# Solved: Computer wont start



## Finzle (Sep 3, 2003)

I'm working on a friend's computer- IBM Aptiva, Windows 98. Although he seems to have a lot of spyware and the about:blank problem, my main concern right now is I cant get it to start in normal mode. It will start in Safe Mode.
After following all the instructions for troubleshooting this from Microsoft with no success, I then came to the part about running the system file checker. It showed 6 corrupted dll files. I replaced these files from dll-files.com. On my first attempt the computer booted up!! It noticed that it was connected to a different monitor and corrected the time. I thought that my troubles were over. It then wanted me to restart which I foolishly did. Right back where I started.
I again ran the file checker and found that one of the files that I had replaced(javaee.dll)was again corrupted, and another (javart.dll) had been deleted. It also showed that a file called MSISYS.VXD had changed. The time it changed had to be about the same time that I tried to start up after confirming the monitor settings.
I've got to get this machine into normal mode so that I can then clean up the spyware, malware, etc. Adaware, Spybot & CWshredder not to mention Norton need updating. Adaware runs fine, even if it doesn't have the latest definitions; but Spybot gets to #5380-Ad Goblin, stalls there for more than half an hour, then continues until it gets to Cool Web Search when it again stalls indefinitely (I've never waited it out). Any suggestions would be gratefully accepted.


----------



## JSntgRvr (Jul 1, 2003)

MSISYS.VXD is the Windows 95 information dinamic link library virtual device manager. The other two are part of DirectX and JAVA. The problem seems to be associated with the video adapter. Boot the computer is Safe Mode. Start->Run-> type Msconfig and click OK. Click on the Advanced button. Check the Box labeled Force Compatibility Mode as well as the VGA 640X480X16. Click Apply, then OK, restart the computer when prompted.

Upon reboot, go to Start->Programs->Accessories->System Tools->System Information. Under Hardware resources, check for Forced hardware.

In instances of forced hardware, by reinstalling the device drivers for the device in conflict, should resolved the issue.

If the MSISYS.VXD seems to be changed, extract the file rom your Installation disk using SFC. Some computers have the installation files in the folder C:\Windows\Options\Cabs, in others you will need the installation CD. The file blongs in the C:\Windows\System folder.

In regard to the JAVA and DirectX, download the lastest version of each application.

J2SE v 1.4.2_06 JRE

http://javashoplm.sun.com/ECom/docs...4.2_06-oth-JPR&SiteId=JSC&TransactionId=noreg

Microsoft DirectX Downloads

http://www.microsoft.com/windows/directx/default.aspx?url=/windows/directx/downloads/default.htm


----------



## Finzle (Sep 3, 2003)

After making the specified changes in Msconfig, when I rebooted I got the Windows logo, then a blank screen with my usual background color and the cursor showing. Then eventually the message: System busy press any key to wait. I did that then the screen was the same except there was a 2-3 in. bright green band across the top with red & black stripes. I waited about 20 min. then rebooted again.

It took me to the choice of startup options; I went for Safe mode. This time it went from the Windows logo to the colored screen then came up with the display options which I agreed to. It again rebooted giving me a black screen this time with hour glass. System busy message. Chose wait; got black screen with colorful band at the top. Again waited about 20 min. 
Rebooted into Safe mode. Checked for Forced hardware. It showed none. I checked the Cabs folder for the VXD file. It wasn't there. I don't have a Win98 disc, I think that I'm going to have to find one.
Until I'm able to boot into Normal I am unable to download anything. I left Spybot scanning all night...it never got beyond CoolWWWsearch.
What can I do now?


----------



## JSntgRvr (Jul 1, 2003)

Remove the check mark for Force Compatibility Mode, but let the VGA 640X480X16 box checked.

Troubleshoot the devices:

To troubleshoot the devices you will need to disable each device at a time and reboot to test. If the computer boots into normal boot after disabling a device, then it is that device the reason. If you boot and the issue continues, then enable the disabled device and continue with the next. The main issue could be your Video Adapter.


To trobleshoot and disable a device, right click on My Computer and select Properties. Select the Device Manager tab. Expand the device by clicking on the +sign next to it. Double click on the device listed therein an remove the check mark from the box labeled "Exist in all hardware profiles" (If exists) and check the box labeled "Disable in this hardware profile" (If exists).

Most common troubled devices are:

Video Adapter
Modem
Audio Adapter
Camera
Scanners

If this does not resolve the issue, try troubleshooting Windows itself:

To work around this behavior, you must first determine whether it is caused by software or hardware. If you restart your computer in Safe mode and the problem does not occur, the origin is more likely to be a driver or program. If you restart your computer in Safe mode and the problem does occur, the issue is more likely to be hardware or damaged Windows core files. 

Restart your computer, press and hold down the CTRL key until you see the Windows 98 Startup menu, and then choose Safe Mode.


Test your computer in Safe mode. If the error does not occur, use the following steps to use the System Configuration utility to identify the program or driver that may be causing the error message.


If the problem does occur, there may be a problem with your Windows installation or you may be experiencing a symptom of faulty hardware. 


After your computer restarts in Safe mode, use the System Configuration utility (Msconfig.exe) to minimize conflicts that may be causing the issue:

Click Start, point to Programs, point to Accessories, point to System Tools, and then click System Information.

On the Tools menu, click System Configuration Utility.
On the General tab, click Selective Startup, and then click to clear the following check boxes:

Process Config.sys File
Process Autoexec.bat File
Process Winstart.bat File (if available)
Process System.ini File
Process Win.ini File
Load Startup Group Items

Click OK, and then restart your computer typically when you are prompted. After you restart and test your computer, if you still do not experience the problem, continue with the next set of steps.


To identify the entry that is causing the problem: 

Run the System Configuration utility again. Click to select one check box under Selective Startup, click OK, restart your computer, and then test.


Continue this process until you have selected all of the items under Selective Startup. If you select an item and the issue reoccurs, click the tab for the corresponding Selective Startup item, clear half of the check boxes, ( except for those clearly related for your mouse) click OK, and then restart your computer. Continue this process until you locate the setting that is causing the issue.


----------



## Finzle (Sep 3, 2003)

Thankyou,thankyou.thankyou. The Selective Startup process did the trick,althought I cant understand why. After deselecting everything the computer started up just fine; then, after selecting each item the machine booted up beautifully each time and has been doing so ever since.

I suppose I should take the rest of my problem to a different forum?? After updating everything, Adaware wont run, Spybot still stalls in the same spot, and when I attempted to use the online scan at housecall.antivirus.com it came up with a window saying "Please wait while connecting to the Active Update Server" and stalled at 10% with no internet activity showing at all, although I was still on line.

Thanks again I was just about to give up ever getting this thing started.


----------



## JSntgRvr (Jul 1, 2003)

How are your resources? Right click My Computer icon and select Properties. Select the Performance tab. Your resources will be displayed therein.

Download and run Hijackthis:

http://www.majorgeeks.com/download3155.html

Save the log and post a copy of its contents here in a reply. Let us see the running processes.

Also, How much RAM is in the computer?


----------



## Finzle (Sep 3, 2003)

68% free System Resources. 192 MB of RAM (which has always been adequate for this computer) Free space on the hard drive -5.45 GB; used space-2.40GB. It is running soooooo slow!

I finally got Panda to run a scan, but I'm not sure that it will be finished in my lifetime. Right now it has been running for 4 and a half hours and only gone through 40000 files. I'll leave it running all night then to-morrow I will send you a hijack log.


----------



## Raven Writer (Oct 25, 2004)

Finzle said:


> Spybot still stalls in the same spot


I know of another Windows ME computer that also stalls in Spyboy Search and Destroy. Are you by any chance using the "1.3" version of the software?


----------



## Bob Cerelli (Nov 3, 2002)

There are several places where Spybot will appear to "stall". This has been true with all versions. The stall spot number has changed depending as the updates have changed but have always been there. On slower computers, or badly infected ones, this can take a long time to get past. 

Sometimes it helps to get the updates, boot to safe mode, and do the scan from there. Same holds true for other anti-spyware or anti-virus programs.


----------



## Finzle (Sep 3, 2003)

The Panda scan never did complete. SpyBot is version 1.3. I am about to run some scans in Safe Mode and see if I have any more success.
Here's the log. I thought that Hijack just showed what is running at that time, but Panda and Housecall are shown on this list and they weren't running then.(?) I notice that a few things that I got rid of last time I ran one (Monday) are back again.

Logfile of HijackThis v1.98.2
Scan saved at 10:13:39 AM, on 11/17/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\CSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\LOTUS\SMARTCTR\SMARTCTR.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\LOTUS\ORGANIZE\EASYCLIP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/ottawa/
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE0.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Merriam-Webster - {9E1128F1-53FA-11D5-8490-0048548030CA} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\PROGRAM FILES\ACCELERATION SOFTWARE\SYSTEMPATCHER\SYS_ALERT.EXE" /Startup
O4 - HKLM\..\Run: [webscan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\STOPSIGNAV.EXE -k
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ESSOLO] ESSOLO.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: EZ Station.lnk = C:\WINDOWS\Twain_32\IBMScanner\SxCenter.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm
O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE0.DLL (file missing)
O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE0.DLL (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.m-w.com/tools/toolbar/cabs/m-w.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?321
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Thanks for your attention.


----------



## Bob Cerelli (Nov 3, 2002)

And you have tried all the scans from safe mode?


----------



## JSntgRvr (Jul 1, 2003)

I see no significant threats in the runnng processes, your startup programs however are quite too many, thus the slowdown and bad performance. Windows 98 can't handle that many services in the background. The primary programs in this OS are Systemtray, ScanRegistry, Antivirus and Firewall programs. Everything else is User Defined, meaning it is up to the user to have this program running in the background. Having too many programs in the background reduces your work space, thus certain programs will lock at you due to lack of space. You can give the following a try or run those applications in Safe Mode:

These are your Startup Programs running in the background:



> O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
> O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
> O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
> O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
> ...


Go to Start->Run, type Msconfig, click Ok. Select the startup tab. Deselect all programs from this list except for Sysemtray, ScanRegistry and Programs related to Norton (Expand the Windows and select those programs being called from a Norton or Symantec folder). Although not all programs running in the background will appear in this list, you will be able to ease the load.

I do not see the reason why Lotus Suite is being loaded in the background throughout the Startup Folder. I believe you can do without it, but as I said, it is up to you.

After selecting these programs, click Apply, then Ok, restart the computer when prompted.

Once you have ease on this load test the computer. I am sure will be faster.


----------



## Finzle (Sep 3, 2003)

I deselected all the programs. (I did deselect a bunch of them a couple of days ago but maybe they came back when I was playing with the Selective Startup??) The resources are now 94% free, which has speeded things up considerably

I still cant complete any antivirus or spyware scans, except for Adaware. The Norton program on this computer isn't much good because his subscription ran out a year or 2 ago. Housecall still never gets beyond "loading definitions". Panda goes on forever without ever getting beyond 40000 files. SpyBot stalls at CoolWWWSearch every time whether in Safe mode or Normal.

I think I'll try downloading the Bitware antivirus program and see if it can complete a scan.

Any more ideas?


----------



## JSntgRvr (Jul 1, 2003)

Uninstall those programs that do not work effectively and reinstall if necessary. Also run the CoolWeb Shredder prior to Spybot. That will get rid of the CoolWeb entries prior to Spybot. But, I would suggest that Spybot be uninstalled and then downloaded again and proceed with the reinstallation and update of definitions.

http://www.majorgeeks.com/download4086.html

Also try to get your antivirus in place. I shall mention that Norton is also the reason you computer runs slow. This program is very aggresive and checks every process prior to its execution. That delays the process in the computer.

Best wishes!


----------



## Finzle (Sep 3, 2003)

I've really got to start taking more detailed notes of what is going on. I have all these scribbles that I'm not exactly sure what I was doing at the time. I ran CWShredder;it found no problems.
I tried to run Bitdefender. Although after 4 hours it was still slowly progressing I gave up. I ran the scan at PCPitstop. It said that everything was fine except I needed defragging. Although I just defragged Monday night, I did it again and looking at the "details" it was a mess and badly needed defragging. When it said it was finished I clicked on OK.
Got the blue screen "This program has performed an illegal operation.... etc." I next went into msconfig; again the same blue screen. The same reaction to PhotoShopPro (I don't remember why I was in here). and msgsrv (which I think appeared on Ctrl-Alt-Del as the only thing running).
My notes then show (did I reboot? I dont remember) "fatal exception OE has occurred at 015F:BFF9DBAT" (twice)
Ctrl-Alt-Del (twice) then:
"An exception OE at 0028:C0015232 in VxD ---. This was called from 0028:C0099B7E in VxD ---" (I have had this particular message a few times in the past couple of days.) 

There's obviously something going on here other than not being able to run malware scans. Is it time that I threw in the towel and just reformatted the hard drive?


----------



## iduff (Nov 18, 2004)

Greetings

You may wish to try this small prgm: clean9x.bat,you can get it at 
WWW.Langa.com

it fits on a floppy and is useful for ALL win9x ver. it will clean out all the junk that other prgms leave behind and OTHERS miss in cleaning up yer hard drive
I would suggest you go to yer bios setup and have it set to load from floppy first,then run this prgm and then go back to the bios setting and change the order again from floppy to hard drive boot up...

Also once at the main menu at the start/run type in SFC and this will check to see what files are missing..

iduff


----------



## JSntgRvr (Jul 1, 2003)

I don'i believe that reformating the hard drive and reinstalling the Operating System is the answer. Fatal exeptions are mainly due to faulty memory modules. Considering the history of events and your experience, that's what the issue now points to. If you have more that one memory module, switch them around and reseat their contact. If possible, replace the memory modules.


----------



## Bob Cerelli (Nov 3, 2002)

Hold down the control key just before Windows starts to load. 
Then you will have a menu to choose from. Just select Safe Mode.


----------



## Raven Writer (Oct 25, 2004)

Bob Cerelli said:


> There are several places where Spybot will appear to "stall". This has been true with all versions. The stall spot number has changed depending as the updates have changed but have always been there. On slower computers, or badly infected ones, this can take a long time to get past.


The computer that *does* stall on Spybot is *faster* than the computer that never has a single stall of any kind on Spybot. Each computer used Spybot S&D 1.2 flawlessly, however the new 1.3 causes the faster machine to stall and it is something it *never* gets past. Yet, the slower computer scans it effortlessly with no "stall" or even a pause. No other scanning software of any kind has problems on the computer that Spybot stalls on.

So, you can forget that theory.


----------



## Bob Cerelli (Nov 3, 2002)

If you are having problems with the current version of Spybot, perhaps it would be better to to the earlier version that worked on the faster computer.

If there are problems with your computers stalling as well, you might also want to try to run the scan in safe mode. 

Also that newer version of Ad-Aware is a lot faster than the previous version. 

Also please read the post carefully. Missing important words has apparently lead to a misunderstanding. The phrase was "On slower computers, or badly infected ones, this can take a long time to get past.". The word "can" seems to be misinterpreted to something like "will always", or that the reverse would somehow necessarily be true. Nothing of the kind. There a lots of factors that can make slower computers scan faster as well. Just depends on how each is configured. But generally faster computers perform faster. Slower computers perform slower.


----------



## Raven Writer (Oct 25, 2004)

Bob Cerelli said:


> If there are problems with your computers stalling as well, you might also want to try to run the scan in safe mode.


Tried that, same results.



> Also that newer version of Ad-Aware is a lot faster than the previous version.


I know. This is why both computers have the most recent version of Ad-Aware SE Personal installed. I also have copies of the latest standard version of Ad-Aware.



> Also please read the post carefully. Missing important words has apparently lead to a misunderstanding. The phrase was "On slower computers, or badly infected ones, this can take a long time to get past.". The word "can" seems to be misinterpreted to something like "will always", or that the reverse would somehow necessarily be true. Nothing of the kind. There a lots of factors that can make slower computers scan faster as well. Just depends on how each is configured. But generally faster computers perform faster. Slower computers perform slower.


Read my quote carefully and you will find I quoted your entire text, rather than homing in on one key statement. Also note that you said "this has been true with all versions" and I noted that one computer has never experienced any problems at all with any of the the versions. It's kind of like saying that every dog will bite, just because one or two has. It's a rather bad generalization.


----------



## JSntgRvr (Jul 1, 2003)

This thread was started by *Finzle*. Why are we dealing with *alansnana* request within this thread? Can we separate these requests? It is quite confusing.


----------



## Raven Writer (Oct 25, 2004)

JSntgRvr said:


> This thread was started by Finzle. Why are we dealing with alansnana request within this thread?


Alansnana seems to have parts of the same problem as Finzle; it would be pointless to spam the forum with two topics that are nearly the same. Both users are having problems using Adware and Malware scanners, so why not help them both at the same time? As for the other parts, Finzle hasn't responded yet after your advice or iduff's. It's a bit difficult to help a situation we don't know the current state of at this very moment.


----------



## Bob Cerelli (Nov 3, 2002)

It would be good to find out why the three of you Finzle, alansnana and Raven Writer are having such problems with latest version of Spybot. Have about 200 computers using it with no problems. Without seeing what is common among those three it is hard to tell. 

Given all the corrupted files in the first post, who knows what else may be wrong. Eventually I either just recommend reinstalling on top of or a clean reinstall. Sometimes it turns out to be the fastest way to solve problems caused by a lot of corrupted files.


----------



## JSntgRvr (Jul 1, 2003)

I do not agree. Each thread has it own Plan of Action and what may work for Finzle may not work for alansnana. I will ask the Moderator.


----------



## Raven Writer (Oct 25, 2004)

Bob Cerelli said:


> It would be good to find out why the three of you Finzle, alansnana and Raven Writer are having such problems with latest version of Spybot. Have about 200 computers using it with no problems. Without seeing what is common among those three it is hard to tell.


Yeah, I am rather stumped at why one computer decides to have a problem with Spybot, yet my other seems to adore it with every inch of its life. Certainly, it is annoying - if you have any ideas about, please let me know and I'll tell you how they go.


----------



## Bob Cerelli (Nov 3, 2002)

JSntgRvr, you are right, as usual. Each person should have their own thread.

There are too many differences between computers and situations to keep trying to figure out why, in this case, three people are having problems with the latest version of Spybot hanging. 

It would be good to find out why, but each should be deal with in their own thread.


----------



## Bob Cerelli (Nov 3, 2002)

Raven Writer, you quoted the post as usually but didn't seem to get the meaning. Hopefully the clarification helped with the understanding.


----------



## Cookiegal (Aug 27, 2003)

It does get confusing helping more than one person in the same thread so I've split alansnana off into a separate thread. Each case is individual and what works for one may not work for another.


----------



## Raven Writer (Oct 25, 2004)

I fail to see what I "didn't get". All I said was that I'm just as stumped as you and said if you ever had any ideas (i.e., ever found any information elsewhere that may prove helpful), then let me know (preferably via PM, since I'm not making a topic about a problem I'm only curious about solving) so I could test it and I would let you know if it worked. That way we could possibly help others who have the same issue in the future. Honestly, it's not that hard to comprehend.


----------



## alansnana (Jul 8, 2004)

Sorry I caused a problem with this issue. I had already started a thread relating to this problem (November 14) and was simply glad to know I was not the only person having this problem. If in fact my question was moved to another thread how do I find it now? I have checked the section "My Threads" and have not located anything other than what I did earlier. Again, sorry for the confusion I caused. Alansnana


----------



## Finzle (Sep 3, 2003)

The memory problem is a distinct possibility JSntgRvr and I will check that out (although I really hate having to go into the tower). I don't have time to-day but will get on it to-morrow.


----------



## Cookiegal (Aug 27, 2003)

Here's your thread that was split off Alansnana:

http://forums.techguy.org/showthread.php?t=298101


----------



## JSntgRvr (Jul 1, 2003)

Spybot has bugs that are being dealt with by the Development Team. An update is expected soon.

http://forums.net-integration.net/index.php?showtopic=24389


----------



## Bob Cerelli (Nov 3, 2002)

If you want to test a newer version out, you can download Version 1.3.2B with an executable date of 10/29/04

http://www.softpedia.com/public/cat/10/17/10-17-21.shtml

This is beta but if it doesn't work, then you can just delete the files and reinstall the old one. If it does resolve the hang during a scan, then you are ahead of where you were. But I certainly don't want to take responsibility for any 3rd party software.


----------



## JSntgRvr (Jul 1, 2003)

Thanks for the info. All we need now is a feedback from those experiencing this problem.


----------



## dvk01 (Dec 14, 2002)

Finzle

You had the original problem and I can see quite a few things in your HJT log 

please post a new hjt log and I will advise what to fix 

for a start go to add/remove programs and uninstall anything to do do with eanthology software or eaccelleration or stop sign

they are hijackers that pretend to be an antivirus and are clashing with norton that you already have installed. That is very likely the entire problem of stalls/lockups/hangs. both "antiviruses" also see the "dodgy" files when spybot or adaware scan and then both try to fix iyt and consequently the computer freezes


----------



## Rollin' Rog (Dec 9, 2000)

I haven't read all the discussion in this thread, but thought I would add this "fyi" regarding Msisys.vxd.

This file is "updated" everytime the System Information utility (msinfo32) is used. The system file checker reports it as changed. There are others you may see as well. Do not rely on SFC to tell you what to replace unless you are receiving specific errors in a given file.

http://support.microsoft.com/?id=188133


----------



## Finzle (Sep 3, 2003)

I'm still trying to get up my courage to go into the CPU to check out the memory modules.

Here is the latest log. I've never seen such a short one. Did I do something wrong?

Logfile of HijackThis v1.98.2
Scan saved at 1:48:00 PM, on 11/20/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ACCESSORIES\BIGFIX.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/ottawa/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?321
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab


----------



## dvk01 (Dec 14, 2002)

Have you disabled lots of things with msconfig, if so please enable everything in msconfig, reboot and post the log again please


----------



## Finzle (Sep 3, 2003)

As requested. There is so much junk listed in msconfig, including programs that have been removed from the computer. How does one get rid of them from the list?

Logfile of HijackThis v1.98.2
Scan saved at 2:39:35 PM, on 11/20/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\CSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\LOTUS\SMARTCTR\SMARTCTR.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\LOTUS\ORGANIZE\EASYCLIP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/ottawa/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [ESSOLO] ESSOLO.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\PROGRAM FILES\ACCELERATION SOFTWARE\SYSTEMPATCHER\SYS_ALERT.EXE" /Startup
O4 - HKLM\..\Run: [webscan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\STOPSIGNAV.EXE -k
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: EZ Station.lnk = C:\WINDOWS\Twain_32\IBMScanner\SxCenter.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?321
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab


----------



## dvk01 (Dec 14, 2002)

OK then if norton has expired uninstall Norton system works completely from add/remove programs

download a new antivirus a freee one that many users are happy with is avg from http://free.grisoft.com/freeweb.php/doc/1/

as I said before the pretend antivirus eanthologys/stopsign causes all sorts of problems uniunstall that as well then do this

most of the entries below are not bad just not needed to run on start up. Removing them does not stop the programs working, just stops them starting at boot time and you can still start them from start/programs or a desktop shortcut

Run hijackthis, tick these entries listed below and *ONLY these entries*, double check to make sure, then make sure all browser & email windows are closed and press fix checked

O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL (file missing)
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [eanth_system_patcher] "C:\PROGRAM FILES\ACCELERATION SOFTWARE\SYSTEMPATCHER\SYS_ALERT.EXE" /Startup
O4 - HKLM\..\Run: [webscan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\STOPSIGNAV.EXE -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: EZ Station.lnk = C:\WINDOWS\Twain_32\IBMScanner\SxCenter.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\M-WTOOLBAR.DLL (file missing)

Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

*and Delete these folders*

C:\PROGRAM FILES\ACCELERATION SOFTWARE\

then Go to Start > Run and type %temp% in the Run box, press OK . The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of that Temp folder.

then go to C:\windows\temp and select EVERYTHING except temporary internet files, cookies and history folders and delete all that and then do the same for C:\temp

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

then 
Reboot &

Download and unzip or install this program/application if you haven't already got it. If you have it, then make sure it is updated and configured as described

*AdAware SE from http://www.lavasoft.de/support/download *
and while you are at the adaware site download and install http://www.lavasoft.de/software/addons/vx2cleaner.shtml
and run it before the main adaware scan and follow it's directions
Run *ADAWARE*

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
the current ref file should read at least *SE1R19 09.11.2004 * or a higher number/later date

Set up the Configurations as follows:

General Button
Safety:
Check (Green) all three.

Click on "Proceed"

Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

Click on "Scan Now"

Run the scanner using the Full Scan (Perform full system scan) mode.

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.


----------



## Finzle (Sep 3, 2003)

You must be thoroughly fed up with my problem by now. Thank you for sticking with me:
Here's my progress report:
I disabled Norton (since it's not my computer I hesitate to remove much) 
I downloaded and installed avg. Ran it and it found Trojan horse Dialler. I found this program a little confusing in that it didn't say what it did with it. I assume it disposed of it?

As I mentioned before a few of the uninstalled programs were still showing up on the Msconfig list, including the eanthology/stopsign one. (The ACCELERATION SOFTWARE program file no longer exists according to explorer). After removing it in Hijackthis I don't think it has returned.

Cleaned out all temp, temporary internet files, cookies and history. C:\temp was empty.

Rebooted and downloaded and installed v2xcleaner. Tried to run Adaware. The Adaware logo appears, says loading definitions... then freezes. Went to C-A-D to see that Adaware was not responding (also avg). Tried a few times with the same result. So I decided maybe I should uninstall Adaware and download it again. When I went into the Add/Remove list, it said that "An error occurred while trying to uninstall. It may have already been uninstalled. I looked in explorer and Adaware is still there with all its files. (???)

Tried again to run Spybot with the usual results. It stalled at AdGoblin for about 15 min. then again at CoolWWWSearch. Where it has been for 40 min. now. 

Other than these anti-spyware programs, the computer is working much better now. I can even get on-line with it.

What can I do about Adaware and Spybot?


----------



## Bob Cerelli (Nov 3, 2002)

As previously posted, did you try the newer beta version of Spybot that is supposed to resolve the stalling problem?


----------



## Bob Cerelli (Nov 3, 2002)

Also, you might try uninstalling Ad-Aware and reinstalling with the latest version. It is not uncommon for spyware and viruses to go after these types of programs (just like they can disable NAV).


----------



## Finzle (Sep 3, 2003)

Latest News: 
The night before last I let Spybot run all night and by morning it had finished.the job. It found 18 instances of eAcceleration and 4 other things, which it took care of.
I then successfully ran Vx2 and Adaware. When it was almost done a window popped up from Avg saying that it had discovered Trojan horse Dialler.11.AI in C:/Windows/Temp/AAWTMP/C56024675/24FCD3/. I went into explorer but couldn't find that file.
I ran McAfee Avert Stinger and it also found Dialler and hopefully took care of it. I still am unable to successfully run Trendmicro housecall.
I ran Defrag again. In the Details everything looked as though it did need defragging badly, although I had just done it a couple of days ago. 
Last night I ran Scandisc all night and it was succesfully completed. 

To-day the machine is being more difficult again. In Safe mode cannot bring up the Control Panel. I get an Explorer window saying 
"...illegal operation ........Invalid page fault ......Kernel32.dll at 015f:bff9d709" 

Any more suggestions for making this machine behave?


----------



## ~Candy~ (Jan 27, 2001)

Not too often that the error message number matches up exactly 

http://support.microsoft.com/default.aspx?scid=kb;en-us;188540


----------



## JSntgRvr (Jul 1, 2003)

Clear the entire C:\Windows\Temp folder. Which program cause the Invalid page fault in Kernel32.dll?

You mention McAfee, while the Hijackthis log reflects Norton.<<<>>>>????

Please post the latest Hijackthis log.


----------



## Finzle (Sep 3, 2003)

Whenever I attempt to open the Control Panel while in Safe mode I get the error message. I have a lot of problems now when trying to operate in Safe mode.

The Norton subscription still has not been renewed. I have disabled the program (I hope). I downloaded the McAfee AVERT Stinger in my efforts to ensure that I had gotten rid of the Dialer Trojan. I also did an online scan with the Symantec Security Check online.

Although the computer is working adequately to-night (while in Normal mode) it is still very slow and takes 2-3 minutes to boot up.
Logfile of HijackThis v1.98.2
Scan saved at 8:46:48 PM, on 11/22/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\TASKMON.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\CSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/ottawa/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [ESSOLO] ESSOLO.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?321
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

What do you think??


----------



## JSntgRvr (Jul 1, 2003)

As I posted before, based on the experience you have had, the issue points to hardware. 

We started with a Virtual Device Drivers (VXD) errors, then Illegal Operations, Fatal Exceptions, Invalid Page Faults and errors in Safe Mode.

These are signs of faulty hardware or Windows Core files.

You can start by upgrading your Video Drivers; switch, reseat or replace the Memory Modules; and/or even reinstalling the Operating System over the existing installation. If that fails, then you will need an onsite diagnostic at a Service Center.

I see nothing wrong with the existing running processes.


----------



## dvk01 (Dec 14, 2002)

try this

Click Here to download the VX2BetterInternet.exe FINDER & KILLER.

1: Shut off all open programs including printer and anything in the System Tray (virus scan, popup blocker, etc.). 
2: Doubleclick the OE2VX2BetterInternet.exe to launch the utility. 
3: Click on Find VX2.BetterInternet button. The utility will display the bugs if theyre there and post that log


----------



## Finzle (Sep 3, 2003)

I ran the VX2 scan and got this:
Log for VX2.BetterInternet File Finder (ver126)

Files Found---


User Agent String---


How would I find a thumbs.db file for the Control Panel. I did a search for same but just came up with 3 Temp files that meant nothing to me.

I did a MemTest, everything seems to be fine in the memory department. I'll run it overnight to-night to make sure.

Actually the machine is working great to-day with just the occasional little glitch like being unable to open the Control Panel in Safe mode.

Also, I downloaded the WinMe defrag program. A huge improvement but when I try to use the Accessories/System Tools/ defrag to open it the computer seems to think that I'm trying to download it (???) It works fine from C:/properties/tools/defrag.


----------



## dvk01 (Dec 14, 2002)

nothing there in the vx2 log so sounds definitely like driver/hardware problems


----------



## ~Candy~ (Jan 27, 2001)

Just to recap the situation, it boots up fast in safe mode? But there is a lag in normal mode? Or do both exhibit the same behavior?


----------



## JSntgRvr (Jul 1, 2003)

Finzle, go to the Device Manager by right clicking on My Computer icon and selecting Properties. Is there an exclamation sign over a Yellow background over any on the Devices?

Scroll down to Display and Double click on it. Post the brand of the chipset and version of the display driver.(highlight the device and click on Properties -> Driver details.)


----------



## Finzle (Sep 3, 2003)

1. Maybe I'm expecting too much of this elderly machine? On Startup the IBM logo displays immediately, then the AVG program appears to run a quick scan, then there's some more writing, then Windows logo etc.etc. By the time it is fully ready to play with 2.min. 10 sec. have passed. Safe Mode takes about 45 sec.

2. No yellow exclamation marks in System Devices. Display Adapter shows:
Rage Pro TurboAGP 2X; Mfctr: ATI Tech-Enhanced; HardwareVersion 092

Driver File Details:
C:/Windows/System/MACXW4.DRV
C:/Windows/System/vmm32.vxd (vdd.vxd)
C:/ " " " (vflatd.vxd)

file version 4.11.2560


----------



## Bob Cerelli (Nov 3, 2002)

You might run MSCONFIG and remove any programs that you don't need from starting automatically (if you haven't already done this).

Unfortunately this is one of the affects of a lot of spyware. Have even had computers that were so badly damage I finally just had to do a clean install.


----------



## JSntgRvr (Jul 1, 2003)

Browsing the ATI website, I was only able to locate the following drivers for the Rage Pro family:

4.10.00.3000 
4.13.2655

Although it says that it is for the Rage Pro family. in no instance indicates the Turbo AGP 2X feature (Acccelerated Graphics).

http://www.ati.com/support/products...rod=productsME98driver&submit.x=11&submit.y=6

Before making any changes in your graphics, Run Sysedit and post the contents of the Config.sys and Autoexec.bat files in a reply.

Also, Start the computer and press F8 to reach the Startup menu. Select Step by Step Confirmation. Identify the process (or processes) that is (are) taking some time to load and let us know the outcome.


----------



## ~Candy~ (Jan 27, 2001)

I'd uncheck the autoexec.bat and config.sys completely from loading via start, run, type msconfig and hit enter. Uncheck them there, then reboot. If you have Windows music playing upon startup and shutdown, you might disable that too via the control panel, sounds.


----------



## Finzle (Sep 3, 2003)

Sysedit shows: 
Autoexec.bat: C:\PROGRA~1\GRISOFT\AVGFRE~1\BOOTUP.EXE
PATH=c:\windows;c:\windows\command;c:\ibmtools;c:\
LH DOSKEY


Config.sys: DEVICE=C:\essolo.sys
DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE RAM
DOS=HIGH,UMB

In step-by-step everything clicked along nicely with the exception of AVG taking about 10 sec. to do whatever it does. The last item was msmouse after which there was a wait of 25-30 sec.

One item that caught my eye, altho I have no idea what it means is: Override standard VTDAPI. Should something "standard" be overriden?


----------



## JSntgRvr (Jul 1, 2003)

Do you still have the VGA 640X480X16 box checked in the Advanced section of Msconfig? That could be the reason for this message.

I have some doubts in the Config.sys. Under normal circumstances this file should read as follows:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
DOS=HIGH,UMB,AUTO
FILESHIGH=80
BUFFERSHIGH=40,4
SHELL=C:\COMMAND.COM C:\ /P /E:2048
DEVICE=C:\ESSAUDIO.SYS

As you can see, your memory manager (your actual Config.sys file) is using the RAM switch (DEVICE=C:\WINDOWS\EMM386.EXE RAM), while the other uses the NOEMS switch. These are the definintion of these switches:

NOEMS 
Provides access to the upper memory area but prevents access to expanded memory. 

RAM
EMM386 uses all available adapter space to create Upper Memory Blocks and a page frame for Extended Memory.

I don't know if that could make a difference, but in your position I would try both and see if there is a difference in performance.

I regard to the Autoexec.bat. Apparently the IBM computer needs access to certain tools in the C:\ibmtools and only AVG is being loaded at startup. There is nothing in this file that can contribute to a delay in booting.

As AcaCandy posted, the Config.sys and Autoexec.bat are legacy files. These are not needed to run Windows. If you deselect these files in MSconfig -> Selective startup, and the computer behaves better, then you will be better by leaving these files out of your startup processes. The only device that could be affected is the Sound Adapter.

Try and let us know the outcome.


----------



## Finzle (Sep 3, 2003)

No, I unchecked VGA 640ex.....etc. I was going blind at that resolution.

"but in your position I would try both and see if there is a difference in performance." Both what? How? I'm lost on this paragraph. Explain further please.
I went digging in MSconfig again and this is what the Config.sys has on it's page (see attachment).

I unchecked the Config.sys and Autoexec.bat files and rebooted. It still took about 2 min. (and a box popped up saying that the needed file EZBWORDS.DLL could not be found. I did a search and found that this is an IBM tools file). So no huge difference there.

I dont see my attachment in the preview post. I must be missing something.


----------



## JSntgRvr (Jul 1, 2003)

Start->Run, type Sysedit, click Ok. Replace the contents of the Config.sys with the following:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
DOS=HIGH,UMB,AUTO
FILESHIGH=80
BUFFERSHIGH=40,4
SHELL=C:\COMMAND.COM C:\ /P /E:2048
DEVICE=C:\ESSAUDIO.SYS

If no improvement, repeat the process and replace the contents of the Config.sys file with the following:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE RAM
DOS=HIGH,UMB,AUTO
FILESHIGH=80
BUFFERSHIGH=40,4
DEVICE=C:\ESSAUDIO.SYS

The last info is practically the previous contents of your Config.sys, except it is in the right order of events.


----------



## Finzle (Sep 3, 2003)

I did exactly what you said. The reboot took about the same amount of time. When I then went back into Sysedit I found that the Config.sys list had changed. Now C:\ESSOLO.SYS heads the list and ESSAUDIO.SYS is gone. Tried the whole exercise twice with the same results. Is this significant?


----------



## ~Candy~ (Jan 27, 2001)

This may be a silly question, but did this system EVER boot faster?


----------



## JSntgRvr (Jul 1, 2003)

Finzle said:


> I did exactly what you said. The reboot took about the same amount of time. When I then went back into Sysedit I found that the Config.sys list had changed. Now C:\ESSOLO.SYS heads the list and ESSAUDIO.SYS is gone. Tried the whole exercise twice with the same results. Is this significant?


I beieve it was my fault. The right command is DEVICE=C:\ESSOLO.sys. Apparently the Sound software made this changes. Move this line to the end of the file. That where it shoud be.

Well, I guess the computer refuses to run faster. If after boot the computer performs within acceptable parameters, let it be.


----------



## mfinnell (Aug 24, 2004)

In the last couple of pages we have gone from "startup" to speedup

I'm working on a friend's computer- IBM Aptiva, Windows 98. Although he seems to have a lot of spyware and the about:blank problem, my main concern right now is I cant get it to start in normal mode. It will start in Safe Mode.

How fast is your processor and how much memory ?

2 minutes is fairly quick for an older Aptiva with 166mhz processor.


----------



## Finzle (Sep 3, 2003)

Processor:AMD 400MHz. Memory 192 MB.I don't know if it ever started faster than this. 
I now have the second list of entries in Config.sys, substituting essolo for essaudio. Essolo still insists on being at the head of the list. 
All in all the computer is working pretty well right now. No problems or error messages in the past couple of days.  Thank you so much for sharing your expertise. Your help and knowledge were invaluable.

Just as a matter of curiosity......Spybot picked up 18 instances of eAcceleration after you had me remove the obvious parts of the program; last night I saw a commercial on T.V. for this program (Stop Sign). Are they actually selling malware nowdays? This is legal? Amazing.  

Thanks again for your expert assistance.


----------



## JSntgRvr (Jul 1, 2003)

mfinnell said:


> In the last couple of pages we have gone from "startup" to speedup
> 
> I'm working on a friend's computer- IBM Aptiva, Windows 98. Although he seems to have a lot of spyware and the about:blank problem, my main concern right now is I cant get it to start in normal mode. It will start in Safe Mode.
> 
> ...


Seems that this thread will help others with similar situations. You should start by trobleshooting Windows throughout Selective Startup. See page 1 of this thread. If unable to start the computer in Normal Mode, start a new thread and we will deal with your specific issue.

*Finzle*, you can now use the thread's tool and mark this thread as "Solved".


----------

