# Solved: Win98 locks up on Shutdown



## Pibroch (May 19, 2002)

Y'all recently helped me with my defrag problem. I needed to clean out all my temporary folders. It worked. It also helped me with my problem of locking up during shutdown, but only a couple of times. Now I'm back to having Win98 lockup during shutdown, and my pc seems much slower in general, even though my temporary internet folders are clean and my system has just been defragged. What else can I do to speed up my system, and get it to shutdown properly? Thanks, John


----------



## TonyKlein (Aug 26, 2001)

We'd like to have a closer look at your configuration.

Please do the following:

Go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.

Unzip it, launch Hijack This, then press "Config" > "Miscellaneous Tools", and press "Generate Startuplist Log"

This will generate a text file that will list all running processes, _all_ applications that are loaded automatically when you start Windows, and more.

Go to Edit > select all, copy it and post its contents here.

And pay a visit to the Windows Shutdown Troubleshooter: http://www.aumha.org/a/shutdown.htm

Jim Eshelman has written the book on Windows shutdown problems.

Cheers,


----------



## mobo (Feb 23, 2003)

Don't know if you have the shutdown patch or not so here it is.


----------



## Pibroch (May 19, 2002)

This message is specifically for Tony Klein. You helped me with my Win98 not shutting down properly by sending me a link to "Hijack This." I was able to download it to my PC, but when I tried to open it, I got the old "Which program would you like to use to open" screen. I don't ever know the correct program to use when I get this screen. Anyway, I was not able to open Hijack This.

I was, however, able to download the Win98 "shutdown patch" from the Windows Shutdown Troubleshooter page, and I was able to successfully shut down afterward. The shutdown did take a little longer than normal though, and I wonder if it will lock up again within the next few attempts to shut down. 

I would really like to figure out a way to send you my configuration Startuplist. Can you still help me please?

Thanks,
John


----------



## mobo (Feb 23, 2003)

To open hijack this you will need Winzip .


----------



## Pibroch (May 19, 2002)

I downloaded the trial version of Winzip, and then I downloaded Hijack This, I unzipped it, then tried to open it, and this is the message that I got:

A required .DLL file, MSVBVM60.DLL, was not found
OK

Am I doing something wrong with trying to open this H/T program?

John


----------



## Pibroch (May 19, 2002)

Is there another way I can obtain my Startuplist, other than using Hijack This? I would really like to get this problem solved.
My pc is moving slower, and my mouse doesn't accept the first click in most cases, and as you already know...Shutdown is still locking up.


----------



## TonyKlein (Aug 26, 2001)

> _Originally posted by Pibroch:_
> *I downloaded the trial version of Winzip, and then I downloaded Hijack This, I unzipped it, then tried to open it, and this is the message that I got:
> 
> A required .DLL file, MSVBVM60.DLL, was not found
> ...


It's no big deal:

Download the MS visual basic 6.0 runtime files

Save to disk, double click, and let it install.
You'll be able to run Hijack This.


----------



## Pibroch (May 19, 2002)

OK Tony, your instructions have been right on the money so far.
Now here's the Startuplist you requested:

StartupList report, 6/6/03, 7:32:33 AM
StartupList version: 1.52
Started from : C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\RB32\RB32.EXE
C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
C:\PROGRAM FILES\JUNO\QSACC\X1EXEC.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
IST Service = C:\Program Files\ISTsvc\istsvc.exe
rb32 lptt01 = "c:\program files\rb32\rb32.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

untd_recovery = C:\PROGRAM FILES\JUNO\QSACC\X1EXEC.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 29/5/2003, 6:47:44)

[rename]
nul=C:\WINDOWS\TEMP\~f1d055.tmp

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET BLASTER=A220 I5 D1 T4
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\;C:\MOUSE

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37653.3512731481

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/048f751dbbcc30456006/netzip/RdxIE2.cab

[Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ISTACTIVEX.DLL
CODEBASE = http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSCOM.DLL
CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 5,392 bytes
Report generated in 0.151 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## TonyKlein (Aug 26, 2001)

> _Originally posted by Pibroch:_
> *OK Tony, your instructions have been right on the money so far.
> Now here's the Startuplist you requested:
> *


Thanks! You have some spyware.

Please do the following:

Download Spybot - Search & Destroy

After installing, _first_ press *Online*, and search for, put a check mark at, and install *all updates*.
Next, _close_ all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds.

That ought to get rid of most of your spyware.

When you've done all that, run Hijack This again, but this time hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

Cheers,


----------



## Pibroch (May 19, 2002)

OK, I've done all that you've asked. I downloaded Spybot S&D, and used it to "check for problems," then removed all problems it could remove. Incidently, there were a few things it couldn't remove that were called Rapid Blaster, and there was one thing that was left unchecked called "New.net" that I did not check to remove. I was not sure if I should remove New.net. What do you think?

Now, here is the logged scan from Hijack This:

Logfile of HijackThis v1.94.0
Scan saved at 9:06:29 AM, on 6/7/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=122091
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=122091
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=122091
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=http=127.0.0.1:7900
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Show All Original Images - res://C:\PROGRAM FILES\JUNO\QSACC\appres.dll/228
O8 - Extra context menu item: Show Original Image - res://C:\PROGRAM FILES\JUNO\QSACC\appres.dll/227
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37653.3512731481
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/048f751dbbcc30456006/netzip/RdxIE2.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab

I am on a roll, and I have some spare time over the weekend. Any help will be appreciated.

Thanks,
John


----------



## Pibroch (May 19, 2002)

Oh, I forgot to add, there was also another thing that Spybot S&D did not have check-marked when it "Checked For Problems."
It was called "Cdilla," whatever that is. I did not put a check-mark by it to remove it, just as I didn't with New.net. I didn't know whether or not I should remove them.

Thanks,
John


----------



## TonyKlein (Aug 26, 2001)

About New.Net, if you weren't aware you had it in the first place, and/or you don't use it, get rid of it:

First go toAdd/Remove Programs, and uninstall New.Net 9domains)_, if it's listed. Reboot when you're done.

Next, in Hijack This, check, and have HT fix the following:

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.couldnotfind.com/search_page.html?&account_id=122091
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.couldnotfind.com/search_page.html?&account_id=122091
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.couldnotfind.com/search_page.html?&account_id=122091

F1 - win.ini: run=hpfsched

O4 - HKLM\..\Run: [rb32 lptt01] "c:\program files\rb32\rb32.exe"

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/048f751dbbcc30...tzip/RdxIE2.cab*

Now restart your computer, and delete the rb32 folder in Program Files, if it's still there.

Finally, run SpyBot, and have it remove all it finds, including New.Net and Cdilla items.

Cheers,


----------



## Pibroch (May 19, 2002)

Thanks a lot guys, especially you Tony, my pc is shutting down properly now, and it is also running faster. I will continue using the Cleanup program that someone gave me to keep my temporaty Internet files cleaned out, and Spybot S&D to search for any new spyware. This website is great. I will make a donation as soon as I get paid.


----------



## TonyKlein (Aug 26, 2001)

Glad to hear we were able to help. 

Cheers,


----------

