Mom and dad's PC boot/run slow HJT log

Hey guys, Lonny helped me about a year ago on another machine so of coarse this is the first place I go for help.
My parents (68 &72 years young) have a 5 year old Compaq pesario WIN ME, AMD 800 I think.
All of a sudden during boot it goes to the Compaq splash screen (never did this before) then black with a cursor for awhile then finally ME splash then the desktop.
I have them using Firefox and mail washer plus Avast! AV, AdAware and spybot. It did It did find beagle 32 and a "general trojan ". One of these were in the Compaq "restore" directory and was hidden but I found it and removed it manually. I'm sure it has affected the registry and the boot up.
Task manager doesn't show anything suspicious that I can see.
Here is the HJT log, what do you see?

Logfile of HijackThis v1.98.2
Scan saved at 6:16:57 PM, on 7/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
CROGRAM FILESALWIL SOFTWAREAVAST4ASHSERV.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
CROGRAM FILESCOMPAQEASY ACCESS BUTTON SUPPORTCPQEADM.EXE
C:WINDOWSTASKMON.EXE
CROGRAM FILESMOTIVEMOTMON.EXE
C:WINDOWSSYSTEMHIDSERV.EXE
CROGRAM FILESALWIL SOFTWAREAVAST4ASHMAISV.EXE
CROGRAM FILESALWIL SOFTWAREAVAST4ASHWEBSV.EXE
CROGRAM FILESCOMPAQEASY ACCESS BUTTON SUPPORTBTTNSERV.EXE
C:WINDOWSSYSTEMRESTORESTMGR.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMRPCSS.EXE
CROGRAM FILESCOMPAQEASY ACCESS BUTTON SUPPORTEAUSBKBD.EXE
C:WINDOWSDESKTOPHIJACKTHIS.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://e.my.yahoo.com/config/migrate?.done=http://my.yahoo.com/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CROGRAM FILESADOBEACROBAT 6.0READERACTIVEXACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [PCHealth] C:WINDOWSPCHealthSupportPCHSchd.exe -s
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [Hidserv] Hidserv.exe run
O4 - HKLM..Run: [CPQEASYACC] Crogram FilesCompaqEasy Access Button Supportcpqeadm.exe
O4 - HKLM..Run: [EACLEAN] Crogram FilesCompaqEasy Access Button Supporteaclean.exe
O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 - HKLM..Run: [MotiveMonitor] Crogram FilesMotivemotmon.exe
O4 - HKLM..Run: [ashMaiSv] CROGRA~1ALWILS~1AVAST4ashmaisv.exe
O4 - HKLM..Run: [avast! Web Scanner] CROGRA~1ALWILS~1AVAST4ASHWEBSV.EXE
O4 - HKLM..RunServices: [*StateMgr] C:WINDOWSSystemRestoreStateMgr.exe
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..RunServices: [avast!] Crogram FilesAlwil SoftwareAvast4ashServ.exe

Thanks alot in advance

 

OK, thanks Pete. I'm on my way there now. wilco
Dan

 

Here is as you requested.
Good luck and thanks again.
Dan

Logfile of HijackThis v1.99.1
Scan saved at 1:23:58 PM, on 7/22/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://e.my.yahoo.com/config/migrate?.done=http://my.yahoo.com/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

 

I see nothing bad in the HJT log, but do have a couple of recommendations.
For one I can see that Universal Plug and Play is running, and it is not needed. This link has Unplug and Pray, and it will kill it for you.
http://www.grc.com/default.htm

You can remove this,
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
It checks the system files every ten minutes to see if they haven't been overwritten with an approved or updated version, almost the same as StateMgr.Exe.

You can remove this.
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
"motmon.exe is a process by Motive Communications which allows a user to submit files to the Internet. This is a non-essential process. Disabling or enabling this is down to user preference" from this link.
http://www.processlibrary.com/directory/files/motmon/

Lastly, you may need to do a cleanup of temp files in a way not possible while windows is running. Make a boot floppy at Add\Remove Programs, click on Startup Disk tab, insert floppy and follow the prompts.
Boot the computer with it, choose without CDrom support. Do not choose Command Prompt Only as these commands will not work so well.
Note: the first and last commands will appear to do nothing when done correctly
smartdrv
deltree c:\windows\cookies
deltree c:\windows\history
deltree c:\windows\temp
deltree c:\windows\tempor~1
md c:\windows\Temp
Type a Y that you want to delete, check for typos at this time.
When done, take out floppy and reboot. As windows starts up, those deleted folders will be recreated clean, with the exception of C:\Windows\Temp. That last command already created it, as ME seems to forget to make that one again.

You need to visit windows update, and install IE 6 SP1 by itself, be sure to Remove the other updates that are available. When you do so, it will at first download a small file, then this file runs and downloads everything else. What I would do is click on the Custom Install button, and then choose "download and and install later ".
Then disable the AV and Compaq Easy Access button startup items in Msconfig, and reboot before the install.
This does two things, a better install, and gives you the chance to have the IE6 files in case you need them later. Note, this IE6 for ME cannot be used for any other version of windows.

BTW, that is the cleanest log I have seen on here for a while.

 

Mark, when you say "Boot the computer with it, choose without CDrom support. Do not choose Command Prompt Only as these commands will not work so well. "
How do I enter the commands you suggest if I have no C:/ prompt. I have only booted with a boot disk with out CD support and with an A:/ command prompt then change to C:/ before deleting or changing names.
Won't removing cookies and cache through control panel accomplish the same?
Also I have them using Mozilla Firefox 1.05 exclusively for internet browsing, is the IE update still necessary?
Thanks allot and I will fix / remove the things you recommend.
Oh yea, will any of these stop the stall and "Compaq" splash screen at boot? (It really bugs my dad)
Dan

 

Those commands will work if you see A:\> or C:\> or C:\Windows> or any other type of prompt on the screen. Choosing with or without CDrom causes the floppy to put a few folders on a PATH, so the files in them are found to run no matter what. Command Prompt only does not do this.

No, not quite the same as removing through the Control Panel\Internet Options. There are a few files that are not deleted using this method, Desktop.Ini and Index.Dat. Index.Dat grows larger, and does not get smaller when you delete cookies or Temp IE files, deleting it from dos is the best way to clean it out. These two files will be recreated as windows starts up, but much smaller and cleaner. If you do not want to lose any cookies, delete the ones you do not want, and use this command in place of the cookies line when in Dos off of the floppy.
deltree c:\windows\cookies\index.dat

There is a chance the Compaq boot screen may be coming from the BIOS, never worked on a Compaq machine myself. There is a slight possibility it is coming from the Master Boot Record, doing this command twice may help you, and will not hurt in any case unless you are running a dual boot computer. It will rebuild the Master Boot Record as MS Windows would have it. The reason for doing it twice as the old one is moved to another location as a backup.
It will not appear to do anything if done correctly.
fdisk /mbr

Yes, the IE update is necessary as Internet Explorer is half of windows. Better safe than sorry, and earlier versions of IE are no longer fully supported by MS.
Firefox is a great and safe browser to use, I like it quite a bit.

This is something that slipped my mind earlier, if you remove this, and delete all the files in the C:\Windows\Applog folder, your system will run just a bit better, and Defrag will not take so long.
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
What it does is monitor the programs you run, so when you defrag your hard drive is rearranged so these programs start faster, saving you about .2 seconds overall. Your choice, but most choose to kill it.