My computer keeps freezing and I have scanned my computer with ADaware, Spybot S&D, CW Shredder, & Hijack. Here is the latest Hijack log. Would someone please help me out. Thanks so much. Logfile of HijackThis v1.97.7 Scan saved at 5:36:29 PM, on 1/12/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\DEVLDR16.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\PROGRAM FILES\TV VIEWER\TVWAKEUP.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\TV VIEWER\ANNCLIST.exe C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.exe C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.exe C:\WINDOWS\SYSTEM\STIMON.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.exe C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.exe C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.exe C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.exe C:\WINDOWS\SYSTEM\E_S10IC2.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.exe C:\WINDOWS\SYSTEM\INTERNAT.exe C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.exe C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.exe C:\WINDOWS\KEYACC32.exe C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.exe C:\EPC\TOOLBAR\EPSIBAR.exe C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.exe C:\WINDOWS\SYSTEM\GRVSA.exe C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.exe /t O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe" O4 - HKLM\..\Run: [EM_EXEC] c:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [OWCCardbusTray] ocbtray.exe O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\SYSTEM\E_S10IC2.exe /P19 "EPSON Stylus CX5200" /O7 "EPUSB1:" /M "Stylus CX5200" O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.exe -r O4 - HKLM\..\RunServices: [TVWakeup] C:\Progra~1\TVView~1\tvwakeup.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [VidSvr] O4 - HKLM\..\RunServices: [Announcements] C:\Program Files\TV Viewer\annclist.exe O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.exe" O4 - HKCU\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.exe 1 O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe O4 - Startup: PowerReg SchedulerV2.exe O4 - Startup: EPSI ToolBar.lnk = C:\EPC\Toolbar\EPSIBar.exe O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.exe O8 - Extra context menu item: Get It With Kontiki - res://C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL/201 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1066097665230 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

GRVSA.EXE looks suspicious. I couldn't find anything online about it, and it's not on my computer. If you don't know what it is, scan it with antivirus. If that doesn't come up with anything, submit to the antivirus company. That's the only thing I found odd. The rest of the stuff took some digging but ended up being soundcard drivers, monitor drivers, or legit programs. Good luck. <><><>Tope<><><>

apike1975, Can you goto C:\WINDOWS\SYSTEM\GRVSA.exe <<and right click on this file, then click on Properties and tell me the File size,Created date,Modified date. Then click on the Version tab and give me the info in the Other version information section. Have a nice day. :) Trpm

Trpm, Thanks for your comments. Here is the info you requested: File size: Size 100kb, Size on disk 104kb Created: 11/07/03 Modified: 10/23/00 (isn't this kinda odd that the modified date is before the created date?!?!) Other Version Info Comments: Asyncronous ValueStore Company Name: GenRad Limited File Version Description: 2,2,0,1 Internal Name: GRVSA Language: English Legal Trademarks: I OLE SelfRegister: $ Original Filename: GRVSA.exe Product Name: GRVSA Module Product Version: 1,0,0,3 Special Build Description: $ Thanks so much, Adam

apike1975, Here is what little I have found so far. List of Nominet Tag Holders Below is the current list of Tags registered with Nominet UK for use with the Automaton. Please note this list may not include very recent Tag registrations. If you have a query regarding the omission of a Tag from this list please e-mail nominet@nominet.org.uk. Last updated: Mon Sep 9 08:00:01 2002. GENRAD=GenRad Limited Organization: GENRAD LIMITED Country: UNITED KINGDOM Organization Type: Private non research org. Collaboration Organizations: 5 Check out this GENRAD LIMITED link I found, under Projects (1): click on RIMSAT. Sounds like info collection to me, if that don't make you paranoid what will...LOL http://pi.ijs.si/ProjectIntelligence.Exe?Cm=Org&Org=GENRAD+LIMITED I am still trying to cross referance the GRVSA.exe file, I'll let you know what I find. Could you copy and zip up that file, then send it to me at marlin_frost@yahoo.com Thanks and have a nice day. :) Trpm

I can see that you have EPC (Electronic parts catalog for Saab) installed. Genrad made this program (Look at the startup window). I guess you have Wis installed as well. When you start Wis grvsa.exe will start as well. So you can stop being paranoid =). /JK