# Solved: Very Long Boot Time... PLEASE HELP



## Hodie (Sep 14, 2005)

First timer here... I have read many post here and solved many of my problems without asking but my reboots are extremely slow now, hanging on the Windows 98 screen. I have had recent problems with spyware and virus and have downloaded Spybot, Ad-Aware, AVG 7.0 and run and removed. Have uninstalled them all now and running just the Yahoo Packages that come with SBC Global DSL.

Any Suggestions? How do I clean up my hijack log?

Hodie
Dell Inspiron 5000
Windows 98SE
500 mhz
Pentium III

Hyjack This Log to follow:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:38 AM, on 9/15/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
c:\JETSUITE\jshelper.exe
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\ISAFE.EXE
C:\JETSUITE\JETSTAT.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVTRAY.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVRID.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\YAHOO!\YOP\YOP.EXE
C:\PROGRAM FILES\2WIRE 802.11G WIRELESS\PRISMCFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PRISMSVR.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\TONIARTS\EASYCLEANER\EASYCLEA.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\tnbol.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {AB6C3669-3F32-E463-BE37-B709B0410DB6} - C:\WINDOWS\SYSTEM\NETAK32.DLL
O2 - BHO: Class - {66D794D9-8036-58BC-9B54-5EC422966E07} - C:\WINDOWS\IPDY.DLL
O2 - BHO: Class - {EE738B8F-CBE3-4FED-4E0D-706844AA234F} - C:\WINDOWS\NTHJ32.DLL
O2 - BHO: Class - {70C16516-DD4B-4D45-25B8-08A6D18C29C2} - C:\WINDOWS\SYSTEM\IEIS32.DLL
O2 - BHO: Class - {D476F3A0-4D6E-CAD1-1014-B290A1A15520} - C:\WINDOWS\NETPA.DLL
O2 - BHO: Class - {087899FB-71F1-C680-3656-92E12F8C1179} - C:\WINDOWS\SYSQY32.DLL
O2 - BHO: Class - {3C0786CD-7F98-C405-789C-7CE5B6F8E94C} - C:\WINDOWS\SYSTEM\APPRU32.DLL
O2 - BHO: Class - {0DD6BB03-8289-D618-06F8-B2AA52FEFF61} - C:\WINDOWS\IEUI.DLL
O2 - BHO: Class - {4476003E-1C4F-1EF2-097F-B2D801824FD1} - C:\WINDOWS\ADDBW.DLL
O2 - BHO: Class - {7C3BBC8D-B49A-D1B0-F547-0CD02B1BE5C3} - C:\WINDOWS\SYSTEM\D3EX32.DLL
O2 - BHO: Class - {1E8AF320-F527-4BD5-6198-BD7AF3EF55C5} - C:\WINDOWS\SYSTEM\NETOC32.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: Class - {A1A78BE6-3485-9621-F44A-C7518D2AA3C5} - C:\WINDOWS\SYSTEM\SYSVN32.DLL
O2 - BHO: Class - {02CFD1C2-140E-D24C-8F22-57E2D3199FBF} - C:\WINDOWS\SYSTEM\SYSDJ.DLL
O2 - BHO: Class - {75BCC47F-FF73-DFD6-3935-55E8AFDD2820} - C:\WINDOWS\NETJM32.DLL
O2 - BHO: Class - {337E3897-DE2F-0288-F235-DF9E68486F78} - C:\WINDOWS\SYSTEM\IEJJ32.DLL
O2 - BHO: Class - {0630C0D7-57B1-963E-4223-CA91BA95671D} - C:\WINDOWS\SYSTEM\JAVACO32.DLL
O2 - BHO: Class - {321C5BDC-E19F-EDB0-D567-3AAE7CF0E147} - C:\WINDOWS\SYSTEM\IERZ.DLL
O2 - BHO: Class - {93960152-A646-B05A-66F9-059371171227} - C:\WINDOWS\SYSTEM\IPWT32.DLL
O2 - BHO: Class - {59341BB5-84D8-8F0E-6242-81D1B978A741} - C:\WINDOWS\SYSTEM\JAVAAT32.DLL
O2 - BHO: Class - {AB90306E-6E13-23FC-F00B-0204CAD2906D} - C:\WINDOWS\SYSTEM\D3QD.DLL
O2 - BHO: Class - {C39846EA-E45C-F6C4-9160-FBF430FD30AC} - C:\WINDOWS\SYSTEM\NETSU32.DLL
O2 - BHO: Class - {EEEFBCBE-8B07-CBAA-9E65-D51793FDEC0B} - C:\WINDOWS\SYSTEM\JAVALR.DLL
O2 - BHO: Class - {1C7351B3-0400-677E-2EA7-53989CDCDEB1} - C:\WINDOWS\IEFH32.DLL
O2 - BHO: Class - {E3C4F68E-75A1-3826-8C43-A539687A0B29} - C:\WINDOWS\SYSTEM\MSKN32.DLL
O2 - BHO: Class - {B94286B3-9087-D351-F81A-C5079026EC35} - C:\WINDOWS\IPJR.DLL
O2 - BHO: Class - {3C4627AE-0AA1-6241-BD1A-86B034544854} - C:\WINDOWS\WINVI32.DLL
O2 - BHO: Class - {716FB124-BD7B-5B90-675A-E1481BF8F21A} - C:\WINDOWS\SYSTEM\APPTV.DLL
O2 - BHO: Class - {B4F78BE0-A458-F534-D2C1-EFF76474FD83} - C:\WINDOWS\SYSTEM\APPOX.DLL
O2 - BHO: Class - {B30C8500-2E50-9E08-6F84-A7EFAE5C75C3} - C:\WINDOWS\SYSTEM\IPFZ.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [AtiGart] c:\Ati\Gart\AtiGart.exe
O4 - HKLM\..\Run: [ATIPOLAB] ati2plab.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\YAHOO!\ANTIVI~1\VETMSG.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\PROGRAM FILES\TONIARTS\EASYCLEANER\EASYCLEA.EXE" -s -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [eZulaMain] C:\Program Files\eZula\eZulaMain.exe
O4 - Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Dell Home - {FB2A7A80-0720-11D4-B3A0-004347C12700} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll


----------



## Wolfeymole (Jun 18, 2005)

You have a fair bit of trash in there Hodie but I'm not up on HJT enough just yet to comment. Some one will sort it for you though so hang about ok.


----------



## Hodie (Sep 14, 2005)

thank you for your reply wolfey... man, i have no idea what all that crap is or how it got there... i did try to upgrade from windows 98se to windows 2000 pro but was unsuccessful because cd quit reading disk??? Am I too far gone to fix? or should I try to reinstall a new operating system and start over?

Thanks All


----------



## Wolfeymole (Jun 18, 2005)

I myself do like to do a complete re-install every so often, but we can get this sorted.
Things like spybot etc need to be updated and run on a regular basis.
If you get the things that I have listed and maintain them you won't go far wrong.


----------



## Hodie (Sep 14, 2005)

My problem with re-install is that I am running an OEM version and do not have the recovery disk...  I have looked at many peoples hijack log and none are as LONG as mine... how can I clean it up a little?


----------



## Hodie (Sep 14, 2005)

Dell Inspiron 5000
Windows 98se
Pentium III
500 MHZ
196 mb RAM

Help... It takes over 5 to 6 minutes for my computer to boot (hanging on windows 98 screen)... have had virus in past and it might be coming back?
How can figure out what is going on? bootlog.txt? registry?


----------



## Cookiegal (Aug 27, 2003)

Please do this. *Click here* to download HijackThis.

Close all open windows and open HijackThis. Click Scan. When the scan is finished, the scan button will change to Save Log. Click on Save Log and then save it to Notepad. Click on Edit  Select all  copy and then paste into the thread.

*DO NOT FIX ANYTHING YET*, most items that appear in the log are harmless or even needed.


----------



## Cookiegal (Aug 27, 2003)

I have merged both of your threads together. When you started a new one, I didn't know that you had already posted it here.

Please keep all replies in this thread.

Please download and run the following program(s):

*AD-AWARE*

Go *here* and download Ad-Aware SE.

Install the program and launch it.

First, in the main window look in the bottom right corner and click on *Check for updates now* then click *Connect* and download the latest reference files.

From the main window, click *Start* then under *Select a scan Mode* tick *Perform full system scan*.

Next, deselect *Search for negligible risk entries*.

Now to perform a scan, click the *Next* button.

When the scan is finished, mark everything for removal and get rid of it. To do so, right-click in the window and choose *select all* from the drop down menu and then click *Next*)

*SPYBOT SEARCH & DESTROY*

Go *here* and download *Spybot Search & Destroy*.

Install the program and launch it.

Before scanning press *Online* and *Search for Updates* .

Put a check mark at and install *all updates*.

Click *Check for Problems* and when the scan is finished let Spybot fix/remove *all* it finds marked in RED.

*Restart your computer*.

*CLEANUP*

Download Cleanup from *Here* 

 A window will open and choose *SAVE*, then *DESKTOP* as the destination.
 On your Desktop, click on *Cleanup40.exe icon.*
 Then, click *RUN* and place a checkmark beside "*I Agree*"
 Then click *NEXT* followed by *START* and *OK.*
 A window will appear with many choices, *keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.*
 Click* OK*
 *DO NOT RUN IT YET*

*Click here* for info on how to boot to safe mode if you don't already know how.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Cleanup: 
 Click on the "*Cleanup*" button and let it run.
 Once its done, *close the program*.

Go to Control Panel - Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Restart back into Windows normally now.

Do a *Panda Active Scan*. Be sure to save the log it creates.

*Come back here and post a new HijackThis log, as well as the log from the and Panda scan.*


----------



## Hodie (Sep 14, 2005)

Cookie... your the bomb dot com... I will do all you asked when i return this afternoon... THANK YOU SO MUCH!!!!!!!!!!


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## Hodie (Sep 14, 2005)

Ok I am back... i'm sure you saw the first hjt log above... i will do another one when i reboot in "normal boot" mode. Let me give you a little more history before we start this...

All this stuff started when I went to DSL service through sbc and got their browser. I have downloaded many different spy blockers and ran them with "some" success along with the canned protection you get from yahoo... I could never and still today, can't get rid of the "Home Search Assistant", "Search Extender" and "Shopping Wizard" in the add/remove programs list and I still have a pop-up "windows security thing" still coming up... it just happened a minute ago... OK, as a last ditch effort, a week ago, I got piarated copy of Win 2K Pro from a friend and tried to do a complete new install but it failed half way through it... so now i might have problems with THAT now... because when i hit the F8 function button to go to "safe mode" the start screen says Windows 2000 start menu... but when I enable the start menu from msconfig the start menu is Windows 98... (you like apples? what do think of them apples... LOL) It's driving me crazy... I thank you in advance. Of yeah, Ad-aware and spybot bot do a good job... but hang up sometimes... i have loaded and unloaded them several times and now have only the canned software from yahoo... I think i will uninstall the yahoo before running the ad-aware, etc.... should I?

I will post my full blown boot hjt log next post... thanks


----------



## Hodie (Sep 14, 2005)

I am now running with 51% resources left....

Here is HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:47:03 PM, on 9/16/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
c:\JETSUITE\jshelper.exe
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\MFCKD.EXE
C:\WINDOWS\NTQM32.EXE
C:\JETSUITE\JETSTAT.EXE
C:\WINDOWS\SYSTEM\ADDRV.EXE
C:\WINDOWS\WINHQ.EXE
C:\WINDOWS\SYSTEM\APPHT.EXE
C:\WINDOWS\JAVAFJ.EXE
C:\WINDOWS\NTEA.EXE
C:\WINDOWS\SYSTEM\ATLGN.EXE
C:\WINDOWS\ATLVE.EXE
C:\WINDOWS\IPQH32.EXE
C:\WINDOWS\APPDH.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\SYSTEM\SYSLD.EXE
C:\WINDOWS\SYSTEM\IEIQ32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSNJ.EXE
C:\WINDOWS\SYSTEM\ATLOA.EXE
C:\WINDOWS\SDKBI32.EXE
C:\WINDOWS\NETSB.EXE
C:\WINDOWS\MSXH.EXE
C:\WINDOWS\APIBF.EXE
C:\WINDOWS\JAVAVC.EXE
C:\WINDOWS\MFCQF.EXE
C:\WINDOWS\IPXY32.EXE
C:\WINDOWS\SYSTEM\WINKJ32.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVTRAY.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVRID.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\VETMSG.EXE
C:\WINDOWS\SYSTEM\SYSWK.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\WINHQ.EXE
C:\WINDOWS\SYSTEM\MFCKD.EXE
C:\PROGRAM FILES\YAHOO!\YOP\YOP.EXE
C:\PROGRAM FILES\SYMANTEC\ACT\ACTLDR.EXE
C:\PROGRAM FILES\2WIRE 802.11G WIRELESS\PRISMCFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\PRISMSVR.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {AB6C3669-3F32-E463-BE37-B709B0410DB6} - C:\WINDOWS\SYSTEM\NETAK32.DLL
O2 - BHO: Class - {66D794D9-8036-58BC-9B54-5EC422966E07} - C:\WINDOWS\IPDY.DLL
O2 - BHO: Class - {EE738B8F-CBE3-4FED-4E0D-706844AA234F} - C:\WINDOWS\NTHJ32.DLL
O2 - BHO: Class - {70C16516-DD4B-4D45-25B8-08A6D18C29C2} - C:\WINDOWS\SYSTEM\IEIS32.DLL
O2 - BHO: Class - {D476F3A0-4D6E-CAD1-1014-B290A1A15520} - C:\WINDOWS\NETPA.DLL
O2 - BHO: Class - {087899FB-71F1-C680-3656-92E12F8C1179} - C:\WINDOWS\SYSQY32.DLL
O2 - BHO: Class - {3C0786CD-7F98-C405-789C-7CE5B6F8E94C} - C:\WINDOWS\SYSTEM\APPRU32.DLL
O2 - BHO: Class - {0DD6BB03-8289-D618-06F8-B2AA52FEFF61} - C:\WINDOWS\IEUI.DLL
O2 - BHO: Class - {4476003E-1C4F-1EF2-097F-B2D801824FD1} - C:\WINDOWS\ADDBW.DLL
O2 - BHO: Class - {7C3BBC8D-B49A-D1B0-F547-0CD02B1BE5C3} - C:\WINDOWS\SYSTEM\D3EX32.DLL
O2 - BHO: Class - {1E8AF320-F527-4BD5-6198-BD7AF3EF55C5} - C:\WINDOWS\SYSTEM\NETOC32.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: Class - {A1A78BE6-3485-9621-F44A-C7518D2AA3C5} - C:\WINDOWS\SYSTEM\SYSVN32.DLL
O2 - BHO: Class - {02CFD1C2-140E-D24C-8F22-57E2D3199FBF} - C:\WINDOWS\SYSTEM\SYSDJ.DLL
O2 - BHO: Class - {75BCC47F-FF73-DFD6-3935-55E8AFDD2820} - C:\WINDOWS\NETJM32.DLL
O2 - BHO: Class - {337E3897-DE2F-0288-F235-DF9E68486F78} - C:\WINDOWS\SYSTEM\IEJJ32.DLL
O2 - BHO: Class - {0630C0D7-57B1-963E-4223-CA91BA95671D} - C:\WINDOWS\SYSTEM\JAVACO32.DLL
O2 - BHO: Class - {321C5BDC-E19F-EDB0-D567-3AAE7CF0E147} - C:\WINDOWS\SYSTEM\IERZ.DLL
O2 - BHO: Class - {93960152-A646-B05A-66F9-059371171227} - C:\WINDOWS\SYSTEM\IPWT32.DLL
O2 - BHO: Class - {59341BB5-84D8-8F0E-6242-81D1B978A741} - C:\WINDOWS\SYSTEM\JAVAAT32.DLL
O2 - BHO: Class - {AB90306E-6E13-23FC-F00B-0204CAD2906D} - C:\WINDOWS\SYSTEM\D3QD.DLL
O2 - BHO: Class - {C39846EA-E45C-F6C4-9160-FBF430FD30AC} - C:\WINDOWS\SYSTEM\NETSU32.DLL
O2 - BHO: Class - {EEEFBCBE-8B07-CBAA-9E65-D51793FDEC0B} - C:\WINDOWS\SYSTEM\JAVALR.DLL
O2 - BHO: Class - {1C7351B3-0400-677E-2EA7-53989CDCDEB1} - C:\WINDOWS\IEFH32.DLL
O2 - BHO: Class - {E3C4F68E-75A1-3826-8C43-A539687A0B29} - C:\WINDOWS\SYSTEM\MSKN32.DLL
O2 - BHO: Class - {B94286B3-9087-D351-F81A-C5079026EC35} - C:\WINDOWS\IPJR.DLL
O2 - BHO: Class - {3C4627AE-0AA1-6241-BD1A-86B034544854} - C:\WINDOWS\WINVI32.DLL
O2 - BHO: Class - {716FB124-BD7B-5B90-675A-E1481BF8F21A} - C:\WINDOWS\SYSTEM\APPTV.DLL
O2 - BHO: Class - {B4F78BE0-A458-F534-D2C1-EFF76474FD83} - C:\WINDOWS\SYSTEM\APPOX.DLL
O2 - BHO: Class - {B30C8500-2E50-9E08-6F84-A7EFAE5C75C3} - C:\WINDOWS\SYSTEM\IPFZ.DLL
O2 - BHO: Class - {C3967791-2E22-44BF-0AAB-3986EB6567DE} - C:\WINDOWS\ATLJV.DLL
O2 - BHO: Class - {0322C236-CF31-5AE2-1396-B869E307B629} - C:\WINDOWS\SYSTEM\NETDW32.DLL
O2 - BHO: Class - {569A8D32-0108-F6A7-6EE3-9094FC97B318} - C:\WINDOWS\ATLJZ32.DLL
O2 - BHO: Class - {A5AC7366-36E2-7400-BED8-41EC50B36BEC} - C:\WINDOWS\SDKHI32.DLL
O2 - BHO: Class - {DFE091D2-CAB9-B062-4548-24A5F62AEB7A} - C:\WINDOWS\ATLOZ32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\YAHOO!\ANTIVI~1\VETMSG.EXE
O4 - HKLM\..\Run: [SYSWK.EXE] C:\WINDOWS\SYSTEM\SYSWK.EXE
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [AtiGart] c:\Ati\Gart\AtiGart.exe
O4 - HKLM\..\Run: [ATIPOLAB] ati2plab.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [YBROWSER.EXE] C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O4 - HKLM\..\RunServices: [MFCKD.EXE] C:\WINDOWS\SYSTEM\MFCKD.EXE /s
O4 - HKLM\..\RunServices: [NTQM32.EXE] C:\WINDOWS\NTQM32.EXE /s
O4 - HKLM\..\RunServices: [ADDRV.EXE] C:\WINDOWS\SYSTEM\ADDRV.EXE /s
O4 - HKLM\..\RunServices: [WINHQ.EXE] C:\WINDOWS\WINHQ.EXE /s
O4 - HKLM\..\RunServices: [APPHT.EXE] C:\WINDOWS\SYSTEM\APPHT.EXE /s
O4 - HKLM\..\RunServices: [JAVAFJ.EXE] C:\WINDOWS\JAVAFJ.EXE /s
O4 - HKLM\..\RunServices: [NTEA.EXE] C:\WINDOWS\NTEA.EXE /s
O4 - HKLM\..\RunServices: [ATLGN.EXE] C:\WINDOWS\SYSTEM\ATLGN.EXE /s
O4 - HKLM\..\RunServices: [ATLVE.EXE] C:\WINDOWS\ATLVE.EXE /s
O4 - HKLM\..\RunServices: [IPQH32.EXE] C:\WINDOWS\IPQH32.EXE /s
O4 - HKLM\..\RunServices: [APPDH.EXE] C:\WINDOWS\APPDH.EXE /s
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [ATLKV32.EXE] C:\WINDOWS\ATLKV32.EXE /s
O4 - HKLM\..\RunServices: [SDKSU32.EXE] C:\WINDOWS\SDKSU32.EXE /s
O4 - HKLM\..\RunServices: [SYSLD.EXE] C:\WINDOWS\SYSTEM\SYSLD.EXE /s
O4 - HKLM\..\RunServices: [IPNU32.EXE] C:\WINDOWS\IPNU32.EXE /s
O4 - HKLM\..\RunServices: [IEIQ32.EXE] C:\WINDOWS\SYSTEM\IEIQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKNS32.EXE] C:\WINDOWS\SDKNS32.EXE /s
O4 - HKLM\..\RunServices: [MSNJ.EXE] C:\WINDOWS\SYSTEM\MSNJ.EXE /s
O4 - HKLM\..\RunServices: [D3ZD32.EXE] C:\WINDOWS\D3ZD32.EXE /s
O4 - HKLM\..\RunServices: [ATLOA.EXE] C:\WINDOWS\SYSTEM\ATLOA.EXE /s
O4 - HKLM\..\RunServices: [APPYW32.EXE] C:\WINDOWS\APPYW32.EXE /s
O4 - HKLM\..\RunServices: [APPCQ.EXE] C:\WINDOWS\APPCQ.EXE /s
O4 - HKLM\..\RunServices: [JAVAFI.EXE] C:\WINDOWS\JAVAFI.EXE /s
O4 - HKLM\..\RunServices: [ADDUT32.EXE] C:\WINDOWS\SYSTEM\ADDUT32.EXE /s
O4 - HKLM\..\RunServices: [ATLUE.EXE] C:\WINDOWS\ATLUE.EXE /s
O4 - HKLM\..\RunServices: [MFCAB32.EXE] C:\WINDOWS\SYSTEM\MFCAB32.EXE /s
O4 - HKLM\..\RunServices: [NTMC32.EXE] C:\WINDOWS\NTMC32.EXE /s
O4 - HKLM\..\RunServices: [SDKBI32.EXE] C:\WINDOWS\SDKBI32.EXE /s
O4 - HKLM\..\RunServices: [NETSB.EXE] C:\WINDOWS\NETSB.EXE /s
O4 - HKLM\..\RunServices: [MSXH.EXE] C:\WINDOWS\MSXH.EXE /s
O4 - HKLM\..\RunServices: [APIBF.EXE] C:\WINDOWS\APIBF.EXE /s
O4 - HKLM\..\RunServices: [JAVAVC.EXE] C:\WINDOWS\JAVAVC.EXE /s
O4 - HKLM\..\RunServices: [MFCQF.EXE] C:\WINDOWS\MFCQF.EXE /s
O4 - HKLM\..\RunServices: [IPXY32.EXE] C:\WINDOWS\IPXY32.EXE /s
O4 - HKLM\..\RunServices: [WINKJ32.EXE] C:\WINDOWS\SYSTEM\WINKJ32.EXE /s
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: ACT! Speed Loader.lnk = C:\Program Files\Symantec\ACT\ACTLDR.EXE
O4 - Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Dell Home - {FB2A7A80-0720-11D4-B3A0-004347C12700} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll

will be back online after dinner... thank you again


----------



## Cookiegal (Aug 27, 2003)

First of all, let me say that we can't help you with any problems you may have caused trying to install a pirated copy of W2K as that is against the forum rules:

http://www.techguy.org/rules.html

First copy the contents of the quote box to Notepad. Go to File - Save As and name it Fix.reg (save as type: all files )



> REGEDIT4
> 
> [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]
> 
> ...


You will need to download the following tools and have them ready to run. Do not run any of them until instructed to do so:

Download Killbox here: http://www.thespykiller.co.uk/files/killbox.exe and save it to your desktop.
Click here: http://cwshredder.net/bin/CWSInstall.exe to download CWSinstall.exe to the desktop.

Click: http://www.majorgeeks.com/AboutBuster_d4289.html to download AboutBuster created by Rubber Ducky.

Unzip AboutBuster to the Desktop then click the "Update Button" then click "Check for Update" and download the updates and then click "Exit" because I don't want you to run it yet. Just get the updates so it is ready to run later in safe mode.

Now go ahead and set your computer to show hidden files like so:

Open My Computer. 
Select the View menu and click Folder Options. 
Select the View Tab.
In the Hidden files section select show all files.
Click OK.

After you have downloaded all the above tools, sign off the Internet and remain offline until this procedure is complete. Copy these instructions to notepad and save them on your desktop for easy access. You must follow these directions exactly and you cannot skip any part of it.

Now, restart to safe mode and perform the following steps in safe mode:

Click here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 for info on how to boot to safe mode if you don't already know how.

Double click on the fix.reg file you saved at the beginning to enter into the registry. Answer yes when asked to have its contents added to the registry.

Run Hijack This and put a check by these entries:

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\ietlo.dll/sp.html#44768

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {AB6C3669-3F32-E463-BE37-B709B0410DB6} - C:\WINDOWS\SYSTEM\NETAK32.DLL

O2 - BHO: Class - {66D794D9-8036-58BC-9B54-5EC422966E07} - C:\WINDOWS\IPDY.DLL

O2 - BHO: Class - {EE738B8F-CBE3-4FED-4E0D-706844AA234F} - C:\WINDOWS\NTHJ32.DLL

O2 - BHO: Class - {70C16516-DD4B-4D45-25B8-08A6D18C29C2} - C:\WINDOWS\SYSTEM\IEIS32.DLL

O2 - BHO: Class - {D476F3A0-4D6E-CAD1-1014-B290A1A15520} - C:\WINDOWS\NETPA.DLL

O2 - BHO: Class - {087899FB-71F1-C680-3656-92E12F8C1179} - C:\WINDOWS\SYSQY32.DLL

O2 - BHO: Class - {3C0786CD-7F98-C405-789C-7CE5B6F8E94C} - C:\WINDOWS\SYSTEM\APPRU32.DLL

O2 - BHO: Class - {0DD6BB03-8289-D618-06F8-B2AA52FEFF61} - C:\WINDOWS\IEUI.DLL

O2 - BHO: Class - {4476003E-1C4F-1EF2-097F-B2D801824FD1} - C:\WINDOWS\ADDBW.DLL
O2 - BHO: Class - {7C3BBC8D-B49A-D1B0-F547-0CD02B1BE5C3} - C:\WINDOWS\SYSTEM\D3EX32.DLL

O2 - BHO: Class - {1E8AF320-F527-4BD5-6198-BD7AF3EF55C5} - C:\WINDOWS\SYSTEM\NETOC32.DLL

O2 - BHO: Class - {A1A78BE6-3485-9621-F44A-C7518D2AA3C5} - C:\WINDOWS\SYSTEM\SYSVN32.DLL

O2 - BHO: Class - {02CFD1C2-140E-D24C-8F22-57E2D3199FBF} - C:\WINDOWS\SYSTEM\SYSDJ.DLL

O2 - BHO: Class - {75BCC47F-FF73-DFD6-3935-55E8AFDD2820} - C:\WINDOWS\NETJM32.DLL

O2 - BHO: Class - {337E3897-DE2F-0288-F235-DF9E68486F78} - C:\WINDOWS\SYSTEM\IEJJ32.DLL

O2 - BHO: Class - {0630C0D7-57B1-963E-4223-CA91BA95671D} - C:\WINDOWS\SYSTEM\JAVACO32.DLL

O2 - BHO: Class - {321C5BDC-E19F-EDB0-D567-3AAE7CF0E147} - C:\WINDOWS\SYSTEM\IERZ.DLL

O2 - BHO: Class - {93960152-A646-B05A-66F9-059371171227} - C:\WINDOWS\SYSTEM\IPWT32.DLL

O2 - BHO: Class - {59341BB5-84D8-8F0E-6242-81D1B978A741} - C:\WINDOWS\SYSTEM\JAVAAT32.DLL

O2 - BHO: Class - {AB90306E-6E13-23FC-F00B-0204CAD2906D} - C:\WINDOWS\SYSTEM\D3QD.DLL

O2 - BHO: Class - {C39846EA-E45C-F6C4-9160-FBF430FD30AC} - C:\WINDOWS\SYSTEM\NETSU32.DLL

O2 - BHO: Class - {EEEFBCBE-8B07-CBAA-9E65-D51793FDEC0B} - C:\WINDOWS\SYSTEM\JAVALR.DLL

O2 - BHO: Class - {1C7351B3-0400-677E-2EA7-53989CDCDEB1} - C:\WINDOWS\IEFH32.DLL

O2 - BHO: Class - {E3C4F68E-75A1-3826-8C43-A539687A0B29} - C:\WINDOWS\SYSTEM\MSKN32.DLL

O2 - BHO: Class - {B94286B3-9087-D351-F81A-C5079026EC35} - C:\WINDOWS\IPJR.DLL

O2 - BHO: Class - {3C4627AE-0AA1-6241-BD1A-86B034544854} - C:\WINDOWS\WINVI32.DLL

O2 - BHO: Class - {716FB124-BD7B-5B90-675A-E1481BF8F21A} - C:\WINDOWS\SYSTEM\APPTV.DLL

O2 - BHO: Class - {B4F78BE0-A458-F534-D2C1-EFF76474FD83} - C:\WINDOWS\SYSTEM\APPOX.DLL

O2 - BHO: Class - {B30C8500-2E50-9E08-6F84-A7EFAE5C75C3} - C:\WINDOWS\SYSTEM\IPFZ.DLL

O2 - BHO: Class - {C3967791-2E22-44BF-0AAB-3986EB6567DE} - C:\WINDOWS\ATLJV.DLL

O2 - BHO: Class - {0322C236-CF31-5AE2-1396-B869E307B629} - C:\WINDOWS\SYSTEM\NETDW32.DLL

O2 - BHO: Class - {569A8D32-0108-F6A7-6EE3-9094FC97B318} - C:\WINDOWS\ATLJZ32.DLL

O2 - BHO: Class - {A5AC7366-36E2-7400-BED8-41EC50B36BEC} - C:\WINDOWS\SDKHI32.DLL

O2 - BHO: Class - {DFE091D2-CAB9-B062-4548-24A5F62AEB7A} - C:\WINDOWS\ATLOZ32.DLL

O4 - HKLM\..\Run: [SYSWK.EXE] C:\WINDOWS\SYSTEM\SYSWK.EXE

O4 - HKLM\..\RunServices: [MFCKD.EXE] C:\WINDOWS\SYSTEM\MFCKD.EXE /s

O4 - HKLM\..\RunServices: [NTQM32.EXE] C:\WINDOWS\NTQM32.EXE /s

O4 - HKLM\..\RunServices: [ADDRV.EXE] C:\WINDOWS\SYSTEM\ADDRV.EXE /s

O4 - HKLM\..\RunServices: [WINHQ.EXE] C:\WINDOWS\WINHQ.EXE /s

O4 - HKLM\..\RunServices: [APPHT.EXE] C:\WINDOWS\SYSTEM\APPHT.EXE /s

O4 - HKLM\..\RunServices: [JAVAFJ.EXE] C:\WINDOWS\JAVAFJ.EXE /s

O4 - HKLM\..\RunServices: [NTEA.EXE] C:\WINDOWS\NTEA.EXE /s

O4 - HKLM\..\RunServices: [ATLGN.EXE] C:\WINDOWS\SYSTEM\ATLGN.EXE /s

O4 - HKLM\..\RunServices: [ATLVE.EXE] C:\WINDOWS\ATLVE.EXE /s

O4 - HKLM\..\RunServices: [IPQH32.EXE] C:\WINDOWS\IPQH32.EXE /s

O4 - HKLM\..\RunServices: [APPDH.EXE] C:\WINDOWS\APPDH.EXE /s

O4 - HKLM\..\RunServices: [ATLKV32.EXE] C:\WINDOWS\ATLKV32.EXE /s

O4 - HKLM\..\RunServices: [SDKSU32.EXE] C:\WINDOWS\SDKSU32.EXE /s

O4 - HKLM\..\RunServices: [SYSLD.EXE] C:\WINDOWS\SYSTEM\SYSLD.EXE /s

O4 - HKLM\..\RunServices: [IPNU32.EXE] C:\WINDOWS\IPNU32.EXE /s

O4 - HKLM\..\RunServices: [IEIQ32.EXE] C:\WINDOWS\SYSTEM\IEIQ32.EXE 
/s

O4 - HKLM\..\RunServices: [SDKNS32.EXE] C:\WINDOWS\SDKNS32.EXE /s

O4 - HKLM\..\RunServices: [MSNJ.EXE] C:\WINDOWS\SYSTEM\MSNJ.EXE /s

O4 - HKLM\..\RunServices: [D3ZD32.EXE] C:\WINDOWS\D3ZD32.EXE /s

O4 - HKLM\..\RunServices: [ATLOA.EXE] C:\WINDOWS\SYSTEM\ATLOA.EXE /s

O4 - HKLM\..\RunServices: [APPYW32.EXE] C:\WINDOWS\APPYW32.EXE /s

O4 - HKLM\..\RunServices: [APPCQ.EXE] C:\WINDOWS\APPCQ.EXE /s

O4 - HKLM\..\RunServices: [JAVAFI.EXE] C:\WINDOWS\JAVAFI.EXE /s

O4 - HKLM\..\RunServices: [ADDUT32.EXE] 
C:\WINDOWS\SYSTEM\ADDUT32.EXE /s

O4 - HKLM\..\RunServices: [ATLUE.EXE] C:\WINDOWS\ATLUE.EXE /s

O4 - HKLM\..\RunServices: [MFCAB32.EXE] 
C:\WINDOWS\SYSTEM\MFCAB32.EXE /s

O4 - HKLM\..\RunServices: [NTMC32.EXE] C:\WINDOWS\NTMC32.EXE /s

O4 - HKLM\..\RunServices: [SDKBI32.EXE] C:\WINDOWS\SDKBI32.EXE /s

O4 - HKLM\..\RunServices: [NETSB.EXE] C:\WINDOWS\NETSB.EXE /s

O4 - HKLM\..\RunServices: [MSXH.EXE] C:\WINDOWS\MSXH.EXE /s

O4 - HKLM\..\RunServices: [APIBF.EXE] C:\WINDOWS\APIBF.EXE /s

O4 - HKLM\..\RunServices: [JAVAVC.EXE] C:\WINDOWS\JAVAVC.EXE /s

O4 - HKLM\..\RunServices: [MFCQF.EXE] C:\WINDOWS\MFCQF.EXE /s

O4 - HKLM\..\RunServices: [IPXY32.EXE] C:\WINDOWS\IPXY32.EXE /s

O4 - HKLM\..\RunServices: [WINKJ32.EXE] 
C:\WINDOWS\SYSTEM\WINKJ32.EXE /s

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)*

Once youve checked all of the above entries, click the "Fix Checked" button.

Exit Hijack This.

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

*C:\WINDOWS\system\ietlo.dll

C:\WINDOWS\SYSTEM\NETAK32.DLL

C:\WINDOWS\SYSTEM\SYSWK.EXE

C:\WINDOWS\SYSTEM\MFCKD.EXE

C:\WINDOWS\NTQM32.EXE

C:\WINDOWS\SYSTEM\ADDRV.EXE

C:\WINDOWS\WINHQ.EXE

C:\WINDOWS\SYSTEM\APPHT.EXE

C:\WINDOWS\JAVAFJ.EXE

C:\WINDOWS\NTEA.EXE

C:\WINDOWS\SYSTEM\ATLGN.EXE

C:\WINDOWS\ATLVE.EXE

C:\WINDOWS\IPQH32.EXE

C:\WINDOWS\APPDH.EXE

C:\WINDOWS\ATLKV32.EXE

C:\WINDOWS\SDKSU32.EXE

C:\WINDOWS\SYSTEM\SYSLD.EXE

C:\WINDOWS\IPNU32.EXE

C:\WINDOWS\SYSTEM\IEIQ32.EXE

C:\WINDOWS\SDKNS32.EXE

C:\WINDOWS\SYSTEM\MSNJ.EXE

C:\WINDOWS\D3ZD32.EXE

C:\WINDOWS\SYSTEM\ATLOA.EXE

C:\WINDOWS\APPYW32.EXE

C:\WINDOWS\APPCQ.EXE

C:\WINDOWS\JAVAFI.EXE

C:\WINDOWS\SYSTEM\ADDUT32.EXE

C:\WINDOWS\ATLUE.EXE

C:\WINDOWS\SYSTEM\MFCAB32.EXE

C:\WINDOWS\NTMC32.EXE

C:\WINDOWS\SDKBI32.EXE

C:\WINDOWS\NETSB.EXE

C:\WINDOWS\MSXH.EXE

C:\WINDOWS\APIBF.EXE

C:\WINDOWS\JAVAVC.EXE

C:\WINDOWS\MFCQF.EXE

C:\WINDOWS\IPXY32.EXE

C:\WINDOWS\SYSTEM\WINKJ32.EXE*

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure not to miss any.

Exit the Killbox.

Next run Aboutbuster. Double click Aboutbuster.exe, click OK, click Start, then click OK. This will scan your computer for the bad files and delete them.

Run CWShredder. Just click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do its thing.

Now, restart back into Windows normally and do the following:

Go to: http://housecall.trendmicro.com/ and do an online virus scan.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself. Housecall will detect the leftover files from this hijacker.

This hijacker is known to alter or delete certain files so check this out please:

Download the Hoster from: http://www.funkytoad.com/download/hoster.zip. nZip the file and press "Restore Original Hosts" and press "OK". Exit Program.

If you have Spybot S&D installed you will also need to replace one file. Go to: http://www.spywareinfo.com/~merijn/winfiles.html and download SDHelper.dll. Copy the file to the folder containing your Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)

control.exe may have been deleted. 
See if control.exe is present in C:\windows

If control.exe isn't there, go to: http://www.richardthelionhearted.com/~merijn/winfiles.html#control, and download control.exe per the instructions at the site.

Unzip the file and copy the new control.exe file to the C:\Windows folder.

IMPORTANT!: Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your active x security settings in IE as recommended here: http://www.jfitz.com/tips/ie_security_config.html


----------



## Hodie (Sep 14, 2005)

Good Morning my hero Cookie... I have followed your instructions to the T.... (I think, I was a "C" student in school, so I got about 70% of it done... LOL) OK, I don't have spybot on computer so skipped that step, and the online virus scan was a little different than described due to updated site? Anyway it ran almost all night last night and didn't find anything, and I couldn't get a good "cut and paste" to the link lionheart, so I downloaded file control.exe from Merjin?, I reset my security settings and of course Yahoo wouldn't run then so I made it a trusted site?

OK, so I think all is well... the restart boot time is still extremely long, but once running, it is a whole lot faster... I THANK YOU... YOU ARE THE BOMB DOT COM... hjt log to follow...

Logfile of HijackThis v1.99.1
Scan saved at 9:02:12 AM, on 9/17/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
c:\JETSUITE\jshelper.exe
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\ISAFE.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\JETSUITE\JETSTAT.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVTRAY.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVRID.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\VETMSG.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\PROGRAM FILES\YAHOO!\YOP\YOP.EXE
C:\PROGRAM FILES\SYMANTEC\ACT\ACTLDR.EXE
C:\PROGRAM FILES\2WIRE 802.11G WIRELESS\PRISMCFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\PRISMSVR.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\YAHOO!\ANTIVI~1\VETMSG.EXE
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [AtiGart] c:\Ati\Gart\AtiGart.exe
O4 - HKLM\..\Run: [ATIPOLAB] ati2plab.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [YBROWSER.EXE] C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: ACT! Speed Loader.lnk = C:\Program Files\Symantec\ACT\ACTLDR.EXE
O4 - Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Dell Home - {FB2A7A80-0720-11D4-B3A0-004347C12700} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

Looks a whole lot better huh?


----------



## Cookiegal (Aug 27, 2003)

The log looks good now. :up:

You should trim down your start-ups as there are too many running. This should improve your boot up time. You can research them at these sites and if they arent required at start-up then you can uncheck them in msconfig via Run - Start - type msconfig and then click on the start-up tab.

http://castlecops.com/StartupList.html
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
http://www.windowsstartup.com/wso/index.php

I also recommend downloading  *SPYWAREBLASTER & SPYWAREGUARD* for added protection.

*Read here* for info on how to tighten your security.


----------



## Hodie (Sep 14, 2005)

Thank you Cookie... I am no longer infected and have safety out the ying yang on my computer now... LOL but.... I hate to say... still a very long boot time... I have been trouble shooting this thing for week now and have learned alot from reading... I have concluded something is wrong with the intial boot... "bootstrap?" don't understand it really... but let me give you an example... another, ongoing problem i have had is a power failure shutdown... my laptop with just shut off like i pushed and held the power button... when this happens and I reboot, the scan disk is run .... in the past when this happened, i would push the power button to turn back on and the start screen appears and the computer would immediately (2-3 seconds) go to the dos/ blue screen scan disk screen... it scans and never finds any problems and starts windows... actually, it loads windows fairly quick from that point. The problem is the very very beginning... in the last week or so, it takes over 5 min to get to the scan disk screen.... that's why i am thinking it's an intial boot problem. I hope i just made sense. Basically, even with proper shut down and reboot, it takes forever for my computer to actually start booting windows?

Again, thank you Cookie.... you have helped me a ton!!!!!


----------



## Cookiegal (Aug 27, 2003)

How old is this computer?


----------



## Perfesser (Jun 2, 2003)

Here's another possibility for you (re long boot time):
Is this the version of SBC Global DSL that isn't 'always connected'...you log in and out when you want to go online?
I had that system, VERRRY long boot time. It was a problem with SBC's software; in network properties, under TCP/IP for the SBC connection, is it set to 'obtain an IP address automatically'? If so that's the problem...since you boot up not connected the system waits for 3-5 minutes or more waiting for the IP address from SBC, which it isn't connected to...finally times out and continues the boot process. I never found a workaround, since SBC is running dynamic IP address (you don't get the same one every time).


----------



## Hodie (Sep 14, 2005)

Interesting Prof.... So if I uninstalled SBC, and just use IE, would it stop? and how do i change my settings to not look for that address or timeout?

My laptop is 1998 Dell Inspiron 5000, Pentium III, 500 Mhz.


----------



## Perfesser (Jun 2, 2003)

I don't think there's a fix. I had SBC Global for about 6 months in Fort Worth and lived with the delay - didn't actually figure it out until I was setting up this computer after the move (having removed SBC) and - no boot delay! I finally figured out the reason when I was installing a network card and it defaulted to 'obtain' and gave me a slow startup .
I was using IE with SBC and it didn't make any difference...the delay is during the first part of the boot process when networking is initializing and trying to get the address.
Someone with more smarts about networking might have a fix but I don't think the settings alone will do it...you have 2 options, either 'obtain an IP address automatically' or 'specify an IP address'...but if SBC is still using dynamic 'specify' isn't a working choice.
Hmmmm...you COULD try this for a test: go to the properties/configuration tab in network neighborhood and select 'TCP/IP for (network card that connects to the modem) and change it to 'assign IP address', enter one such as 168.192.0.255; that's a local network address; apply, close, and reboot. If boot time is normal that's the problem. SBC may have a fix.


----------



## tracer357#1 (Jul 19, 2004)

Hodie said:


> First timer here... I have read many post here and solved many of my problems without asking but my reboots are extremely slow now, hanging on the Windows 98 screen. I have had recent problems with spyware and virus and have downloaded Spybot, Ad-Aware, AVG 7.0 and run and removed. Have uninstalled them all now and running just the Yahoo Packages that come with SBC Global DSL.
> 
> Any Suggestions? How do I clean up my hijack log?
> 
> ...


what it sounds like is you have to many programs or tasks running at startup.
check your "msconfig" and see what you have loading at startup (bootup).
check and see if you can disable something there that will increase your boot time.
start, run, (type in) "msconfig" a window will open look to your far right for a tab "startup" click on it and in there is a list of programs that are running at bootup and running in the background.

see if this helps.


----------



## Hodie (Sep 14, 2005)

Thank you for the tips.. I have limited my start up programs to the bare min and still is very very long boot... it is the very first part of boot... what prof said about looking for an address and time out is probably happening... i can't figure out how to get to the settings on my network connections... I am so happy that i have improved from where i was that i am living with the long boot....  if anybody can help me find the setting on the network would help... my network neighborhood says it is unavailable? thanks all


----------



## Rollin' Rog (Dec 9, 2000)

Run *msconfig* and select the autoexec.bat tab.

Do you see any startup entries for past or present antivirus programs there? If you do, it is running an antivirus scan on startup. You can simply uncheck or delete the entries in Autoexec.bat.

Also when you get to that splash screen, hit "esc" and you will likely see what is taking place beneath it.


----------



## Hodie (Sep 14, 2005)

OK, back from out of town... I hit escape key during boot and maestro is trying to load but I don't think it is because I have choppy sound when playing anything through macromedia flash player? Is there a way I can post that screen to this thread? I think my long boot time and choppy sound are one in the same? I think my boot is trying to load the maestro sound card driver but is "timing out"? because when i use the system tools to check status on sound card, it says the mastro sound is not loaded? Does this make sense?


----------



## Rollin' Rog (Dec 9, 2000)

Did you run *msconfig* and look under the autoexec.bat and config.sys tabs for anything associated with Maestro?

DOS sound drivers are normally loaded through the autoexec.bat file. Nothing in these files are required for Windows to boot. If you saw those drivers loading on the "esc" screen, that's where they should be coming from.

You can easily post what is in those files by running *sysedit* and you will get their text file contents.

All in all though, it sounds like you need to reinstall your sound card drivers. If you don't have a disk for them, visit the Vendor's site. If anything is currently present, it should be removed first.


----------



## Hodie (Sep 14, 2005)

this is my autoexec file:
REM [Header]

REM [CD-ROM Drive]

REM [Miscellaneous]

REM [Display]

@ECHO OFF
c:\maestro.com

?????


----------



## Hodie (Sep 14, 2005)

this config sys:

DEVICE=c:\aecu.sys
REM [Header]

REM [CD-ROM Drive]

REM [Miscellaneous]

REM [Display]

DEVICE=c:\windows\setver.exe
DEVICE=C:\WINDOWS\COMMAND\ANSI.SYS


----------



## Hodie (Sep 14, 2005)

Notice the two commands:
DEVICE=c:\aecu.sys
and
c:\maestro.com

is this correct?


----------



## Rollin' Rog (Dec 9, 2000)

They are both indeed sound card drivers, though I'm surprised to see the one in config.sys

I would just run *msconfig* and select the respective tabs and uncheck the entries for those files.

They really should not affect "Windows" sounds, but if you are having problems there, you should reinstall the Sound card drivers. I would still keep those disabled though, unless you are playing DOS games for which sound is needed, as that is their only purpose.


----------



## Hodie (Sep 14, 2005)

Thank you Rollin' Rog... In my MSCONFIG, the entries are not "checkable", they are just there as a running batch file, don't know if I said that correctly? Should alter both config.sys (remove DEVICE=c:\aecu.sys) and autoexec.bat (remove C:\maestro.com)?
Just to let you know... My sound is OK on running movies, yahoo radio... my choppy sound is coming from media that is ran through Macromedia Flash Player... I have removed it and reinstalled more than once and no change. The troubleshooting page on Macromedia says it is uncommon problem but caused by communication problem between Player, Windows, Card... site did not have a rememdy for problem??? I am about to give up and just live with it but the one problem I would like to fix is my boot time... it is crazy slow, even booting up in safe mood, same boot time (well, a little less boot time, since it isn't loading my start-up programs) but it seems windows goes off and is looking to load something that isn't there and times out? I samed a boot log the other day and the file was so big it wouldn't open in Notepad, had to import it into MS Word... it was 17 pages.... WOW! I'm sure that is not normal... Any feedback?


----------



## Rollin' Rog (Dec 9, 2000)

I have never seen msconfig entries that were not checkable, so I'm not sure what you are seeing there. Moreover neither autoexec.bat or config.sys load in Safe Mode -- so something is screwy there if you are still having long boot times.

But if you cannot uncheck those options individually, you have two choices -- uncheck the entire groups on the General page of msconfig or run *sysedit* and edit the lines thusly:

Rem DEVICE=c:\aecu.sys

and

Rem c:\maestro.com

adding rem and a space makes the lines non-executable.

>> there may be a better way to examine the bootlog. Download "bootlog analyzer" from the site below:

http://www.answersthatwork.com/Downright_pages/downrights_assorted.htm

To use it, after installing it, you must run a "logged boot". Then run Bootlog Analyzer and click the "show delays" tab. You can save the text file and copy/paste the results here.


----------



## Hodie (Sep 14, 2005)

thanks... they were uncheckable.. and i did... and still have sound... and still have studdered/choppy sound on macromedia...

will download program and check out boot log


----------



## Hodie (Sep 14, 2005)

I want to thank Cookiegal for all your help previous and I am sad to say that I believe to be back in the same situation. I have an extremely long boot time (7 min) and problems browsing with Yahoo browser. Script error say permission denied when viewing profile pages? Researched and said a very uncommon problem and that I probably have a virus... I am not sure where to begin. I have download a bootlog viewer and didn't understand it. Should I start with "cleaning" my computer? and then address other problems?

I have tried to dublicate the clean up I did last time but Ad-aware will not run? The "loading definitions" screen will never finish... ctr+alt+del says ad-aware not responding?

Should I start with a full "normal" boot and run HJT?

Any help would be greatly appreciated.

Hodie


----------



## Cookiegal (Aug 27, 2003)

Hodie,

I have merged your new thread with the other one. Rollin' Rog was helping you here.

Please do not start a new thread as this relates to the same problem.

Thank you.


----------



## Hodie (Sep 14, 2005)

Ok... Thanks Cookie... Dear Rollin, I find myself just about to throw in towel... I am sure we can fix this though... should I start with a full normal boot and hjt log?


----------



## Rollin' Rog (Dec 9, 2000)

The question is really where is the delay occuring?

Does it occur primarily before you see the Windows splash screen, during that, or once the desktop is visible, while the tray icons are loading?

For anything occuring before, or possibly during the splash screen it would be necessary to see the results of "bootlog analyzer" as I previously indicated.

You can also try doing a "step by step" confirmation boot (available through the "boot menu") and see if you can identify the general point at which the delay occurs.

For all regular application startups, the way to test is to do "clean boot" troubleshooting:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;192926

If you feel something "new" has become involved since your last post, do post a HijackThis Scanlog. Do this before any "clean boot" changes.

For problems specific to an application like "Yahoo Browser", you should probably remove it and see if any issues remain after that. Then reinstall it.


----------



## Hodie (Sep 14, 2005)

Dear Rollin...
I just now did a "normal" boot with everything loading and ran HJT... Post below...

The long boot time is happening with first Win 98 screen... the boot log analyzer recorded over 89 seconds to load the sound card and "failed". I guess we can address this one step at a time.

Logfile of HijackThis v1.99.1
Scan saved at 9:58:50 AM, on 9/27/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
c:\JETSUITE\jshelper.exe
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\JETSUITE\JETSTAT.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVTRAY.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\CAVRID.EXE
C:\PROGRAM FILES\YAHOO!\ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\TONIARTS\EASYCLEANER\EASYCLEA.EXE
C:\PROGRAM FILES\YAHOO!\YOP\YOP.EXE
C:\WINDOWS\SYSTEM\PRISMSVR.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\UNH SOLUTIONS\IE PRIVACY KEEPER\IEPRIVACYKEEPER.EXE
C:\PROGRAM FILES\SYMANTEC\ACT\ACTLDR.EXE
C:\PROGRAM FILES\2WIRE 802.11G WIRELESS\PRISMCFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\PROGRAM FILES\YAHOO!\BROWSER\YSIDEBARIEBHO.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\YAHOO!\ANTIVI~1\VETMSG.EXE
O4 - HKLM\..\Run: [ToniArts EasyCleaner] "C:\PROGRAM FILES\TONIARTS\EASYCLEANER\EASYCLEA.EXE" -s -startup
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\SYSTEM\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [YBROWSER.EXE] C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [AtiGart] c:\Ati\Gart\AtiGart.exe
O4 - HKLM\..\Run: [ATIPOLAB] ati2plab.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\PROGRAM FILES\UNH SOLUTIONS\IE PRIVACY KEEPER\IEPRIVACYKEEPER.EXE" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: ACT! Speed Loader.lnk = C:\Program Files\Symantec\ACT\ACTLDR.EXE
O4 - Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Dell Home - {FB2A7A80-0720-11D4-B3A0-004347C12700} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

Thank You,
Hodie


----------



## Hodie (Sep 14, 2005)

I just did a re-boot with logging and ran boot analyzer and got the following:

10:22:31 0.39 Loading Device = C:\AECU.SYS
10:22:32 0.00 LoadFailed = C:\AECU.SYS
10:22:32 0.56 LoadSuccess = C:\WINDOWS\IFSHLP.SYS
10:22:33 89.28 c:\MAESTRO.COM[000A4231] starting
10:24:02 2.11 LoadSuccess = C:\WINDOWS\SMARTDRV.EXE
10:24:04 2.06 LoadSuccess = vnetsup.vxd
10:24:07 2.11 LoadSuccess = ndis.vxd
10:24:09 2.11 LoadFailed = ndis2sup.vxd
10:24:09 2.11 LoadFailed = ndis2sup.vxd
10:24:12 2.33 LoadSuccess = C:\WINDOWS\SYSTEM\vfixd.vxd
10:24:15 2.11 LoadSuccess = vnetbios.vxd
10:24:17 2.11 LoadSuccess = vredir.vxd
10:24:19 2.11 LoadSuccess = dfs.vxd
10:24:21 2.11 LoadSuccess = ndiswan.vxd
10:24:23 2.11 LoadSuccess = tsiusb.vxd
10:24:26 2.06 LoadSuccess = NICVxD.vxd
10:24:28 2.00 LoadSuccess = ASPIENUM.VXD
10:24:30 2.17 LoadSuccess = vmouse
10:24:35 0.44 Loading PNP drivers of Processor support (ROOT\PROCESSOR_UPDATE\0000)
10:24:35 2.28 Dynamic load device PCI.VXD
10:24:38 2.17 Dynamic load device serenum.vxd
10:24:40 2.11 Dynamic load device serenum.vxd
10:24:42 2.17 Dynamic load device VPOWERD.VXD
10:24:45 2.17 Dynamic load device pci.vxd
10:24:47 0.44 Loading PNP drivers of Standard 101/102-Key or Microsoft Natural Keyboard (ACPI\*PNP0303\0)
10:24:48 2.28 Dynamic load device PCI.VxD
10:24:50 2.11 Dynamic load device PCI.VxD
10:24:52 2.17 Dynamic load device PCI.VxD
10:24:55 2.11 Dynamic load device PCCARD.vxd
10:24:57 2.11 Dynamic load device cbss.vxd
10:24:59 2.11 Dynamic load device PCCARD.vxd
10:25:01 2.11 Dynamic load device cbss.vxd
10:25:03 0.94 Started Texas Instruments PCI-1225 CardBus Controller (PCI\VEN_104C&DEV_AC1C&SUBSYS_009F1028&REV_01\BUS_00&DEV_04&FUN
10:25:04 2.17 Dynamic load device BayMgr.386
10:25:06 2.11 Dynamic load device baymgr.386
10:25:09 0.44 Loading PNP drivers of Intel 82371AB/EB PCI to USB Universal Host Controller (PCI\VEN_8086&DEV_7112&SUBSYS_00000000&R
10:25:09 2.28 Dynamic load device mmdevldr.vxd
10:25:12 2.17 Dynamic load device ltvcd.vxd
10:25:14 2.22 Dynamic load device ltmodem.vxd
10:25:16 0.39 Started LT Win Modem (PCI\VEN_11C1&DEV_0448&SUBSYS_20001668&REV_01\BUS_00&DEV_10&FUNC_00)
10:25:16 2.33 Dynamic load device ati2vxab.vxd
10:25:19 0.61 Loading PNP drivers of USB Root Hub (USB\ROOT_HUB\PCI&VEN_8086&DEV_7112&SUBSYS_00000000&REV_01&BUS_00&DEV_07&FUNC_02)
10:25:20 2.39 DEVICEINIT = IOS
10:25:24 9.78 Dynamic load success C:\WINDOWS\system\IOSUBSYS\bigmem.drv
10:25:34 0.28 DEVICEINITSUCCESS = IOS
10:25:35 0.44 DEVICEINIT = VDD
10:25:35 0.94 Starting PS/2 Compatible Mouse Port (ACPI\*PNP0F13\0)
10:25:37 0.00 Init Failure ppa3.mpd
10:25:37 6.67 Initing hsflop.pdr
10:25:43 1.39 Initing esdi_506.pdr
10:25:45 1.11 Initing baymgr.mpd
10:25:46 1.78 Initing drvwq117.vxd
10:25:48 2.83 Init Success drvwq117.vxd
10:25:51 0.72 Started Texas Instruments PCI-1225 CardBus Controller (PCI\VEN_104C&DEV_AC1C&SUBSYS_009F1028&REV_01\BUS_00&DEV_04&FUN
10:25:52 1.61 Starting 2Wire 802.11g Cardbus Wireless LAN Card (PCI\VEN_1260&DEV_3886&SUBSYS_00031630&REV_01\002100)
10:25:55 1.00 Starting TCP/IP (NETWORK\MSTCP\0003)
10:25:56 3.00 Loaded PNP drivers of TCP/IP (NETWORK\MSTCP\0003)
10:25:59 1.28 Dynamic init device VETEBOOT
10:26:00 0.39 Dynamic init success VETEBOOT
10:26:01 0.00 INITCOMPLETEFAILED = SDVXD
10:26:01 0.72 INITCOMPLETE = DOSMGR
10:26:02 0.28 Dynamic load success C:\WINDOWS\system\serial.vxd
10:26:04 0.39 Initing drvwppqt.vxd
10:26:07 0.28 Dynamic load device C:\PROGRA~1\YAHOO!\ANTIVI~1\VETEFILE.Vxd
10:26:07 0.67 Dynamic init success VETEFILE
10:26:08 11.28 InitDone = TSRQuery (time estimated)
10:26:19 0.33 Enumerating Standard Floppy Disk Controller (ACPI\*PNP0700\0)
10:26:20 4.83 Enumerating TapeDetection (TAPECONTROLLER\TAPEDETECTION\0000)

the AECU failed? oh, oh... what's up with that willis?


----------



## Rollin' Rog (Dec 9, 2000)

This is abnormal:

10:22:33 89.28 c:\MAESTRO.COM[000A4231] starting

It is taking a minute and a half.

AECU is also, evidently, a sound card file. Did you rem out that entry as suggested previously?

I don't see any malware in the scanlog, but you have rather a lot there and much of it is probably not required.

Have you tried removing your sound card and reloading the drivers either from the original media or an update from the vendor's site?

The information on the following sites can be used to decide what you want to enable/disable in msconfig:

http://www.sysinfo.org/startuplist.php?type=&filter=&count=100&offset=0
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
http://computercops.biz/modules.php?name=StartupList


----------



## Hodie (Sep 14, 2005)

Yes, I updated the sound card files from website... I am thinking of deleteing these files and downloading new ones?

Thank you for the links... but what should I do? Just look at my boot log and uncheck startup in MSCONFIG? How did these options get there in first place? Can I do a regedit and remove them from the startup options all together? The Quicktime option just recently showed up... I hate that too... feel violated. Regarding the AECU "failed" is that a big deal? If you look further into the boot log you will see other things that failed too... any comments?

For now, I am going to try and replace the sound card loading issues (could this be my problem of choppy sound on macromedia?)

But you think I don't have any viruses or spyware?

Thanks in advance.

Hodie


----------



## Rollin' Rog (Dec 9, 2000)

All the '04' items in the HijackThis scanlog have corresponding entries in msconfig > startups. The bootlog items do not as they load early in the boot process. While HijackThis actually deletes them from the registry, msconfig only disables them. That way if you change your mind you can easily recheck something. That is what I would recommend.

Just about everything there is user choice, except for Scanregistry and your antivirus program. Systray should normally be left as well.

I haven't investigated all your startups, but things like OSA office, Quicktime, ToniArts, possibly the Iomega entries are all candidates.

There are some items associated with your wireless connection that may or may not be required. If in doubt or you can't find adequate information, msconfig can be used to test. Nothing done there should be permanent.

This should be checked and fixed with HijackThis:

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

And in Internet Options > Advanced also check "disable script debugging" and UN check "show a notification for every script error" -- so it doesn't show up again.

>> no viruses or spyware

>> I don't believe the failed driver entry is important to Windows sounds.

You might want to consider buying a new sound card if this one does not want to behave properly. I just had a thread resolved in the XP forum where the poster picked up a cheap 10 buck sound card to solve a microphone problem. If you are not in to "theater" type sound, an inexpensive card can be just fine.

Also, if the sound card is a PCI card (not integrated in the motherboard), and you have another open PCI slot, you could try switching.


----------



## Hodie (Sep 14, 2005)

thank you.... I will edit my start up in msconfig and repost a hjt


----------



## Hodie (Sep 14, 2005)

Dear Rollin... I visited the Win98 Tips site and read about deleting temp files and etc., it also says to run a deep scan disk every so often... so i did this while waiting for your next advise to me and I got a messege stating "scan disk has restarted 10 times due another program is writing to disk. Do you want to continue receiving this messege" ???? what is up with that? I do hear a "mouse click" sound every now and then when i just up and running my computer... but i have no idea what is running in background... whatever it is, it is not showing up in the tasklist. Any ideas?


----------



## Rollin' Rog (Dec 9, 2000)

Background programs can interfere with both Scandisk and Defrag. Sometimes it is necessary to run these programs in Safe Mode to eliminate conflicts.

Scandisk may even need to be run from DOS, but try this first. Open the close programs window (ctrl-alt-del) and end task on every process except Explorer and Systray. Then try Scandisk.

I would also recommend you read the article below so you know what to do and what not to do if Scandisk presents you with choices.

http://users.iafrica.com/c/cq/cquirke/scandisk.htm


----------



## Hodie (Sep 14, 2005)

LOL... well, i found that out last night before you posted... I did end up running scan disk in safe mode but it didn't make a difference, but DID finish after about 20 restarts and 2 hours... BUTTTTTTTTTTTT... I now have a semi-regular boot time???? I have no idea what triggered it, but I am just happy... I will run another boot log and post and let you look at it. THANKYOU I will address another hang up problem if you don't mind? should I post here or another thread?


----------



## Hodie (Sep 14, 2005)

I think it was the "Machine Debug Manager" It is not showing up in HJT now?


----------



## Hodie (Sep 14, 2005)

Dear Rollin... Here is new boot log:

8:59:28 0.44 Loading Device = C:\AECU.SYS
8:59:28 0.00 LoadFailed = C:\AECU.SYS
8:59:29 0.50 LoadSuccess = C:\WINDOWS\IFSHLP.SYS
8:59:29 4.56 c:\MAESTRO.COM[0008E3D0] starting
8:59:34 0.06 LoadFailed = ndis2sup.vxd
8:59:39 0.50 Loading PNP drivers of Processor support (ROOT\PROCESSOR_UPDATE\0000)
8:59:40 0.28 Loading PNP drivers of Plug and Play Software Device Enumerator (ROOT\SWENUM\0000)
8:59:41 0.44 Loading PNP drivers of Standard 101/102-Key or Microsoft Natural Keyboard (ACPI\*PNP0303\0)
8:59:43 0.89 Started Texas Instruments PCI-1225 CardBus Controller (PCI\VEN_104C&DEV_AC1C&SUBSYS_009F1028&REV_01\BUS_00&DEV_04&FUN
8:59:45 0.39 Started LT Win Modem (PCI\VEN_11C1&DEV_0448&SUBSYS_20001668&REV_01\BUS_00&DEV_10&FUNC_00)
8:59:45 0.67 Loading PNP drivers of USB Root Hub (USB\ROOT_HUB\PCI&VEN_8086&DEV_7112&SUBSYS_00000000&REV_01&BUS_00&DEV_07&FUNC_02)
8:59:49 9.78 Dynamic load success C:\WINDOWS\system\IOSUBSYS\bigmem.drv
8:59:59 0.50 DEVICEINIT = VDD
8:59:59 0.89 Starting PS/2 Compatible Mouse Port (ACPI\*PNP0F13\0)
9:00:01 0.28 Initing ppa3.mpd
9:00:01 0.06 Init Failure ppa3.mpd
9:00:01 6.61 Initing hsflop.pdr
9:00:08 1.44 Initing esdi_506.pdr
9:00:09 1.22 Initing baymgr.mpd
9:00:10 1.78 Initing drvwq117.vxd
9:00:12 0.44 Init Success drvwq117.vxd
9:00:13 0.72 Started Texas Instruments PCI-1225 CardBus Controller (PCI\VEN_104C&DEV_AC1C&SUBSYS_009F1028&REV_01\BUS_00&DEV_04&FUN
9:00:14 1.61 Starting 2Wire 802.11g Cardbus Wireless LAN Card (PCI\VEN_1260&DEV_3886&SUBSYS_00031630&REV_01\002100)
9:00:16 6.06 Starting TCP/IP (NETWORK\MSTCP\0003)
9:00:22 3.00 Loaded PNP drivers of TCP/IP (NETWORK\MSTCP\0003)
9:00:26 1.33 Dynamic init device VETEBOOT
9:00:27 0.44 Dynamic init success VETEBOOT
9:00:28 0.00 INITCOMPLETEFAILED = SDVXD
9:00:28 0.67 INITCOMPLETE = DOSMGR
9:00:29 0.28 Enumerating ECP Printer Port (LPT1) (ACPI\*PNP0401\0)
9:00:30 0.39 Initing drvwppqt.vxd
9:00:33 0.28 Dynamic load device C:\PROGRA~1\YAHOO!\ANTIVI~1\VETEFILE.Vxd
9:00:33 0.67 Dynamic init success VETEFILE
9:00:34 11.33 InitDone = TSRQuery (time estimated)
9:00:45 0.39 Enumerating Standard Floppy Disk Controller (ACPI\*PNP0700\0)
9:00:46 4.89 Enumerating TapeDetection (TAPECONTROLLER\TAPEDETECTION\0000)

Don't understand the failures?


----------



## Rollin' Rog (Dec 9, 2000)

The delay times are much improved. As for the failures, I don't think you have any real problems there.

http://support.microsoft.com/kb/q127970/

What hangup are you experiencing? If I can answer or help here I will, else it might be better to start a new topic especially if it involves 3rd party software.


----------



## Hodie (Sep 14, 2005)

PROBLEM SOLVED... After downloading Tony Arts and running... finally delete all excess files (some 2500) my computer is now booting normal... problem solved.


----------



## Rollin' Rog (Dec 9, 2000)

Good to hear. By the way you can mark it "Solved" yourself using the Thread Tools menu ...


----------



## Cookiegal (Aug 27, 2003)

Great! Glad to hear it. :up:


----------

