Slow boot up.

bocabill · #1 July 14th, 2003, 05:28 PM

Greetings Oh Learned ones: I have a home brew puter running
Win 98, with an AMD Duron 1.2 GHz, 256 memory, and a 20Gig. H.D. about 2 years old. Usually runs very well, with normal boot up speed. For some time now boot up takes up to 90 seconds.
After opening BIOS display screen, a DOS screen appears with information (5 seconds) then the Windows 98 logo screen comes
up for 25 seconds, then another DOS screen with C> prompts comes up for about 10 seconds. Then the background screen
for 15 seconds before the Desktop icons appear with the hour
glass, and the whole process takes 85 seconds. I have cleaned
up the system to bring my resources from 65 to 83% and reduced
the number of start up programs, but I still have this odd DOS screens and long delays slowing down things.

Can yo'all help?

bocabill

**AnnMarie** · #2 July 15th, 2003, 02:48 AM

Hi bocabill - it might help if we have a look at your startups. Go here and download and run Startup List. It will generate a log file. Copy the log and paste it back into this thread.

It might also be a good idea if we checked your autoexec.bat. Go to Start > Run and type:

sysedit

and then OK. Copy the contents of your autoexec.bat and post them back in this thread.

I've got to log out in a minute or two but I'll be back later and others may jump in and help in the meantime.

bocabill · #3 July 15th, 2003, 02:55 PM

Hello AnnMarie; Here is the Autoexe.bat files you asked for also.

SET SNDSCAPE=C:\WINDOWS

rem TShoot: C:\VIAUDIO\VIAUDIO.COM
SET BLASTER=A220 I7 D1 T2

@SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.0\ADOBEC~1

bocabill · #4 July 15th, 2003, 05:09 PM

Hi AnnMarie:
My Startup List follows:
StartupList report, 7/15/03, 11:54:08 AM
StartupList version: 1.52
Started from : C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\DESKTOP\JUNO\BIN\JUNO.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\JUNO\QSACC\X1EXEC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\NET2PHONE COMMCENTER\COMMCTR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\STARTUPLIST152\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
EnsoniqMixer = starter.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once

untd_recovery = C:\WINDOWS\DESKTOP\JUNO\QSACC\X1EXEC.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
CommCtr = C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
Mozilla Quick Launch = "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
PopUpStopperFreeEdition = "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 11/7/2003, 20:28:56)

[rename]
C:\WINDOWS\SYSTEM\BTIEIN.DLL=C:\WINDOWS\TEMP\MSIEI N\CAB378~1.853\BTIEIN.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET SNDSCAPE=C:\WINDOWS
SET BLASTER=A220 I7 D1 T2
SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.0\ADOBEC~1

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\SYSTEM\IEBRW.DLL - {1A98BCA2-0BD1-47DE-9710-C7665F7F1FCB}
(no name) - C:\WINDOWS\SYSTEM\HMEPGE.DLL - {A116A5C1-AD77-446C-992A-F56200B112DB}
(no name) - C:\WINDOWS\SYSTEM\HOTLINK.DLL - {B405EE45-1AA2-410D-A6CF-1A74371DCD62}
(no name) - C:\WINDOWS\SYSTEM\BTIEIN.DLL - {63B78BC1-A711-4D46-AD2F-C581AC420D41}
(no name) - C:\WINDOWS\IPINSIGT.DLL - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED}
(no name) - C:\Program Files\NewDotNet\newdotnet4_88.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
Httper - C:\PROGRAM FILES\HTTPER\HTTPER.DLL - {A5483501-070C-41DD-AF44-9BD8864B3015}
(no name) - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE = http://207.188.7.150/261a530125721f7...p/RdxIE601.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R...n/actsetup.cab

[AppDLCtrl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\APPDL.DLL
CODEBASE = http://download.howudodat.com/chatte...beta/appdl.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.co...599.2512384259

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://apple.speedera.net/qtinstall....eInstaller.exe

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security.symantec.com/SSC/Sha.../bin/cabsa.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/s...ctor/swdir.cab

[GpcContainer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IEATGPC.DLL
CODEBASE = http://myauctiontrainerevents.webex....ex/ieatgpc.cab

[CMV5 Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CPNMGR.DLL
CODEBASE = http://www103.coolsavings.com/download/cscmv5X.cab

[{26E8361F-BCE7-4F75-A347-98C88B418322}]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BTIEIN.DLL
CODEBASE = http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoftware.com/activescan/as/asinst.cab

[{421A63BA-4632-43E0-A942-3B4AB645BE51}]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IWCHECK.DLL
CODEBASE = http://i.rn11.com/iwasher/pptproacta...twasherpro.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #2: C:\Program Files\NewDotNet\newdotnet4_88.dll
Protocol #1: C:\Program Files\NewDotNet\newdotnet4_88.dll
Protocol #2: C:\Program Files\NewDotNet\newdotnet4_88.dll
Protocol #9: C:\Program Files\NewDotNet\newdotnet4_88.dll
Protocol #10: C:\Program Files\NewDotNet\newdotnet4_88.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,744 bytes
Report generated in 0.076 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

HKEd · #5 July 17th, 2003, 03:53 AM

Hi bocabill...I can't see anything in your startups that would be the cause of the slow boot. The delay is possibly driver-related. Tap F8 repeatedly after just before the "Starting Windows 98" message appears and either choose step-by-step confirmation to see where the hang occurs, or use Bootlog Analyzer to show the time taken to load items. Post the contents in your reply.

Having said that, you have some nasty-looking BHOs, including remnants of New.Net (which has altered your Winsock 2 files). You'll probably need a program called LSPFix to avoid losing internet connectivety. But first download, unzip and run HijackThis 1.95. After running a scan, the "Scan" button changes to "Save log". Choose this option (don't try to fix anything without advice) and save the log file somewhere handy, then post the contents here.

**AnnMarie** · #6 July 17th, 2003, 07:22 AM

In addition to what Ed suggested, it wouldnt hurt to run an online antivirus scan. Go here and run the online scanner. If RAV finds anything, please also post back the RAV log.

bocabill · #7 July 17th, 2003, 02:23 PM

Hi AnnMarie; Here is the result of the online virus scan.

Statistics

Scanned files: 26987
Scanned directories: 2182
Scanned archives: 812
Size of the scanned files: -1365009760
Packed files: 745
Known viruses found: 1
Virus bodies: 1
Suspicious files: 0

Disinfected files: 0
Deleted files: 0
Renamed files: 0
Copied files: 0
I/O errors: 0
Warnings: 0
Corrupted files: 0
New files: 148329
Mail files: 75

Found viruses
File: c:\Program Files\WildTangent\Apps\GameChannel\Games\16eab677-049b-4e81-9d79-44fd7cb8dc08\jvminstall.htm->(OBJECT0001)
Virus: HTML/CodeBaseExec* Status: Infected

bocabill · #8 July 17th, 2003, 03:36 PM

Hi HKEd. Here is the result of the HighJack Scan...
ope it helps.

Logfile of HijackThis v1.95.0
Scan saved at 9:36:10 AM, on 7/17/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\DESKTOP\JUNO\BIN\JUNO.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\DESKTOP\JUNO\QSACC\X1EXEC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS195[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.websearch.com/ie.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://my.juno.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.juno.com/web_search.juno?l&iadb&key
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\rlilq4cy.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csea rchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\rlilq4cy.slt\prefs.j s)
O2 - BHO: (no name) - {1A98BCA2-0BD1-47DE-9710-C7665F7F1FCB} - C:\WINDOWS\SYSTEM\IEBRW.DLL
O2 - BHO: (no name) - {A116A5C1-AD77-446C-992A-F56200B112DB} - C:\WINDOWS\SYSTEM\HMEPGE.DLL
O2 - BHO: (no name) - {B405EE45-1AA2-410D-A6CF-1A74371DCD62} - C:\WINDOWS\SYSTEM\HOTLINK.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet4_88.dll
O2 - BHO: Httper - {A5483501-070C-41DD-AF44-9BD8864B3015} - C:\PROGRAM FILES\HTTPER\HTTPER.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {6A85D97D-665D-4825-8341-9501AD9F56A3} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O3 - Toolbar: Zipclix - {319A68DB-06D0-46DA-9F93-A810D5A70836} - C:\PROGRAM FILES\ZIPCLIX\ZIPCLIX.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Show All Original Images - res://C:\WINDOWS\DESKTOP\JUNO\QSACC\appres.dll/228
O8 - Extra context menu item: Show Original Image - res://C:\WINDOWS\DESKTOP\JUNO\QSACC\appres.dll/227
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/261a530125721f7...p/RdxIE601.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...beta/appdl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...599.2512384259
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall....eInstaller.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://myauctiontrainerevents.webex....ex/ieatgpc.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www103.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproacta...twasherpro.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

HKEd · #9 July 18th, 2003, 07:36 AM

Yuk!!! Searchex, HuntBar (the tricky BTLink variety), IPInsight, NewDotNet, Httper, Zipclix and God knows what else. Hard to know where to start here. Read through all the links above and see if there any of these parasites you can remove via Add/Remove Programs or manually if you're up to it (full details in the links). Then download and install SpyBot Search& Destroy. Run it in Safe Mode and see what it can clean (anything marked red). You should also download LSPFix as you might find you have lost internet connectivety after dealing with NewDotNet.

After the above, run HijackThis again and post the new log. There'll be some further cleaning up to do.

If we get through this, you definitely need a program that will stop these parasites from sneaking onto your system. SpyBot has an Immunize feature, and there are dedicated programs like SpywareBlaster that will protect you. Good luck.

**AnnMarie** · #10 July 18th, 2003, 07:46 AM

And dont forget to delete the infected file that RAV found

bocabill · #11 July 19th, 2003, 06:39 PM

Hello AnnMarie and HKEd.

Thanks for your help and input. I have done all that you have
advised, and there is a great improvement. Attached is the last
HighJack scan ....
If there is nothing remarkable, you need not reply. I am sure you
are on to other problems....Again Thanks.

bocabill

Logfile of HijackThis v1.95.0
Scan saved at 1:25:49 PM, on 7/19/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\DESKTOP\JUNO\BIN\JUNO.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\DESKTOP\JUNO\QSACC\X1EXEC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS195\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://my.juno.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.juno.com/web_search.juno?l&iadb&key
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\rlilq4cy.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csea rchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\rlilq4cy.slt\prefs.j s)
O2 - BHO: (no name) - {B405EE45-1AA2-410D-A6CF-1A74371DCD62} - C:\WINDOWS\SYSTEM\HOTLINK.DLL (file missing)
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Show All Original Images - res://C:\WINDOWS\DESKTOP\JUNO\QSACC\appres.dll/228
O8 - Extra context menu item: Show Original Image - res://C:\WINDOWS\DESKTOP\JUNO\QSACC\appres.dll/227
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/261a530125721f7...p/RdxIE601.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatte...beta/appdl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...599.2512384259
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall....eInstaller.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://myauctiontrainerevents.webex....ex/ieatgpc.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www103.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproacta...twasherpro.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

HKEd · #12 July 20th, 2003, 03:26 AM

Looks a lot better, bocabill (are you the same bocabill that was a regular at VirtualDr?), but there's still some cleaning to go. Run another scan and have HJY fix the following:

O2 - BHO: (no name) - {B405EE45-1AA2-410D-A6CF-1A74371DCD62} - C:\WINDOWS\SYSTEM\HOTLINK.DLL (file missing)

O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL

O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/261a530125721f...ip/RdxIE601.cab

O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatt.../beta/appdl.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://myauctiontrainerevents.webex...bex/ieatgpc.cab

O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www103.coolsavings.com/download/cscmv5X.cab

O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab

O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://i.rn11.com/iwasher/pptproact...etwasherpro.cab

Make sure all IE and Explorer windows are closed when you run the fix. I think you'll get a message that HJT cannot backup DLL files, so just agree to that. They're parasites anyway. After the fixes, reboot and run another scan to make sure all the above are history. If not, post another log.

Did you get rid of that infected file?

HKEd · #13 July 20th, 2003, 03:32 AM

BTW, now that you have SpyBot S & D, use its Immunize feature to prevent this kind of crap getting on your system. For additional protection, install SpywareBlaster.

bocabill · #14 July 22nd, 2003, 01:05 AM

Quote:

Originally Posted by HKEd

BTW, now that you have SpyBot S & D, use its Immunize feature to prevent this kind of crap getting on your system. For additional protection, install SpywareBlaster.

Hi HKEd; No I am not the bocabill that frequents VirtualDr though I
might have visited it sometime in the past
(If dere is anudder bocabill out dere, da bum has got to go. Dis place ain't big enough for 2 bocabills)

I have had HJT fix the items you suggested,and it is now clean, but
the boot up is really only a little improved. However again thanks for
your persistance and help, and you all have been helpful. appreciate
it, and have also installed Spyware blaster.
I also have BootLegAnalyzer print out to send you for inspection.
Bocabill

bocabill · #15 July 22nd, 2003, 01:30 AM

Quote:

Originally Posted by bocabill

Hi HKEd; No I am not the bocabill that frequents VirtualDr though I
might have visited it sometime in the past
(If dere is anudder bocabill out dere, da bum has got to go. Dis place ain't big enough for 2 bocabills)

I have had HJT fix the items you suggested,and it is now clean, but
the boot up is really only a little improved. However again thanks for
your persistence and help, and you all have been helpful. appreciate
it, and have also installed Spyware blaster.
I also have BootLegAnalyzer print out to send you for inspection.
Bocabill

Here is the BLA report.
It seems that the report is too long for this forum. the system wont accept it.

bocabill,