Freezing

My computer keeps freezing. I have tried to scan disk and it says that everything is fine. I have tried system restore but it won't do anything as it says there have been no changes. I have tried to defragment the drive but it just stays at 0%. And finally I tried to put my restore disc in and reboot but it just bypasses it and carries on to windows.

Any ideas anyone? (Please!!!)

 

Hi welcome

Any error messages ? do a search on your PC for faultlog.text
copy and past the latest portion here , only need the topmost.

What are you doing when the PC freezes can you get it to repeat.
is windows up to date Is Internet explorer up to date ?

most people run scan-disk and defrag while in safe mode, If you haven't ran scandisk in thorough do so , I do but think its not really necessary but once or twice a year, (in thurough that is)
do scandisk first.
(Its strange I have to start scandisk twice even when ran from safe mode)
Have you ever used msconfig , have you used safe mode?
what shows in the close program box ?
Regards
Lonny

 

Your BIOS is set to boot from the C: drive first, it needs to be set to boot from the CDROM first. Press DEL on most systems when starting the computer to get there.

 

Your BIOS is set to boot from the C: drive first, it needs to be set to boot from the CDROM first. Press DEL on most systems when starting the computer to get there.

Okay, and when I get there, what do I do? What part do I have to change? I did what you say but I didn't see a section that said "Change boot from Drive C to CDRom" Where is this section?

I am sorry, I need an idiot guide!

 

Ok, perhaps not an idiot guide as I have now managed to change the start option to the CDRom drive. I have also used the recovery disc and hope I have now fixed the problem. In which case, thanks all for your help.


If not.... watch this space!!!!!

 

Okay, now I have defraged and it is still freezing... Any ideas?

 

This can be caused by too many things running in the background, started when the computer starts. Would this happen to be a Compaq machine? If so, you already have too many items not needed. Go get HijackThis, install it, run it. In Hijack, click on Config, click on Misc Tools, then Generate Startup Log, it will appear in Notepad, copy and paste it into a post here.

 

No, my system is an Evesham...

StartupList report, 12/07/2003, 09:29:19
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINACE\WINACE.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
SystemTray = SysTray.Exe
IST Service = C:\Program Files\ISTsvc\istsvc.exe
devldr16.exe = C:\WINDOWS\SYSTEM\devldr16.exe
P2P NETWORKING = C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 12/7/2003, 8:48:44)

[rename]
NUL=C:\WINDOWS\TEMP\MYSETP.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRA~1\FREEDO~1\FDAHLP1.DLL - {98DE779A-2364-4293-AB71-2B97C61C4640}
myBar BHO - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

PCHealth Scheduler for Data Collection.job
Tune-up Application Start.job
Video Reminder.job
McAfee.com Update Check 06082003173408.job

--------------------------------------------------

Enumerating Download Program Files:

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab

[Microsoft ProgressBar Control, version 5.0 (SP2)]
InProcServer32 = C:\WINDOWS\SYSTEM\COMCTL32.OCX
CODEBASE = http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSCOM.DLL
CODEBASE = http://cs6.chat.sc5.yahoo.com/v43/yacscom.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

[Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ISTACTIVEX.DLL
CODEBASE = http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

[eConn Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ECONNECT.DLL
CODEBASE = http://econnect.libereco.net/econnect.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37784.0943171296

[{469843DD-EBB3-4661-B0A6-E6FE590240C9}]
CODEBASE = http://olympustele.com/connect/dialer.cab

[DFRun Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IEGATOR.DLL
CODEBASE = http://webpdp.gator.com/v3/download/iegator_4090_hd3ptdmgainads.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 5,848 bytes
Report generated in 0.253 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Hi Frenchman
What a mess ,I see at-least two dialers several tool-bars
who knows what else , Please get and use both SpyBot and Adaware ,, update them > restart your PC in safe mode then scan first with SpyBot ,, check all the box's(except windows user tracts on windows me)>>>>>>> Hit fix

then do a scan with Adaware,restart (Normal mode)if not prompted to already and then scan again with highjack this
and post both the highjack this log and the startup log.

Lonny

 

Logfile of HijackThis v1.95.0
Scan saved at 14:57:55, on 12/07/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINACE\WINACE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.noblindlinks.com/sp.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.noblindlinks.com/sp.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.noblindlinks.com/sp.shtml
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.wba.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.noblindlinks.com/sp.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.runsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.runsearch.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.runsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.runsearch.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak=http://search.xrenoder.com
O1 - Hosts: 193.125.201.50 ie.search.msn.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\FDAHLP1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O3 - Toolbar: Zipclix - {319A68DB-06D0-46DA-9F93-A810D5A70836} - C:\PROGRAM FILES\ZIPCLIX\ZIPCLIX.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDABAR1.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37784.0943171296
O16 - DPF: {469843DD-EBB3-4661-B0A6-E6FE590240C9} - http://olympustele.com/connect/dialer.cab
O16 - DPF: {54E7E082-1DA6-412E-96B5-C290FCEF5329} - http://webpdp.gator.com/v3/download/iegator_4090_hd3ptdmgainads.cab
O19 - User stylesheet: c:\windows\my.css

 

StartupList report, 12/07/2003, 15:04:54
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINACE\WINACE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
SystemTray = SysTray.Exe
IST Service = C:\Program Files\ISTsvc\istsvc.exe
P2P NETWORKING = C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
devldr16.exe = C:\WINDOWS\SYSTEM\devldr16.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 12/7/2003, 14:54:58)

[Rename]
NUL=c:\windows\gatorplugin.log
NUL=c:\windows\downloaded program files\iegator.inf
NUL=c:\windows\downloaded program files\iegator.dll
NUL=c:\windows\cookies\default@counter6.sextracker[2].txt
NUL=c:\windows\cookies\default@counter1.sextracker[1].txt
NUL=c:\windows\cookies\default@hg1.hitbox[2].txt
NUL=c:\windows\cookies\default@advertising[1].txt
NUL=c:\windows\cookies\default@adtech[2].txt
NUL=c:\windows\cookies\default@redeye.willhill[2].txt
NUL=c:\windows\cookies\default@bluestreak[2].txt
NUL=c:\windows\cookies\default@counter3.sextracker[1].txt
NUL=c:\windows\cookies\default@counter12.sextracker[2].txt
NUL=c:\windows\cookies\default@counter16.sextracker[1].txt
NUL=c:\windows\cookies\default@counter2.sextracker[2].txt
NUL=c:\windows\cookies\default@spylog[1].txt
NUL=c:\windows\cookies\default@sextracker[1].txt
NUL=c:\windows\cookies\default@www.smartadserver[1].txt
NUL=c:\windows\cookies\default@adserv.internetfuel[1].txt
NUL=c:\windows\cookies\default@sexlist[2].txt
NUL=c:\windows\cookies\default@mediaplex[2].txt
NUL=c:\windows\cookies\default@hitbox[2].txt
NUL=c:\windows\cookies\default@etype.adbureau[1].txt
NUL=c:\windows\cookies\default@targetnet[1].txt
NUL=c:\windows\cookies\default@counter5.sextracker[1].txt
NUL=c:\windows\cookies\default@adserver.anm.co[1].txt
NUL=c:\windows\cookies\default@xxxcounter[1].txt
NUL=c:\windows\cookies\default@tradedoubler[1].txt
NUL=c:\windows\cookies\default@bfast[2].txt
NUL=c:\windows\cookies\default@hotlog[1].txt
NUL=c:\windows\cookies\default@counter8.sextracker[2].txt
NUL=c:\windows\cookies\default@fortunecity[2].txt
NUL=c:\windows\cookies\default@servedby.advertising[2].txt
NUL=c:\windows\cookies\default@atdmt[2].txt
NUL=c:\windows\cookies\default@commission-junction[1].txt
NUL=c:\windows\cookies\default@qksrv[1].txt
NUL=c:\windows\cookies\default@valueclick[1].txt
NUL=c:\windows\cookies\default@doubleclick[1].txt
NUL=c:\windows\temp\altnet\bdefdi.dll
NUL=c:\windows\temp\altnet\bdedownloader.dll
NUL=c:\windows\system\cd_htm.dll

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRA~1\FREEDO~1\FDAHLP1.DLL - {98DE779A-2364-4293-AB71-2B97C61C4640}
myBar BHO - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

PCHealth Scheduler for Data Collection.job
Tune-up Application Start.job
Video Reminder.job
McAfee.com Update Check 06082003173408.job

--------------------------------------------------

Enumerating Download Program Files:

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab

[Microsoft ProgressBar Control, version 5.0 (SP2)]
InProcServer32 = C:\WINDOWS\SYSTEM\COMCTL32.OCX
CODEBASE = http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSCOM.DLL
CODEBASE = http://cs6.chat.sc5.yahoo.com/v43/yacscom.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37784.0943171296

[{469843DD-EBB3-4661-B0A6-E6FE590240C9}]
CODEBASE = http://olympustele.com/connect/dialer.cab

[{54E7E082-1DA6-412E-96B5-C290FCEF5329}]
CODEBASE = http://webpdp.gator.com/v3/download/iegator_4090_hd3ptdmgainads.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 7,436 bytes
Report generated in 0.255 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

I dont see that you have run SpyBot and Adaware yet

Please do and also you could post a list of installed programs.
Contol panel addremove programs , take note of everthing.
ThankYou
Lonny

 

Highjack this detail

StartupList report, 13/07/2003, 09:12:02
StartupList version: 1.52
Started from : C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FREE DOWNLOADS ACCELERATOR\FDAAGENT.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
SystemTray = SysTray.Exe
P2P NETWORKING = C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
IST Service = C:\Program Files\ISTsvc\istsvc.exe
devldr16.exe = C:\WINDOWS\SYSTEM\devldr16.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 13/7/2003, 9:9:30)

[Rename]
NUL=c:\windows\ndnuninstall4_88.exe
NUL=c:\windows\downloaded program files\istactivex.dll
NUL=c:\windows\cookies\default@trafficmp[1].txt
NUL=c:\windows\cookies\default@paycounter[1].txt
NUL=c:\windows\cookies\default@cms[2].txt
NUL=c:\windows\cookies\default@bluestreak[1].txt
NUL=c:\windows\cookies\default@cgi-bin[1].txt
NUL=c:\windows\cookies\default@xxxtoolbar[1].txt
NUL=c:\windows\desktop\my briefcase\kmd.exe
NUL=c:\windows\temp\rb32.exe
NUL=c:\windows\temp\icd6.tmp\dialer.inf
NUL=c:\windows\system\dialeroffline.dll
NUL=c:\program files\myway\mybar\1.bin\npmyway.dll
NUL=c:\program files\myway\mybar\1.bin\mywaypluginproxy.class
NUL=c:\program files\kazaa\my shared folder\kmd210_en.exe
NUL=c:\_restore\temp\a0110221.cpy
NUL=c:\_restore\temp\a0110098.cpy
NUL=c:\_restore\temp\a0110094.cpy
NUL=c:\_restore\temp\a0102093.cpy
NUL=c:\_restore\temp\a0102092.cpy
NUL=c:\_restore\temp\a0102091.cpy
NUL=c:\_restore\temp\a0102031.cpy
NUL=c:\_restore\temp\a0099926.cpy
NUL=c:\_restore\temp\a0098866.cpy
NUL=c:\_restore\temp\a0095841.cpy
NUL=c:\_restore\temp\a0072682.cpy
NUL=c:\_restore\temp\a0072674.cpy

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRA~1\FREEDO~1\FDAHLP1.DLL - {98DE779A-2364-4293-AB71-2B97C61C4640}

--------------------------------------------------

Enumerating Task Scheduler jobs:

PCHealth Scheduler for Data Collection.job
Tune-up Application Start.job
Video Reminder.job
McAfee.com Update Check 06082003173408.job

--------------------------------------------------

Enumerating Download Program Files:

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab

[Microsoft ProgressBar Control, version 5.0 (SP2)]
InProcServer32 = C:\WINDOWS\SYSTEM\COMCTL32.OCX
CODEBASE = http://bin.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSCOM.DLL
CODEBASE = http://cs6.chat.sc5.yahoo.com/v43/yacscom.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37784.0943171296

[{469843DD-EBB3-4661-B0A6-E6FE590240C9}]
CODEBASE = http://olympustele.com/connect/dialer.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 6,041 bytes
Report generated in 0.149 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Please help!!!!!!!!

I am going mad!!!!!!!!!!!

 

A suggestion that you may not prefer.

DUMP Windows ME completely and go back with either Win98 SE or XP Pro.

Both are far superior to ME. And both are easier to control.

And at least with SE keep the items loading at startup to a MINIMUM of necessary ones.

Once ME gets s.c.r.e.w.e.d. up it is near impossible to repair.

Plus a question.

While you are trying to make these repairs do you have Anti-Virus software disabled.

And if you happen to be using Norton AV etc. DUMP it also and go for more standalone and much less System loading AV and Firewall Software.

BillyBob

 

And to add something that I forgot.

SE will not go overtop of ME anyway.

But DO NOT even THINK about putting XP over top of the existing messed up ME.

In either case FORMAT and start over.

Otherwise you WILL have Mucho many problemos.

BillyBob

 

Windows XP

okay... I have a copy of windows XP I can load. I now need an idiots guide to reformatting!

 

I can tell that you did run Spybot as evidenced by the Wininit.Bak listing of a lot of cookies and other things being removed. However, the dialer key is still there, you did not allow Spybot to remove the all offending items, or they came back as a result of the following paragraph.

The istsvc.exe starting up is something you do not want on your system.

Uninstall Universal Plug and Play, it has nothing to do with your hardware Plug & Play capabilities, it is to do with networking, blame M$ for it's name. It is a security risk, read this page.

You have no firewall, this with UnPnP and Kazaa is a bad combination.
You also have no AV program installed, and you are using a P2P file sharing program. I see no evidence of a virus running right off the bat, you have been lucky, but a scan is not a bad idea.
AVG AV for free
Housecall, online AV scan
Online Trojan Scan
Kerio Personal Firewall

The dialer I mentioned can cost you money, it will dial up a connection overseas, and it will do this with the modem speaker turned off, you will not hear it and not know about it.
I see that you did get Gator killed, it can cause your freeze ups.
You have Kazaa, this may be where you got some of these baddies, uninstall it and get KazaaLite. It doesn't have the baddies and works.
After you allow Spybot to remove everything with a red mark next to it, and if Spybot asks to allow at next startup, allow it, and reboot.
After all this, get Regcleaner , install, then run, at the toolbar of Regleaner, go to Tools\Registry Cleaner\Do Them All, remove everything it finds.

BillyBob is right about ME.
Good luck!
Edit: I took too long, Xp install is now mentioned. Get a Bootdisk, at the A:\> prompt type in "format c: "

 

Many of the items ( Kazaa etc. ) that markp62 mentioned are the TRASH that I refer to in my reply.

markp62 just explained better as to what they are or do.

And they are deffintely things that are not good to have on the machine no matter what OS you are using.

I did not realize it but markp62 is quite correct about Anti-Virus and Firewall.

Very dangerous to run with out them.

BillyBob

 

Frenchman3622 keep us informed

If you are still having problems post the logs again, and please tell more of what you are doing, first though upon a fresh boot
delete the contents of windows temp ,, then control panel IE options and [delete files] and offline content(again) clear history and delete cookies, anyway do the fixs with spybaot and or adaware and when you next start the pc run highjack this and post those logs again,,,,, mayhave to do that a couple times even.

Windows ME is not the problem!! unless mayhap its an upgrade.

Lonny


Info about Kazza and kazzalite