Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

temp system lockup


  • Please log in to reply

#31
Ruff_Rider

Ruff_Rider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OK will gladly get rid of those two Yahoo items (I am not a big Yahoo fan anyway). My ISP is SBC but I have a DSL hookup with a DSL modem and a separate router (not wireless). I have 2 desktop PC's hooked up to the router and can use both simultaneously, etc., cha cha cha.... But this PC is mine and my wife uses the other one, it is in good shape not all beat up, sick and dopey like mine...
  • 0

Advertisements


#32
Ruff_Rider

Ruff_Rider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I ran HijackThis and got rid of those questionable Yahoo url items in the registry. Then I attempted to go after "cleanup" as per your directive but the link provided was not valid and only gave me a PAGE NOT FOUND error. I decided the link url was invalid and I changed it from http://http://www.softdd.com/complete/ to http://www.softdd.com/complete/ and found it and installed it, but I need some direction on what options to select because looking at the descriptions, some of them seem very risky to me.... Do you have any option selection suggestions or just take the "ALL" option ???

here is a fresh hijackthis log taken following a cold reboot...

Logfile of HijackThis v1.99.1
Scan saved at 8:47:06 PM, on 4/6/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\HPSJVXD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\HPHIPM11.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\DOWNLOADS\HIJACK THIS 1991\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Cecil/HomePage/HomePage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HPSCANMonitor] c:\windows\SYSTEM\hpsjvxd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
  • 0

#33
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Let me get back with you. I have never used this, but another staffer recommended it.
  • 0

#34
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Download here:
http://www.antispywa...ftware.php?id=1

Tutorial here:
http://www.antispywa...torial.php?id=2
  • 0

#35
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
How is it going?
  • 0

#36
Ruff_Rider

Ruff_Rider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
This morning I ran both CCleaner (cleaner not just analyze) and the Complete Cleanup (Cleanup = ALL). Both processes ran thru completion, eliminating some more cookies, temp files & trash, etc...


Next I started with these two sugestions you sent me last evening.

Download here:
http://www.antispywa...ftware.php?id=1

Tutorial here:
http://www.antispywa...torial.php?id=2

But these are not current urls,
evidently antispyware.nextdesigns has changed and their new url is:
http://www.spywareaid.com/

So I went there and discovered that they have 21 software packages in their download library and two video tutorials (HJT & CWS), I've ran both of these.

So I think I will call it quits. My PC is running and I have cleaned out a lot of junk files, etc., but it still goes into deep sleep sometimes, once just last night as I clicked for normal shutdown. I waited about 5 minutes then gave up and hit the power off button on the pc tower face panel. That forced a cold reboot with Windows going into the scan disk routine to make sure all was still working.

Many thanks for your assistance. I have now reached the point that I realize I must just live with the frequent freeze ups or upgrade to WinXP. I will proceed to upgrade. I would appreciate any last minute suggestions and if there is another staffer with expertise in upgrading from Win98SE to WinXP I would certainly give careful attention to any suggestions in that direction.

Cheers,

Ruff_Rider
  • 0

#37
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I will move you over to the Windows 98 section. We really need to get adaware working.

Here is another suggestion from Castle Cops.

First, however, please make sure you have updated the Definition Files.

We highly suggest doing a Disk Defragmentation and follow it with a thorough Check or Scan Disk, depending upon your version of Windows.

Another option is to try a command line: Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown) for your version of Ad-Aware SE:

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnukep

Click OK.

Note: The path above (between the quotes) is the default location of Ad-Aware SE, if you installed to a different directory please adjust it to the correct location. For Ad-Aware SE Personal, when the GUI launches, you will need to click Start > Select Full System Scan > Click Next.

Click OK.

Note: The path above (between the quotes) is the default location of Ad-Aware SE, if this has been changed by the user, please adjust it to the location that they have installed it to.


Have you also taken off the back cover and blown it out with pressurized air?

Also, is it checked to go into hibernation?
  • 0

#38
Ruff_Rider

Ruff_Rider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I will stay with you as long as you can stand..... and Yes I would very much like to get Ad-Aware to run successfully.!

I will do a DeFrag on my hard drive (may take a looonnnnnnnng time) and then I will attempt to run Ad-Aware again from the Start/Run command line :
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnukep
but I expect I will remove that trailing letter 'p' at the very end and make the passing parameter just +procnuke

Okay ?
  • 0

#39
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I'll be here as long as you can stand it. I can't even remember what your original problem is/was. :tazz:

Try those things and then post a new log back to me. I will switch you over to hardware when I hear back.
  • 0

#40
Ruff_Rider

Ruff_Rider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Oooops I forgot to answer your other questions...

I've not removed cover recently (not in last 3 o4 months) and I do not have any compressed air supply.

I do not know how to set Hibernation on/off but I am not aware of it ever asking or wanting to go into hibernation mode on its own.

Oh yes ..... few months ago, my hard drive developed a bad sector and running diskscan from boot up floppy, I was able to flag the bad area and reboot. At which time Windows said the registry file was incomplete, from not being able to read the hard disk sector, but I accepted a prior backup registry and it liked that and never bothered me again. I just offer this since someone suggested I run complete defrag. I will get on that....
  • 0

Advertisements


#41
Ruff_Rider

Ruff_Rider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I ran DeFrag on my harddrive. It ran ok.

I launched Ad_Aware from the Start/Run command line as:
"C:\Program Files\Lavasoft\Ad-Aware Se Personal\Ad-Aware.exe" +procnuke

First I requested an Ad-Aware software update and got one, then
I made sure it was configured to run with
"Searach for negligible risk entries" = UNchecked and
"Perform Full System Scan" = Checked

It ran for about 13 minutes and went into its loopy state with the
window counters showing these values:
____________________________________________________________________
Performing System Scan
.Current Operation
..Performing conditional scans... ... ... ... ... Objects Scanned: 99092
...> Busy... ... ... ... ... ... ||||||||||
.Summary
......27 Running Processes.. ... ... ... ... ... 0 Processes Identified
....634 Process Modules ..... ... ... ... ... ... 0 Modules Identified
.... ... ... ... ... ... ... ... ... ... ... ... ... ... ... 2 Registry Keys Identified
......18 Objects Recognized...... ... ... ... . 12 Registry Values Identified
.......0 Objects Ignored.... ... ... ... ... ... .. 4 Files Identified
......18 New Critical Objects .... ... ... ... ... 0 Folders Identified

Now scanning, click "Cancel" to stop. . . . . . . . . . . . . . X Cancel
____________________________________________________________________

I have just left it running because I do not know how to recover the log file
if I click on the X Cancel button.

I will stand by for a bit.....
  • 0

#42
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Can you click on cancel and then delete what it has found?
  • 0

#43
Ruff_Rider

Ruff_Rider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OK I clicked on Cancel....
there is nothing shown in the scanning results window,

I click on Scan Summary..... no target families detected on this system

I click on Critical Objects . nothing indicated at all

I click on Negligible Objects . nothing indicated at all

I click on Scan Log it shows e-v-e-r-y-t-h-i-n-g up to
the point where it says

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
  • 0

#44
Ruff_Rider

Ruff_Rider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the entire Scan Log........


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, April 07, 2005 12:52:23 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R37 07.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R36 01.04.2005
Internal build : 43
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 438128 Bytes
Total size : 1378904 Bytes
Signature data size : 1348736 Bytes
Reference data size : 29656 Bytes
Signatures total : 38426
Fingerprints total : 758
Fingerprints size : 28416 Bytes
Target categories : 15
Target families : 644

4-7-05 12:50:54 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R37 07.04.2005
Internal build : 44
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 457910 Bytes
Total size : 1384084 Bytes
Signature data size : 1353834 Bytes
Reference data size : 29738 Bytes
Signatures total : 38565
Fingerprints total : 779
Fingerprints size : 29330 Bytes
Target categories : 15
Target families : 646


4-7-05 12:51:05 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:44 %
Total physical memory:261092 kb
Available physical memory:66676 kb
Total page file size:1836056 kb
Available on page file:1711660 kb
Total virtual memory:2093056 kb
Available virtual memory:2044224 kb
OS:Microsoft Windows 98 SE

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-7-05 12:52:23 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4291783291
Threads : 8
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294912551
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294910527
Threads : 3
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294957007
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:5 [CCEVTMGR.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 4294841615
Threads : 21
Priority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:6 [CCSETMGR.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 4294838011
Threads : 5
Priority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:7 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294850423
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:8 [KB891711.EXE]
ModuleName : c:\windows\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294892287
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:9 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294829011
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:10 [EXPLORER.EXE]
ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294891979
Threads : 25
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:11 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\windows\taskmon.exe"
ProcessID : 4294842819
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:12 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294723483
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE

#:13 [AHQTB.EXE]
ModuleName : C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
Command Line : "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
ProcessID : 4294872807
Threads : 1
Priority : Normal
FileVersion : 1.0.185
ProductVersion : 1.0.185
ProductName : AudioHQ
CompanyName : Creative Technology Ltd.
FileDescription : Creative AudioHQ
InternalName : AHQTaskBar
LegalCopyright : Copyright © Creative Technology Ltd. 1997-1999
OriginalFilename : AHQTb.exe
Comments : Creative AudioHQ

#:14 [DIRECTCD.EXE]
ModuleName : C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
Command Line : "C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE"
ProcessID : 4294718091
Threads : 1
Priority : Normal
FileVersion : 3.01 (162)
ProductVersion : 3.01 (162)
ProductName : DirectCD
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 1996-2000 Adaptec, Inc.
OriginalFilename : DirectCD.EXE

#:15 [POINT32.EXE]
ModuleName : C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
Command Line : "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
ProcessID : 4294768651
Threads : 1
Priority : Normal


#:16 [HPSJVXD.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPSJVXD.EXE
Command Line : "C:\windows\SYSTEM\hpsjvxd.exe"
ProcessID : 4294743651
Threads : 1
Priority : Normal


#:17 [STIMON.EXE]
ModuleName : C:\WINDOWS\SYSTEM\STIMON.EXE
Command Line : "C:\WINDOWS\SYSTEM\STIMON.EXE"
ProcessID : 4294751515
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:18 [HPZTSB05.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPZTSB05.EXE
Command Line : "C:\WINDOWS\SYSTEM\hpztsb05.exe"
ProcessID : 4294750083
Threads : 1
Priority : Normal
FileVersion : 2,126,0,0
ProductVersion : 2,126,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002

#:19 [HPHMON04.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPHMON04.EXE
Command Line : "C:\WINDOWS\SYSTEM\HPHMON04.EXE"
ProcessID : 4294877339
Threads : 5
Priority : Normal
FileVersion : 4,0,34
ProductVersion : 4,0,34
ProductName : hp photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon04
InternalName : HPHmon04
LegalCopyright : Copyright © 2001
OriginalFilename : HPHmon04.exe

#:20 [HPGS2WND.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 4294877963
Threads : 3
Priority : Normal
FileVersion : 2,3,0,0\ 161
ProductVersion : 2,3,0,0\ 161
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:21 [SYMLCSVC.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
ProcessID : 4294668419
Threads : 1
Priority : Normal
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:22 [CCAPP.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 4294665511
Threads : 27
Priority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:23 [HPGS2WNF.EXE]
ModuleName : C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
Command Line : C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE -Embedding
ProcessID : 4294653083
Threads : 2
Priority : Normal
FileVersion : 2, 6, 0, 161
ProductVersion : 2, 6, 0, 161
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:24 [CREATECD.EXE]
ModuleName : C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
Command Line : "C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE" -r
ProcessID : 4294596451
Threads : 11
Priority : Normal
FileVersion : 4.02S (286)
ProductVersion : 4.02S (286)
ProductName : Easy CD Creator
CompanyName : Adaptec
FileDescription : Adaptec Create CD
InternalName : createcd.exe
LegalCopyright : Copyright © 1996-2000 Adaptec, Inc.
OriginalFilename : createcd.exe

#:25 [HPHIPM11.EXE]
ModuleName : C:\WINDOWS\SYSTEM\HPHIPM11.EXE
Command Line : HPHipm11.exe
ProcessID : 4294604551
Threads : 1
Priority : Normal
FileVersion : 4, 5, 0, 770
ProductVersion : 4, 5, 0, 770
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:26 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294305611
Threads : 3
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe

#:27 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
ProcessID : 4294655971
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\70tovmto

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\70tovmto
Value : DisplayName

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\70tovmto
Value : UninstallString

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Swen.A Object Recognized!
Type : Regkey
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT

Win32.Swen.A Object Recognized!
Type : RegValue
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT
Value : Install Item

Win32.Swen.A Object Recognized!
Type : RegValue
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT
Value : Unfile

Win32.Swen.A Object Recognized!
Type : RegValue
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT
Value : CacheBox Outfit

Win32.Swen.A Object Recognized!
Type : RegValue
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT
Value : ZipName

Win32.Swen.A Object Recognized!
Type : RegValue
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT
Value : Email Address

Win32.Swen.A Object Recognized!
Type : RegValue
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT
Value : Server

Win32.Swen.A Object Recognized!
Type : RegValue
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT
Value : VicName

Win32.Swen.A Object Recognized!
Type : RegValue
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT
Value : Installed

Win32.Swen.A Object Recognized!
Type : RegValue
Data : by Begbie
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\RHZHT
Value : Counter Visited

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 14


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SahAgent Object Recognized!
Type : File
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 15



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : MSN Search member directory.url
Category : Misc
Comment : Problematic URL discovered: http://auto.search.m...embersdirectory
Object : C:\WINDOWS\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Reverse Phone Lookup - SMARTPages.url
Category : Misc
Comment : Problematic URL discovered: http://smartpages.in...rt/revphone.htm
Object : C:\WINDOWS\Favorites\Quick Ref Info\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : CarsDirect.com --- 5 stars.url
Category : Misc
Comment : Problematic URL discovered: http://www.carsdirect.com/home
Object : C:\WINDOWS\Favorites\Cars\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
  • 0

#45
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I need to get some work done and won't be back for awhile. I haven't had time to fully look at these:

http://www.virusbtn..../2004/01_01.xml

http://www.dslreport...de=flat#8016601

http://www.dslreport...e=flat~start=20

Read these. It has identified the Win32.Swen.A Object
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP