# Nprotect caused error in KERNEL32.DLL



## dudemus (Feb 28, 2003)

This is short to see if I can get through. I'm navigating mouseless since I got this message while booting up. Norton systemworks says I'm O.K. but I can't boot up from a CD to do system recovery.
Is my registry corrupt? Norton supposedly checked it.


----------



## bilnrobn (Jan 16, 2003)

Have you tried http://support.microsoft.com/default.aspx ?
Enter kernel32.dll into the search box.


----------



## Triple6 (Dec 26, 2002)

Is it that your mouse no longer works or is ther more? With the computer off, unplug then plug your mouse back in. If that still doesn't work boot in safe mode by pressing F8 just as windows boots and see if it works there. Please post more info like the error and what o/s you're running.


----------



## dudemus (Feb 28, 2003)

It may be on your site but I finally found the fix at http://www.annoyances.org/exec/forum/winme/t1042334226
You guys are most helpful. I wish I had more time to read the threads - it would save me hours of frustration. I considered buying a new computer system after spending several hours on the phone attempting to get tech support and the answer was in my computer the whole time. Thanx.

Sorry about the sentimentality.


----------



## dudemus (Feb 28, 2003)

So I'm at work now. The fix I posted previous to this didn't work. When I went back to normal mode, everything reverted back to day 1. Is there any way to log onto the internet from selective mode? Not having a mouse is driving me nuts and the only time I have a mouse is in selective which won't allow me to get to the satellite/USB. I'm sorry I'm so obtuse about this stuff. Is there a book that tells somebody how to survive in Windowsland? My library is full of Mac books which are gathering dust since we got the PC and I'm depending on it more and more.


----------



## dudemus (Feb 28, 2003)

i'm still at work. it sure is nice having a mouse to work with. somebody suggested just reloading my mouse driver might fix things. what about all the errors that have been showing up on .dll files. what causes them?


----------



## dudemus (Feb 28, 2003)

so i got my mouse cursor back in normal mode but i'm still getting lots of different error messages about 'bla bla has caused an error in something something.DLL' (a lot of different programs and files). I still get the "Rundll has caused an error in MMSYSTEM..." but there are others. I can't change things in the display control panel like display properties i've got 16 colors and the minimum screen size. it lets me change something but when i reboot it's reverted back to the old properties.

i don't know what i did to get the mouse back - i wish i did know because it'll probably mess up again since all these error messages are telling me my system's not healthy.


----------



## dudemus (Feb 28, 2003)

i'm making a little progress. i found out how to get to safe mode (it requires enabling the start menu in msconfig and f5 when booting) and i deleted a bunch of things under display adapter, several mouse entries and keyboard. i noticed a bunch of other devices had duplicate entries under them. is it ok to delete them and let the system reset them (like discs). are there any "don't delete this item!" warnings?

i'm again getting errors related to kernel32 "wcmdmgr has caused an error in kernel32.dll..." the control panel won't let me change the display size and color.

i'm still working on possible virus infection but nothing yet.


----------



## jm100dm (May 26, 1999)

Go here to scan on-line for viri. Then download highjackthis and spybot to scan for hijackers. Run highjackthis and post results here. After that has been checked run spybot.

http://forums.techguy.org/t110854/s40a1149509b1012e058147b9c8f4633d.html

You can read more about errors here.
http://www.generation.net/~hleboeuf/erriexpl.htm#ERRKERNEL32.DLL


----------



## KMull (Nov 20, 2002)

Sounds like you've got a variant of the Klez32 virus installed.

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

This will help with detecting and removing it. Make sure to print out the instructions first if you don't know how to boot up into safe mode to run it (only way it will clean and remove it).


----------



## dudemus (Feb 28, 2003)

thanx for your input. today i ran a downloaded fix for the yaha worm which i was suspecting as a culprit and it didn't identify any problems. i had some weird things going on - my wife was playing solitaire the other day and told me to come quick - messages were flashing up on the screen that e-mail was being sent out to people she'd sent stuff to the week before; i ran a virus scan but didn't find anything then. i've gotten a couple bsod trying to run virus scans in the last couple of days and i'm still getting multiple error messages associated with dll files. i ran RAV antivirus online today and it found two virus infections and 4 suspected files but i want to go back to symantec and check out the klez story.

i reinstalled norton today so that i'd have some protection until i found something better and got the "nprotect has caused an error in kernel32.dll" which started me out in this whole mess but at least i've got a mouse cursor now to help navigate.

but i'm trying to stay positive about this - i've learned more in the last 2 days than i've learned in the 2 years that i've been using windows.


----------



## KMull (Nov 20, 2002)

Yep...definately a Klez worm.

Normally an AV program won't catch a worm/trojan. Seems like with all the Klez variations, Symantec has had to come up with specialized removal programs for them and not rely on just their AV program to catch and remove em.


----------



## dudemus (Feb 28, 2003)

i hope you can make heads or tails of this:

Logfile of HijackThis v1.92.1
Scan saved at 3:59:42 PM, on 3/6/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://srch-us2.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=http=127.0.0.1:83
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=127.0.0.1;localhost
F0 - system.ini: Shell=
F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://start.earthlink.net"); (C:\Program Files\Netscape\Users\dude\prefs.js)
O2 - BHO: (no name) - {C6CEAC32-D45C-11D4-94AF-0050BABD5FD6} - C:\PROGRAM FILES\URL ORGANIZER\URLORGIE.DLL
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.63-DELEON.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Wireless Keyboard] C:\Program Files\Ultimate Desktop Wireless\mHotkey.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [gnetmous] C:\Program Files\Ultimate Desktop Wireless\gnetmous.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [SpyCop ScanCheck] C:\WINDOWS\Profiles\System\Desktop\MAIN.EXE /LASTSCAN
O4 - HKLM\..\RunServices: [DPCProxyLoadOnStartup] C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe -start
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKCU\..\Run: [Screenshot Export] C:\PROGRAM FILES\LYTTLESOFT STUDIOS\SCREENSHOT EXPORT\SCREENEXP.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O4 - Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Serandom2.lnk = C:\WINDOWS\SYSTEM\Serandom2.scr
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - User Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Serandom2.lnk = C:\WINDOWS\SYSTEM\Serandom2.scr
O4 - User Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
O4 - User Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.63-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.63-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.63-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.63-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.63-DELEON.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .ppt: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,9/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/en/deleon/1.1.60-deleon/GoogleNav.cab
O16 - DPF: Yahoo! Klondike Solitaire (Google Activate) - http://yog55.games.scd.yahoo.com/yog/y/ks11_x.cab
O16 - DPF: ConferenceRoom Java Client (Google Activate) - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security3.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security3.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37616.2808217593
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003030601/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = direcpc.com


----------



## jm100dm (May 26, 1999)

dudemus

From what I see you have too much running at startup. To get you started here are a few recommendations. there is more that should go. I'm out of time right now though.

Save.exe = spy-ware --- I Recommend removal

You have both McAfee and Norton. Suggest eliminating one. They do not work well together.
mgavrtcl.exe = McAfee's Virus Scan On-line

ssdpsrv.exe 
Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the check-mark next to Universal Plug and Play

DirectCD.exe 
DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later

TkBellExe -- check this site out.
http://www.mikescomputerinfo.com/TkBellExe.htm


----------



## KMull (Nov 20, 2002)

Okay...first things first....

1. MGAVRTCL.exe is the VIRUS! Kill that puppy

2. Great googallymoogally....all those start up programs... Here's a list of what you don't need everytime:
a. Tkbell.exe - RealOne/Player file
b. wkfyd.exe - Works promotional file
c. wksSb.exe - another Works file
d. Wkdetect.exe - yet another Works file
e. QTTASK.exe - Quicktime file
f. MTask - Windows task manager unless you really 
like Windows managing when you perform 
maintenance.
g. Adobe Gamma Loader - no really needed if you 
don't run Photoshop that often
h. dpcstart.exe - some form of download accelerator
i. Google toolbar programs - unless you are actively 
using them in IE

You can diable these by going to Start > Run > msconfig and unchecking these files. Looks like you've got a few of them loaded twice so....they might be taking up twice the memory (never seen that in action though).


----------



## VirtualMe (Sep 27, 2002)

KMull,

If you don't mind, could you post the link that says MGAVRTCL.exe is a VIRUS?

My search says it is part of McAfee, but one of the files that most viruses try to disable.


----------



## jm100dm (May 26, 1999)

I private messaged KMull to compare notes and he responded that he was mistaken. So please disregard that comment. *It is not the virus.*

KMull 
Member 
Joined Nov 2002
34 Posts

Re: ?????? (03-06-2003 09:38 PM) 
quote:
--------------------------------------------------------------------------------

jm100dm wrote on 03-06-2003 08:29 PM: 
mgavctr.exe 
McAfee's Virus Scan Online

At this site it reports it as an onlinescan. 
http://www.spywareinfo.org/startup_...tartup_full.htm

--------------------------------------------------------------------------------

You're right, however, I mispelled the one that's the actual virus ( I can't read my own handwriting when I wrote all that down on paper first).


----------



## KMull (Nov 20, 2002)

> _Originally posted by VirtualMe:_
> *KMull,
> 
> If you don't mind, could you post the link that says MGAVRTCL.exe is a VIRUS?
> ...


http://www.google.com/search?hl=en&ie=ISO-8859-1&q=+MGAVRTCL.exe&btnG=Google+Search

in my PM back to jm, I had put it in there.

The file with R at the end was part of McAfee, the one with L is the virus.

O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe <--- this is the line I was referring to. There is a line that has mgavrtcr.exe but that's not what I was referring to.


----------



## dudemus (Feb 28, 2003)

thank you for your help everybody.

keith:
how do i go about killing mgavrtclexe? i don't want to get it mad or something. i guess i need to be in safe mode.

question - how do those online scanners root out viruses anyway? the virus removal processes i've been reading about require system restore to be turned off and safe mode be turned on.

...and is it safe for my wife to send out e-mail? she's worried about infecting her friends.


----------



## KMull (Nov 20, 2002)

Here's the link to Symantec's instructions on how to remove the trojan:

http://www.symantec.com.au/avcenter/venc/data/pf/trojan.kkiller.html

Looks like there's no auto removal tool to do it, although if you get the generic Klez removal from their website try and see if that does anything:

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

I'm not the programmer type so I'm not really sure how the AV programs work, all I do is sit back, run it and let it work it's magic.


----------



## jm100dm (May 26, 1999)

Still trying to clear this up. *mgavrtcl.exe* is not a virus. If you read carefully the link posted above that is one of the files that gets targeted by trogans.


----------



## jm100dm (May 26, 1999)

mgavrtclexe is also a legit file.

http://www.mcafee.com/support/cust_serv/faqs/tech_support/faq_tech19.asp


----------



## VirtualMe (Sep 27, 2002)

jm100dm,

I have to agree with you.

I read them the same as you do. That *mgavrtcl.exe* is not a virus, and *mgavrtclexe* is also a legit file.

My search turned up the same links that you and KMull posted.

Thanks for the Links.

I just wanted to be sure.


----------



## dudemus (Feb 28, 2003)

i ran the klez tool and everything appears to be fine.

i've got a mouse, full color and sound. i couldn't have done it without you.

i guess you can close this business out. i still have the original message "Nprotect has caused an error in KERNELL32.DLL. Nprotect will now close...." but it's just a nuisance issue now.

thanks again very, very much.


----------



## ~Candy~ (Jan 27, 2001)

If it's closing anyway, can't you just remove it from the msconfig startup tab?


NPROTECT Norton Protected Recycle Bin from Norton Utilities. Adds an extra layer of safety before you remove deleted files from the Recycled Bin. Its your choice


----------



## dudemus (Feb 28, 2003)

is that all it is? heck, consider it gone. thank you.


----------



## dudemus (Feb 28, 2003)

oops, i spoke too soon. i guess i don't know how to uncheck things from the startup group and have them removed from the startup process. when i uncheck items and reboot, things seem to work (like "Nprotect...." doesn't pop up). but when i go to normal startup and reboot, everything is back again. all those programs i unchecked yesterday are back like spycop and tkbell and whenusave....


----------



## ~Candy~ (Jan 27, 2001)

Some items, you may have to go to the program itself, in user options or preferences, uncheck it there from starting each time windows loads.

Also, in the msconfig tab, (start button, run, then type msconfig and hit ok, go to the startup tab) you accept changes after you uncheck stuff, correct, then restart?


----------



## dudemus (Feb 28, 2003)

hi again,

i hope this isn't confusing jumping between two threads. if you want me just to stay in this one just let me know. 

yes, when i uncheck an item in the startup list i click apply (what does "cleanup" do?) and then restart. the item i unchecked is back in the list of startups again.

you're right i could go directly to the individual programs and disable them. but unfortunately i don't know what a program is supposed to do or where it lives. is there a basic list somewhere of what programs are absolutely necessary for windows me to run, and can you tell me how to cause windows to use that list for startup?

thank you,
dude


----------



## ~Candy~ (Jan 27, 2001)

> _Originally posted by dudemus:_
> *oops, i spoke too soon. i guess i don't know how to uncheck things from the startup group and have them removed from the startup process. when i uncheck items and reboot, things seem to work (like "Nprotect...." doesn't pop up). but when i go to normal startup and reboot, everything is back again. all those programs i unchecked yesterday are back like spycop and tkbell and whenusave.... *


Ok, I'm a bit confused. If you uncheck them, for the most part, most should stay unchecked.....I'm not sure what you mean by go to normal startup?


----------



## jm100dm (May 26, 1999)

dudemus 

In msconfig the first tab gives you three ways to boot your computer. If you have any unchecked items in startups then you would always leave the tick in the selective startup. Moving it to normal would load all software as it indicates. Does this help explain how it works?


----------



## jm100dm (May 26, 1999)

dudemus 

As for what is needed for Windows ME I don't know (still using 98SE). I can help you remove some I know are not needed though. Going back to your original highjackthis list it shows me 52 items at startup. All the 04 entries. I new list would be easier to work with so that it is less confusing. Could you un-check the items that you know you don't want or need and reboot, then run highjackthis again or msinfo32 and post it here? In the meantime I'll take a look at that first list.


----------



## ~Candy~ (Jan 27, 2001)

The ME, from my understanding is the same as 98 necessary startups, except for system restore to work, they need to keep checked statemgr.


----------



## jm100dm (May 26, 1999)

Thanks Candy



dudemus 

Heres a few to get your started. To compare I use my computer for hours daily and only have 12 items in startup and usually only 8-9. Have to leave but will check back later.



Not needed -- all can be removed if you don't use the related program all the time.

Qttask.exe 
System Tray access to Apple's "Quick Time" viewer from version 5 onwards

WkDetect.exe 
Checks for updates to MS Works 

WksSb.exe 
The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program. The Works Portfolio provides a location where you can store items you want to later put into a document or other file

DirectCD.exe 
DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later 

ssdpsrv.exe 
Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for network plug and play functionality. Starts up a web server on port 5000. Used by Universal Plug and Play (for network device discovery). To remove this program, open Add/Remove Programs, select either Communications (Me) or Networking Services (XP), and remove the checkmark next to Universal Plug and Play 

SYMTRAY.EXE 
Keeps all System Tray icons for Norton SystemWorks together to reduce clutter. SystemWorks includes Norton Anti-Virus, Norton Utilities and Norton CleanSweep

Adobe Gamma Loader.exe 
Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it.

Csinsm32.exe 
Automatic logging of installs from Norton CleanSweep - available via Start -> Programs


----------



## dudemus (Feb 28, 2003)

i've been super busy the last few days and haven't gotten back here till now. i decided my system.ini file was corrupt and a found what must have been a backup (i think it had a .wsm? suffix),copied it to my system.ini rebooted and i'm back to normal.

as far as the startups go - i downloaded a little program to manage startups and used it to uncheck everything except for about 6 basic programs. i rebooted and my available resources were 79%.
I looked at msconfig and i saw that all the startup manager program did was turn on selective startup and uncheck programs. since then i've found that that's the standard - just leave selective startup turned on. i kept wanting to turn on normal startup and i couldn't make those programs go away. it looks like they have keys in the registry and i'm not ready to be monkeying around with that yet. so now i have about 10 programs that seem to want to startup with windows, my system recourses runs around 80%, i've got color, sound, a mouse and i'm ready for the next crisis (which my daughter says is "her Sims program keeps crashing").
if that's the worst thing happening, i'm on easy street.

thank you again everybody.

dude


----------



## jm100dm (May 26, 1999)

Glad to see its running better now. If you check post 31 that is what I was saying. Has to be on selective unless you remove all the unchecked items through the registry and disabled startup items.


----------



## dudemus (Feb 28, 2003)

thanks. in the future i'll read posts more carefully.

i've got one last question (i should probably start a new thread)

i decided after 1 1/2 years of being lucky it was about time i had a startup disk. i used the control panel add/remove programs to create a startup disk. then i decided it would be an opportune time to test it.

on rebooting i got a blinking light on my a: drive and i could hear the disk spinning up but it just gave a blank (black) screen. while i was having those other %$&*@@%&* problems i tried to startup using a norton startup CD and also an HP Pavilion system recovery CD but they both did the same thing - just a blank screen (the HP system recovery disk gave a screen that said "press any key to continue" first and then a blank screen). HP techs said i had a bad recovery disk and talked me into buying a new one.

does anybody know why i can't boot off of other than my hard drive?


----------



## ~Candy~ (Jan 27, 2001)

My guess is that you probably have the bios setup to boot from the hard drive first. Change it to a: and try again.


----------



## dudemus (Feb 28, 2003)

thanx candy,
i think the bios is set up ok. is there some way to print up the bios file? or can you tell me what i should be looking for? posts indicate that different computers have different bios setups?
dude


----------



## ~Candy~ (Jan 27, 2001)

Try booting to a command prompt only, then try to access the floppy drive by typing:

a:
and press enter...does it change to a: ?

If so, type dir
and press enter

do you get a directory of the contents or an error message?


----------

