294778241
Threads: 1
Priority: Normal
File Size: 28 KB
Version: 4.10.0.1998
File Version: 4.10.1998
Product Version: 4.10.1998
Copyright: Copyright (C) Microsoft Corp. 1998
Company Name: Microsoft Corporation
File Description: Task Monitor
Internal Name: TaskMon
Original Filename: TASKMON.EXE
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 1/30/01 8:07:44 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM

#:11 [C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]
File Path: C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
ProcessID: 4294834941
Threads: 1
Priority: Normal
File Size: 51 KB
Version: 1.7.0.0
File Version: 1, 7, 0, 0
Product Version: 1, 7, 0, 0
Copyright: Copyright © 1998
Company Name: Hewlett-Packard Company
File Description: hpsysdrv
Internal Name: hpsysdrv
Original Filename: hpsysdrv.exe
Product Name: hpsysdrv
Created on: 11/17/99 5:13:22 AM
Last accessed: 4/11/04
Last modified: 5/7/98 9:04:38 AM

#:12 [C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE]
File Path: C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
ProcessID: 4294822733
Threads: 5
Priority: Normal
File Size: 292 KB
Version: 7.0.0.221
File Version: 7,0,0,221
Product Version: 7.0.0.221
Copyright: Copyright © 2004, GRISOFT, s.r.o.
Company Name: GRISOFT, s.r.o.
File Description: AVG Control Center
Internal Name: AvgCC
Original Filename: AvgCC.EXE
Product Name: AVG Anti-Virus System
Created on: 3/24/04 6:50:18 PM
Last accessed: 4/11/04
Last modified: 3/24/04 6:50:20 PM

#:13 [C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE]
File Path: C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
ProcessID: 4294829221
Threads: 18
Priority: Normal
File Size: 182 KB
Version: 7.0.0.225
File Version: 7,0,0,225
Product Version: 7.0.0.225
Copyright: Copyright © 2004, GRISOFT, s.r.o.
Company Name: GRISOFT, s.r.o.
File Description: AVG E-Mail Scanner
Internal Name: avgemc
Original Filename: avgemc.exe
Product Name: AVG Anti-Virus System
Created on: 3/24/04 6:50:19 PM
Last accessed: 4/11/04
Last modified: 3/24/04 6:50:20 PM

#:14 [C:\WINDOWS\RunDLL.exe]
File Path: C:\WINDOWS\SYSTEM\KERNEL32.DLL
ProcessID: 4294804865
Threads: 1
Priority: Normal
File Size: 460 KB
Version: 4.10.0.2222
File Version: 4.10.2222
Product Version: 4.10.2222
Copyright: Copyright (C) Microsoft Corp. 1991-1999
Company Name: Microsoft Corporation
File Description: Win32 Kernel core component
Internal Name: KERNEL32
Original Filename: KERNEL32.DLL
Product Name: Microsoft(R) Windows(R) Operating System
Created on: 3/24/04 6:50:19 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM

#:15 [C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE]
File Path: C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
ProcessID: 4294728373
Threads: 6
Priority: Normal
File Size: 401 KB
Version: 3.7.98.0
File Version: 3.7.098
Product Version: 3.7.098
Copyright: Copyright © 1998-2003, Zone Labs Inc.
Company Name: Zone Labs Inc.
File Description: ZoneAlarm Pro
Internal Name: zapro
Original Filename: zapro.exe
Product Name: ZoneAlarm Pro
Created on: 3/19/03 10:55:50 PM
Last accessed: 4/11/04
Last modified: 2/14/03 1:54:02 PM

#:16 [C:\WINDOWS\SYSTEM\DDHELP.EXE]
File Path: C:\WINDOWS\SYSTEM\DDHELP.EXE
ProcessID: 4294623121
Threads: 2
Priority: Real Time
File Size: 32 KB
Version: 4.9.0.900
File Version: 4.09.00.0900
Product Version: 4.09.00.0900
Copyright: Copyright © Microsoft Corp. 1994-2002
Company Name: Microsoft Corporation
File Description: Microsoft DirectX Helper
Internal Name: DDHelp.exe
Original Filename: DDHelp.exe
Product Name: Microsoft® DirectX for Windows®
Created on: 4/16/03 12:38:18 PM
Last accessed: 4/11/04
Last modified: 12/12/02 12:14:32 AM

#:17 [C:\WINDOWS\SYSTEM\PSTORES.EXE]
File Path: C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID: 4294765365
Threads: 3
Priority: Normal
File Size: 79 KB
Version: 5.0.1877.3
File Version: 5.00.1877.3
Product Version: 5.00.1877.3
Copyright: Copyright (C) Microsoft Corp. 1981-1998
Company Name: Microsoft Corporation
File Description: Protected storage server
Internal Name: Protected storage server
Original Filename: Protected storage server
Product Name: Microsoft(R) Windows NT(R) Operating System
Created on: 4/16/03 12:38:18 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM

#:18 [C:\WINDOWS\EXPLORER.EXE]
File Path: C:\WINDOWS\EXPLORER.EXE
ProcessID: 4294770169
Threads: 17
Priority: Normal
File Size: 176 KB
Version: 4.72.3110.1
File Version: 4.72.3110.1
Product Version: 4.72.3110.1
Copyright: Copyright (C) Microsoft Corp. 1981-1997
Company Name: Microsoft Corporation
File Description: Windows Explorer
Internal Name: explorer
Original Filename: EXPLORER.EXE
Product Name: Microsoft(R) Windows NT(R) Operating System
Created on: 4/16/03 12:38:18 PM
Last accessed: 4/11/04
Last modified: 4/23/99 10:22:00 PM

#:19 [C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE]
File Path: C:\PROGRAM FILES\BULLETPROOFSOFT.COM\SPYWAREREMOVER\HS\HIJACK.EXE
ProcessID: 4294628625
Threads: 4
Priority: Normal
File Size: 404 KB
Version: 1.0.0.1
File Version: 1, 0, 0, 1
Product Version: 1, 0, 0, 1
Copyright: Copyright (C) 2003
Company Name: ,
File Description: HiJack MFC Application
Internal Name: System Hijack Scanner
Original Filename: HiJackNT.EXE
Product Name: System Hijack Scanner
Created on: 5/14/03 8:19:48 PM
Last accessed: 4/11/04
Last modified: 5/14/03 8:19:48 PM



System Hijack Scanner Entries:
---------------

R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main, window title=Microsoft Internet Explorer provided by Verizon Online
R2 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, Default=http://home.microsoft.com/access/autosearch.asp?p=%s
O3 - ToolBar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - Start Up: C:\WINDOWS\Start Menu\Programs\StartUp\MRU-Blaster Scheduler.lnk
O4 - Start Up: C:\WINDOWS\Start Menu\Programs\StartUp\MRU-Blaster Silent Clean.lnk
O4 - Global Start Up: C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm Pro.lnk
O5 - control.ini [don't load]: snd.cpl=no
O5 - control.ini [don't load]: joystick.cpl=no
O5 - control.ini [don't load]: midimap.drv=no
O8 - Extra Context Menu Items: &NeoTrace It! -
O9 - Extra Button: Related - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
O9 - Extra Tools Menu Item: Show &Related Links - (HKLM) - {c95fe080-8f5d-11d2-a20b-00aa003c157a}
O11 - Options Group: [JAVA_SUN] Java (Sun)
O12 - Plugin For .spop - C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone:http://*.verizon.net
O15 - Trusted Zone: https://www.verizon.net
O15 - Trusted Zone: *://www.verizon.net
O15 - Trusted Zone: http://www.excite.com
O15 - Trusted Zone: http://graphicsbycitygirl2.0catch.com
O15 - Trusted Zone: https://www.acninc.net
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} (CV3 Class) - http://windowsupdate.microsoft.com/R848/V31Controls/x86/w98/en/actsetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.telcopoint.com/distro/hmvcfe.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37887.0236921296
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: ChatClient ((no name)) - http://216.126.214.195/taw/chat/ChatClient.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_04) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX

your input valued

 

[Styxx]

you may need to re-install Windows.

First backup all your sensitive data:

Backup all your Sensitive Data (Internet Explorer Favorites; Netscape Bookmarks, Address Book and Netscape Mail Folders; Outlook Express Address Books and Folders (compress any Netscape Mail or Outlook Express folders first) letters, pictures, databases, spreadsheets, music, etc.) to removable media for restoring later.

Please the printable attachment for more information.

 

[NiteHawk]

Looking at the O5 and O18 entries, did YOU make these changes and/or are you aware of them?

Let's not get excited about re-installing Windows......yet.

 

[1TxLady]

to answer the first post ...... ughhhhhh Reformat !! but if i have to .... ok


and to answer 2nd post .. no .. i did not make those entries . .. 005 , 018

 

[NiteHawk]

Sorry for the delay, I was out for a few hours.

Since O18 entries are very rare, and HJT creates back-ups, I'm going to suggest that we have HJT fix them. Let's try the O18's first and then the O5's if that doesn't help. It looks like the O5's are disable your sound. Not sure why???

In Hijack This, check ALL of the following items. Double check so as to be sure not to miss a single one.
Next, close all browser Windows, and have HT fix all checked.

O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM\urlmon.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM\MSHTML.DLL
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM\ITSS.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM\INETCOMM.DLL
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM\MSDXM.OCX



Reboot


Now download Spybot - Search & Destroy (if you haven't got the program installed already)

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove/fix all it finds that are in RED

Reboot

Last, run HJT again and post your log again to see if anything was missed.

Thanks

 

[1TxLady]

ty so much for your time and effort particularly since i view reformat as a four letter word!!!

I downloaded, installed, configured and ran the latest versions of adaware and spybot prior to your post and have run both .... cleaning many registry entries I had missed in my search and destroy mission.

I will follow your protocol above and report back with a new hijack log. That will clear the 018 issues hopefully.

As for the 005 entries .....??????? and yes my sound is impacted but was the least of my worries

 

[1TxLady]

Log file attached....

when i ran hijack the first time this evening, there were also no 005 or 018 entries .. and as you can see there are none now. The only log entry I question now is:

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab

AND........I cannot get into my webmail acct at Excite since installing and runnin Spybot. I told Spybot to ignore... and is checked as excluded... but i still cannot sign in. I reset activex to ask permission and enabled java much as i did not want to, it let me in once , but not a second time after rebooting.

On another note: ..... as i said in first post, I uninstalled ms java and installed sun java per a post here ... followed instructions to " T" ....... however, some web pages with graphics and anfy java do not display at all ? Is there a corruption in the Sun program i downloaded or? As I understood it, it should not matter with the Sun Java.

Logfile of HijackThis v1.97.7
Scan saved at 12:53:04 AM, on 4/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\MEM MAX\MMDAEMON.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.verizon.net
O15 - Trusted Zone: http://www.excite.com
O15 - Trusted Zone: http://graphicsbycitygirl2.0catch.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.telcopoint.com/distro/hmvcfe.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37887.0236921296
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: ChatClient - http://216.126.214.195/taw/chat/ChatClient.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Again......... ty so much for your assistance on this holiday !!

 

[Styxx]

On the Java issue and not being able to login to certain sites. Part of that issue may be Zone Alarm (ZA) related. Be sure ZA is not set to restrict certain sites. There is no difference. Java is all by Sun. If you have incorrectly uninstalled it reverse that uninstall. In Control Panel open the Java control panel; re-enable Internet Explorer by re-ticking the option. You mightttry using the latest Netscape browser from http://channels.netscape.com/ns/browsers/default.jsp

***

Ensure your Internet Explorer browser is properly configured, not too strictly:

Open Internet Explorer (IE); Tools menu; Internet Options; Advanced tab; Click the Restore Defaults button; Click Apply; Click Ok. Close IE.

Open (IE); Click the Tools menu; Point to Internet Options; Click the Security tab; Click the Default Level button; Click Apply; Click Ok. Close IE.

Open IE; Click the Tools menu; Internet Options; Click the Security tab; Click the Custom Level button; Click Apply; Click Ok. Close IE. Start IE as desired.

 

[1TxLady]

did redownload and reinstall Sun Java .. changed IE options... resetting IE Java options allowed me to view my web mail .. but.. still does not show java enhanced graphics on some sites.. one of which being my own paintshop with graphics that are java enhanced.....and truly do appreciate the suggestion of Netscape but I gave up on Netscape long ago