how do I restore my corrupted files? PCWIZ.386 & SYSWIZ.386 if I do not have a disk?

what would cause my pc to switch to standby mode when ever I log onto aol?

Hi MikeFL - welcome to CTH. PCWIZ.386 & SYSWIZ.386 are not Windows files. Have you installed a program called Immedia at any time? If not, could you please tell us exactly what error message you are getting and what you are doing that when the error appears.

hi thanx for the reply. when I bring up aol and enter my screen name & password..after I click on enter...my pc goes into standby mode...I have to surf the net thru my cable connection.. instead of thru aol... I ran file check and it showed I have 2 corrupted files... PCWIZ.386 & SYSWIZ.386 would this have anything to do w/my problem? If so how do I restore these files? I have no disk to restore them..

Hi MikeFL - as both your topics relate to the same issue, I have merged them.

Now, how long has this been happening with AOL? Did the problem coincide with the installation of new hardware or software. Have you tried a System Restore if it is a recent occurance?

hi AnnMarie, no, I haven't tried a system retore yet...this problem has been going on for about a week now..I haven't installed any new programs lately...only updated my AVG virus scan a few days ago...
I have 3 teenage kids that use the pc too...I thought maybe we picked up a new virus thru aol... It takes about 10-15 tries before I can actually get online thru aol... as soon as I click on enter a little box pops up and says it's switching to standby...Is there a program that I can download to check my aol /system?

Hi again Mike - it might help if we had a look at your startups. Go here (http://www.spywareinfo.com/files/hijackthis.zip) and download and run a scan with Hijack This. Dont make any changes, just click on Save Log, copy it and post it back in this thread.

Logfile of HijackThis v1.95.0
Scan saved at 7:56:10, on 6/27/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\PAL\CSS\RUN32DLL.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\KFH\CL\LAUNCHER.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\TOOLS_95\IMGICON.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.sqwire.com/searchpage.php?aid=833
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.mymediacomonline.com/pace
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer=sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride=*r21.mchsi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {0000026A-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\TPS108.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {FFD2825E-0785-40C5-9A41-518F53A8261F} - C:\WINDOWS\SITEHLPR.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL
O2 - BHO: (no name) - {B427BF1E-A970-47DA-9BC3-02E8C5EC667D} - C:\PROGRA~1\XPCSPY\IESPY.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\wizard.exe c:\windows\SYSTEM
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [klp] C:\WINDOWS\SYSTEM\PAL\CSS\run32dll.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TweakIco] c:\hp\support\tweakico.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/ddc/flipside/corollajoyride/wtinst.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com/ActiveX/NPBMCtrl.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37625.5286689815
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST0014.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {4CBBC676-507F-11D0-B98B-000000000000} - http://www.bc777.com/software/SiteHlpr.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/1203030306/VBouncerOuter1203.EXE
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,11/mcgdmgr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

Hi Mike - you have spyware on board but my immediate concern is that I believe you are infected with a virus/trojan.

Go here (http://www.ravantivirus.com/scan/) and run the online scan and then post back the log. We can get rid of the spyware later.

Scan started at 6/27/03 12:56:54

Scanning memory...
c:\WINDOWS\SYSTEM\OLEMIS32.DLL - TrojanDropper:Win32/Delf.Z -> Infected
c:\WINDOWS\SYSTEM\KTKbdHk.dll - Trojan:Keylog.DaFunk -> Infected

Scanned
============================
Files: 30516
Directories: 3937
Archives: 899
Size(Kb): -317322
Infected files: 2

Found
============================
Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 120

Hi MikeFL - I think we had better get a second opinion. Although you scanned with a different AV, I have found reports of KTKbdHk.dll being incorrectly identified as a trojan by McAfee. I couldnt find any information to that effect on the McAfee site though. Do you have a program installed called "All Clear"? I found the below information:

AllClear

Description:

Note: McAfee antivirus will report that the Keylog.DaFunk trojan is in KTKbdHk.dll. The author of the program reports this is a "false positive" and there is no virus in this utility.
AllClear is a macro recording utlity. It will record commands and anything else that you type at the AutoCAD command prompt. After recording you can save the file to your harddrive for later use. You can view what was recorded. You can also play back what was recorded. Faster and easier than creating a lisp file or a script file.

Re: c:\WINDOWS\SYSTEM\OLEMIS32.DLL

Try deleting the file. If you are not able to do this in normal mode, boot into Safe Mode (reboot and tap F8 as your computer restarts) and see if you can delete it there.

When you have done this, could you please go here (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) and run another scan. Post back with the results.

*EDIT* I nearly forgot. Could you please give me some more information about this file:

C:\WINDOWS\SYSTEM\PAL\CSS\run32dll.exe

What is PAL\CSS? Rightlick on run32dll.exe and choose Properties. Post back all the details. Could you also do the same for KTKbdHk.dll.

hi AnnMarie, I clicked on the link for the Panda Virus scan.. "active scan" ...but I keep getting the following message when I try to start the scan.."error on page" ...
I deleted the OLEMIS32.DLL file....

OK - try Housecall (http://housecall.trendmicro.com/). Disable your anti virus program first though.

Dont forget to post back the info re file Properties etc.

KTKbdHk.dll
General
Type: Application Extension
Location: C:\windows/system
Size:19.5KB(19,968 bytes)20,480 bytes used

MS-DOS name KTKbdHk.dll
Created: Tuesday,Dec. 28,1999
Modified: same date
Accessed: Friday June 27,2003

Version
File version: 1.0.0.0
Description: Library for implementing keyboard hooks
Copyright© 1999, Konstantin Tretyakov

**I couldn't locate "run32dll.exe ' on my puter..

OK, KTKbdHk.dll is a nasty keylogger. You can delete it.

**I couldn't locate "run32dll.exe ' on my puter..

Make sure that you can view Hidden files Mike. Open My Computer and click on View > Folder Options. Then click on the View Tab and enable "Show All Files".

Also, what can you tell me about PAL and CSS?

hi AnnMarie, I ran the virus scan and it came back clean "housecall didn't find any viruses in files/disks"

here's the properties for run32dll.exe

General

type:Application
Location: C:\windows\system\PAL\CSS
size: 144B (147,456 bytes)
MS-DOS name: run32dll.exe
created friday, dec. 13, 2002
modified: same date
Accessed: june 27,2003

Version
1,0,0,1
Description: keylogWIN95 MFC Application

***re>PAL CSS: it's a PAL PC Spy program...my wife said she didn't know that it actually downloaded...it just popped up on her screen "ad" ..but I guess it did huh?
I'm going to try to delete the ktkbdhk.dll file now....

Re PAL PC Spy, I think I have come across this program before. If it's the one I'm thinking of, you need a special password to be able to access a console and it can only be uninstalled from there. If your wife does not have the password, we might have to delete the folder and just clean up as best we can.

OK, now that you are virus free we will get rid of your spyware and browser hijackers. Go to Add/Remove Programs in Control Panel and uninstall KFH (or Downloadware) if present. Then, download Spybot - Search & Destroy from here (http://spybot.eon.net.au/)

After installing, launch Spybot from the Desktop Icon (Easy Mode),click on the Search For Updates button, search for and install all updates.

Now click on the Check for Problems button and the scan will start. Any Red entries indicate spyware problems that should be fixed to avoid security and/or privacy problems. This is the only kind of problem that is preselected to be fixed. If, after running the scan, Spybot displays red entries, click on the Fix Selected Problems button.

Now click on the Immunize button to protect your PC from known pests and exit.

If you have chosen to install an icon in your Quick Launch bar, Spybot will launch in Advanced Mode. I do not recommend this option for first time users of Spybot.

NOTE: SSD will sometimes not be able to remove all active components in the first 'run'. In that case you will get a dialog asking you to run SSD at next start. Click yes and reboot.
SSD will activate before the system puts these components 'in use', and it will then be able to 'fix' the rest.

Post back a fresh Hijack This log when you have finished.

Logfile of HijackThis v1.95.0
Scan saved at 4:28:27, on 6/28/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\PAL\CSS\RUN32DLL.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\KFH\CL\LAUNCHER.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\TOOLS_95\IMGICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.mymediacomonline.com/pace
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer=sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride=*r21.mchsi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL
O2 - BHO: (no name) - {B427BF1E-A970-47DA-9BC3-02E8C5EC667D} - C:\PROGRA~1\XPCSPY\IESPY.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\wizard.exe c:\windows\SYSTEM
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [klp] C:\WINDOWS\SYSTEM\PAL\CSS\run32dll.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TweakIco] c:\hp\support\tweakico.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/wdriver/ddc/flipside/corollajoyride/wtinst.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com/ActiveX/NPBMCtrl.cab
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video Class) - http://streamp.babenet.com/cabs/videox.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37625.5286689815
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {4CBBC676-507F-11D0-B98B-000000000000} - http://www.bc777.com/software/SiteHlpr.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/1203030306/VBouncerOuter1203.EXE
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,11/mcgdmgr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab


***re>PAL CSS
I ran the Spybot program..."247 bad"
should I go to the PAL PC Spy (Pal css) files and delete them manually? c:\windows\system\PAL\CSS ?
I still get a little pop-up box when I reboot my puter..."trial period has expired do you want to register?" when I click on "yes" I'm taken to a web page to register re> PAL

Hi Mike - re the CSS program, is there an entry in Add/Remove Programs in Control Panel? If so, try uninstalling it. If there is no entry, open the CSS folder in Windows Explorer and look for an uninstall file (unwise.exe). If you find one, double click on it and see if the program will uninstall. If not we will have to disable it and then delete it. I have included the instructions to disable it in the entries to fix in Hijack This so try the above first.

Now run Hijack This again and this time, select the below entries and click on "Fix Selected".

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about :blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about :blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about :blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about :blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about :blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about :blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL

O2 - BHO: (no name) - {B427BF1E-A970-47DA-9BC3-02E8C5EC667D} - C:\PROGRA~1\XPCSPY\IESPY.DLL (file missing)

O4 - HKLM\..\Run: [EAPCISetup] c:\windows\SYSTEM\wizard.exe c:\windows\SYSTEM

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /P

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServices: [klp] C:\WINDOWS\SYSTEM\PAL\CSS\run32dll.exe

Reboot and search for realshed.exe and rename it to realshed.old. If it wont let you rename it, disable realsched.exe in Task Manager (Ctrl+Alt+Del) and then try.

You have a number of ActiveX controls which I am sure that you dont need and any of these could be causing problems.

To get rid of them, open Open your browser and go to Tools > Internet Options and click on the General Tab. Click on Settings (next to Temporary Internet Files) and then click on View Objects. Rightclick on each and choose Properties. If there is anything there that you dont know what it is (microsoft, apple, macromedia etc are OK) or where it came from,delete it. If there are any damaged controls there, delete those also.

Are you still having problems with AOL? If so, post back a fresh log just in case I missed something.

hi AnnMarie... I'm still getting the same little box popping up when ever I try logging onto aol... I've posted a new "hijack this log" below....
**what anti virus program do you recommend for a home pc?

**fresh log**
Logfile of HijackThis v1.95.0
Scan saved at 1:06:57, on 6/29/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MPREXE32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.mymediacomonline.com/pace
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer=sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride=*r21.mchsi.com
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [TweakIco] c:\hp\support\tweakico.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

Hi again Mike - try disabling Standby in Control Panel. Go to Start > Settings > Control Panel and click on Power or Power Management. Where it says System Standby, choose Never from the list and click Apply and then OK.

If that doesnt work, try disabling all third programs from starting via msconfig (Start > Run and type msconfig. Click on the Startup Tab and uncheck all unnecessary entries) and then try connecting. If you can connect without any problem with no other programs running at startup, re-enable each program (one at a time) and reboot. It's a bit tedious but you should find the culprit.

Re anti virus programs. AVG is fine Mike provided you remember to update it. Most AV's do not detect trojans. Just run an online scan every couple of weeks and make sure that you have a good firewall installed. Have a look at this (http://www.cybertechhelp.com/forums/showthread.php?s=&threadid=12901) thread.

hi AnnMarie, I did all the above...and I still getting a little box that pops up saying my computer is switching to standby... I can't sign onto aol thru my aol start page......I have to log on thru my mediacom web page.. I'm connected to the internet thru cable... I noticed on one of my hijack this logs that I had "aoldsl.net" ... is that broadband for aol?if so... I don't remember downloading it??? Could that have a conflict w/my cable modemn thru Mediacom?

I noticed on one of my hijack this logs that I had "aoldsl.net"

Hi Mike - I have had a look at the logs you have posted and I cannot see any mention of aoldsl.net. Can you please point us to it or post the log so we can have a look at it.

Try disabling Mediacom's proxy settings and see if that helps. Open IE and go to Tools > Internet Options and click on Connections. Click on Settings. Make sure that "Use a Proxy Server" is unchecked and reboot. If you have connection problems, go back and check it.

hi AnnMarie, I remember aoldsl.net was on a hijack this log the other day... not one I posted... I don't know what happened to it... but I think I seen aoldsl.net...oh well lol... sign I'm getting old I guess :-)

Hey! I have no trouble signing onto aol 7.0...connects everytime... should I (delete)uninstall aol 8.0 and then reinstall it?
Would that fix the problem?

A friend of mine found a post on another forum the other night and thought it was interesting...re> aoldsl.net... I've sent you a copy to read...>>>

***Original MessageName: Patrick <http://www.computing.net/cgi-bin/getemail.pl?u86T0uHKxujmRoH_juvCkYAwJbFfAe4O> Date: April 16, 2003 at 17:17:32 Pacific Subject: Routing Errors OS: XP and 98 CPU/Ram: 300mhz/? Comment: I have WinXP on my computer, and Windows 98 on the other 2. I am using MCHSI Cable (Mediacom) The router I am using is D-Link After I ran the wizard one of the other computers and my computer worked immediatly. But the other one has problems...when I open up IE and type in an address..it gives me an error has happend, would you like to send this error report to Microsoft....Then when I try and open AOL it comes up with a WAOL Error and makes me shut down before it opens. I sent an error once...and it sent..so I know that the net <http://adforce.adtech.de/?adlink|82|60988|1|16|AdId=160394;misc=1829646;lin k=http://itxt.vibrantmedia.com/system/logintellitxt.asp?ipid=6&cc=us&di=14242&ts=1829646> has to be working somehow...but I don't know why I am getting these errors... This is what the winipcfg says... D-Link DFE-530TX+PCI Adapter Adapter Address: 00-40-05-80-6E-AD Ip <http://adforce.adtech.de/?adlink|82|60988|1|16|AdId=160394;misc=1829646;lin k=http://itxt.vibrantmedia.com/system/logintellitxt.asp?ipid=6&cc=us&di=12032&ts=1829646> Address: 192.168.0.102 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.0.1 Here is what the error stuff says... iexplorer.exe Appver: 6.0.2600.0 Mod Name: Unknown Modver: 0.0.0.0 Offset: 00775F56 Here is some more of the ipconfig stuff... Host Info --------- Host Name: z6yiu7.aoldsl.net DNS Servers <http://adforce.adtech.de/?adlink|82|60988|1|16|AdId=160394;misc=1829646;lin k=http://itxt.vibrantmedia.com/system/logintellitxt.asp?ipid=6&cc=us&di=14244&ts=1829646>: 192.168.0.1 Node Type: Broadcast And everything else is blank... Anyone have any idea?

re> aoldsl.net

Logfile of HijackThis v1.95.0
Scan saved at 16:06:41, on 6/30/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.exe
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.mymediacomonline.com/pace
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer=sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride=*r21.mchsi.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

***what should I do per> aoldsl.net? delete it?

Hey! I have no trouble signing onto aol 7.0...connects everytime... should I (delete)uninstall aol 8.0 and then reinstall it?

Hi Mike, I think that the problem is with AOL 8.0. If you can sign on via AOL 7.0, its unlikely that any further modifications using Hijack This is going to help.

I think that your best bet is to uninstall the software and then reinstall it. Here are full instructions in case you dont have them Upgrading Your AOL Software (http://memberselfservice.aol.com/help_manual/upgrade_pf.htm).

*EDIT* :D I just noticed that you have Win98 lol. I'll move your topic to the Win98 Forum.

I have uninstall and reinstalled aol 8.0 on my puter and I'm still getting the same standby message... This is what shows when I run "hijack" on 7.0 and 8.0. AOLDSL.NET only shows up when I click on aol 8.0... It's weird that I can get online thru 7.0 and not 8.0...I've never had this problem before hmmm? I have no clue what to do...
thanx, Going NUTS in Pensacola UGH!!! LOL!

**AOL 7.0 LOG
Logfile of HijackThis v1.95.0
Scan saved at 13:56:13, on 7/1/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.exe
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.mymediacomonline.com/pace
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer=sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride=*r21.mchsi.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

aol 8.0 LOG
Logfile of HijackThis v1.95.0
Scan saved at 13:49:50, on 7/1/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.exe
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.mymediacomonline.com/pace
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer=sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride=*r21.mchsi.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

How do I get rid of the aoldsl.net on my pc so it wont return when I load aol 8.0? I've never had this problem before until recently...I ran spybot...still getting a little box that pops up saying my puter is switching to standby when ever I log onto aol 8.0

Hi Mike - I merged your threads as they both relate to the same issue. Getting rid of aoldsl.net is easy. Just run Hijack This again and select the below entry and click on Fix Selected. Reboot afterwards.

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Crossing fingers :p

hi AnnMarie, I deleted aoldsl.net and rebooted... I can go thru aol 7.0 to get online but if I just click on 8.0 without signing on...and then go back to 7.0 I get the same error box "standby mode"... aoldsl.net shows up again...this is driving me NUTS LOL! maybe I should just delete aol 8.0 from my system and stick w/aol 7.0... what I can't understand is why just here recently I started having this problem, I've been running 8.0 for a while now... I just can't firgure it out...hmmmmm? There's got to be a solution... lol

Hi Mike - I'm running out of ideas and I think it would be a good idea to transfer your thread to the Internet Forum as this seems to be an AOL issue. It would be great to get other opinions.

It would also be a good idea to post a Startup log (its a little different to the Hijack This log but you can do this from Hijack This. Run a scan and under "Other Stuff", click on Config and then click on Miscellaneous Tools. Check both options "List also minor sections" and "List empty sections" and then click on "Generate Startup List Log" and post it in this thread.

hell AnnMarie, here's the start-up log you requested.
thanx for all the help... I know it's been a pain ... UGH!

StartupList report, 7/3/03, 7:53:01
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\HIJACKTHIS.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.exe
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
Zip Disk Icons.lnk = C:\Tools_95\IMGICON.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
hpsysdrv = c:\windows\system\hpsysdrv.exe
Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
AVG_CC = C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce

washindex = C:\Program Files\Washer\washidx.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once

[Setup]
Registrando Panda ActiveScan = C:\WINDOWS\SYSTEM\regsvr32.exe /s C:\WINDOWS\SYSTEM\ActiveScan\as.dll
Registrando Panda Almacen = C:\WINDOWS\SYSTEM\regsvr32.exe /s C:\WINDOWS\SYSTEM\ActiveScan\pavpz.dll
Registering ActiveScan controles = C:\WINDOWS\SYSTEM\regsvr32.exe /s C:\WINDOWS\SYSTEM\ActiveScan\ascontrol.dll

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf

[FontsPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf

[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

[PerUser_ICW_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf

[PerUser_Base] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf

[ShellPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf

[PerUserOldLinks] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf

[PerUser_Paint_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf

[PerUser_dxxspace_Links] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf

[PerUser_MSBackup_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf

[PerUser_CVT_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\windows\INF\applets1.inf

[PerUser_Enable_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf

[MotownRecPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf

[MotownMPlayPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\motown.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\windows\INF\rna.inf

[PerUser_Wingames_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf

[PerUser_Sysmon_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 c:\windows\INF\appletpp.inf

[PerUser_Sysmeter_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 c:\windows\INF\appletpp.inf

[PerUser_netwatch_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 c:\windows\INF\appletpp.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf

[PerUser_Onlinelnks_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis_remove 64 c:\windows\INF\appletpp.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[PerUser_ClipBrd_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf

[{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\fpxprs16.inf,PerUserStub

[MmoptMusicaPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf

***see next post for 2nd half of start up log

[MmoptJunglePerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf

[MmoptRobotzPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf

[MmoptUtopiaPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Install.PerUser .W95

[OlsAolPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 c:\windows\INF\ols.inf

[OlsAttPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 c:\windows\INF\ols.inf

[OlsCompuservePerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 c:\windows\INF\ols.inf

[OlsProdigyPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 c:\windows\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 c:\windows\INF\ols.inf

[Shell3PerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf

[Theme_Windows_PerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf

[Theme_MoreWindows_PerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exeadvpack.dll

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[>chanbar] *
StubPath = c:\windows\RUNDLL.EXE setupx.dll,InstallHinfSection add2.chanbar.pui 128 c:\windows\options\cabs\oem_set.inf

[Chlen-us] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chlen-us.inf,InstallUser

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*No subkeys found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 1/7/2003, 7:55:36)

[Rename]
NUL = C:\Program Files\America Online 8.0a\JITI\Real9_codec_upd.exe

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

echo off
REM To make a DOS Boot Diskette; See the file C:\DOSBOOT\DOSBOOT.TXT
path C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\GRISOFT\ AVG6
C:\essolo.com

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\essolo.sys
REM To make a DOS Boot Diskette; See the file C:\DOSBOOT\DOSBOOT.TXT
[common]
dos=high,umb
buffers=40
device=c:\windows\himem.sys /testmem:off
DEVICE=C:\WINDOWS\EMM386.EXE
rem The below DOS CD ROM driver is not required to run Windows 98.
DEVICE=c:\cdrom\OakCdRom.SYS /D:IDECD000

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

ECHO OFF
REM To make a DOS Boot Diskette; See the file C:\DOSBOOT\DOSBOOT.TXT
set path=c:\windows\command
c:\windows\smartdrv /q
LH c:\windows\command\mscdex /D:IDECD000 /L:M
set mouse=c:\imouse
c:\imouse\imouse
SET PROMPT=$p$g
SET TEMP=C:\windows\TEMP
SET TMP=C:\windows\TEMP
Rem Configure the sound card
c:
cd \windows\system
REM RIPUTIL /A220 /I5 /D1 /RI10 /unmute
cd \windows
C:\essolo.com

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://c:\windows\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[SecureLogin.SecureControl]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVESECURITY.OCX
CODEBASE = http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: c:\windows\SYSTEM\rnr20.dll
Protocol #1: c:\windows\SYSTEM\mswsosp.dll
Protocol #2: c:\windows\SYSTEM\msafd.dll
Protocol #3: c:\windows\SYSTEM\msafd.dll
Protocol #4: c:\windows\SYSTEM\msafd.dll
Protocol #5: c:\windows\SYSTEM\rsvpsp.dll
Protocol #6: c:\windows\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating Win9x VxD services:

VNETSUP: vnetsup.vxd
NDIS: ndis.vxd,ndis2sup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
NTKern: *NTKERN
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
IOS: *IOS
MTRR: *mtrr
SPOOLER: *SPOOLER
UDF: *UDF
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VRTWD: c:\windows\SYSTEM\vrtwd.386
VFIXD: c:\windows\SYSTEM\vfixd.vxd
VNETBIOS: vnetbios.vxd
VREDIR: vredir.vxd
DFS: dfs.vxd
NDISWAN: ndiswan.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 23,511 bytes
Report generated in 0.873 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

I notice that you seem to have two antivirus products installed, AVG and Panda, having two running can often cause conflicts

hi AnnMarie, just wanted to say thanx for all the help..I finally got the "standby" problem fixed .... I really appreciate all the help... I know it was a PAIN lol have a good day...Mike

Hi Mike - no, it wasnt a pain but I was at a loss as to what to advise next. How did you resolve it? We would really appreciate it if you would post the fix, in case another member has the same problem.

Hi AnnMarie...sorry for not getting back earlier but I've been working my tail off at work LOL! Here's the fix for the "aol standy mode" problem...I talked w/an aol tech and he had me to delete my "global.org" files and then told me to click on shutdown then cancel...haven't had a problem since... hope this helps...
*I was beginning to think I was going to have to go out and buy me a new pc LOL!! thanx again for all your help AnnMarie...

You are very welcome for my input Mike and thank you very much for posting back the resolution. :D