symptoms: start up hang fires right after background comes up, or right after desktop icons appear, or just as nav tray loads. starts fine from step-by-step start up. After hangfire start-up, starts up ok on second try, sometimes takes 3 tries. No probs on shut down. If I click on URL link I get a blank window, i.e., address bar and message body are blank, if I paste into the address bar it will go to the site. Page turnings are hanging up at last item, blue bar moves all the way across and hangs for 30 seconds or so, not limited to any particular site. I tried restoring the system 3 times using 3 different dates, but it will not complete the restore, says no changes were made, however, my My Favs were were erased from the tool bar drop-down, but not from the start-menu My Favs. They have since reappeared in the tool bar drop-down. these symptoms started out of nowhere, I cannot relate anything to the inception of the symptoms. This started about 3 days after I had uninstalled the new Spybot that was giving me some problems. I reinstalled it tonight. All Av, and anti-spyware are updated and run regularly with 'all clear' on all programs. Really frustrating :mad:


Logfile of HijackThis v1.97.7
Scan saved at 11:12:24 PM, on 5/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\LXAMSP32.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\MRU-BLASTER\SCHEDULER.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about%20:mozilla/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=search&LC=0409
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Digital Dashboard] C:Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [ScriptSentry] C:\PROGRAM FILES\SCRIPT SENTRY\SCRIPTSENTRY.exe /check
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\PROGRAM FILES\MRU-BLASTER\indexcleaner.exe -CACHE
O4 - Startup: COMPAQ KNOWLEDGE CENTER.LNK = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)

Your explanation of syptoms is a little too densely packed for me to sort out this late at night, but I can say that your log looks mostly clean. I did find a couple of references to this being bad:

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

I may be a good idea to find it and check Properties to see what it is from unless you are already familiar with it. Fix it if it looks suspicious.... Then you will need to find and delete the file....

basically the symptoms are:

when I turn on the box, the load hangs up either right after the desktop icons appear, or a little further on.

If at that time I manually shut down and reboot from the step-by-step procedure-it's fine.

If I turn on and go to step-by-step it will hang up as described above, but if I manually shut down, and go to step-by-step--it loads ok.

No problems shutting down.

Problems operating--slow page turnings,the blue bar stop a tick before finishing, and hangs for about 30 secs.,

and when I click on a URL link I get a window that looks fine except the address bar is blank, and message body is blank, arrow and hour glass remains on screen in the new window, but nothing happens. I can paste the address in though, works fine.

BudFred: I don't get this (find it where?? properties where?)

""O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

I may be a good idea to find it and check Properties to see what it is from unless you are already familiar with it.""

____________

I found the icon for this in WINDOWS, it's a little white truck with a red cross on it, but it did not open when I clicked on it. I have no idea what it is. :(

realtime.exe

Did you once try an online scan with PCDoctor? See here (http://www.windowsstartup.com/wso/search.php)

Not malware, but not needed either.


Donn, are you scared of my suggestion in your Blank Windows thread??;)

Edit- Sorry about the link, here is the info if you do a search there for realtime.exe:

realtime.exe PCDRealtime 0 This is apparently the monitoring device for PC Doctor Online, a program I inadvertently installed. It provides a \"free\" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to \"order\" the fee-based fixes from its web site. Rip-off, to my mind. But then I\'ve never ordered a fix.

If it is monitoring,it may be the cause of some slowdown. Get rid of it.

Right. Good call. I took it out, and when i restarted it came back up with no hitches, so now all I have to do is figure out what is bugging the IE.

Thanks....:D :cool:

Well, I would try disabling your Earthlink pop-up blocker and see if that has an effect. There are other alternatives if it is the problem.


Another thought is to try Opera or Firefox. Both have bult-in pop-up blockers and it really is a wise move to make the change to an alternate browser. By doing so you eliminate quite a few potential malware problems. If either of those work fine, at least we know it is a problem specific to IE, and not a general Windows problem.



Wait....IE IS a general Windows problem.:p

Originally posted by malcore
Well, I would try disabling your Earthlink pop-up blocker and see if that has an effect. There are other alternatives if it is the problem.


Another thought is to try Opera or Firefox. Both have bult-in pop-up blockers and it really is a wise move to make the change to an alternate browser. By doing so you eliminate quite a few potential malware problems. If either of those work fine, at least we know it is a problem specific to IE, and not a general Windows problem.
Wait....IE IS a general Windows problem.:p

Have any idea how to reinstall IE? The directions in Compaq Knowledge Center didn't apply to me, I think, since I wiped the disk and reinstalled it. I have Netscape Navigator in my start-up menu. I wonder if I could just uninstall IE, and then download IE again using NetNav...?

Problem solved. Must have been a corrupted file in IE. I kept looking for the IE files as EXPLORER.EXE, and I mistyped it this time as EXPLORE.EXE, and there ws the IE file. So, one of the icons is the original IE set up files...click this, click that, and it starts to reinstall.

I've been clicking on URLs for about the past five minutes (...feel like I've been let out of a cage!!), and everything is working fine, and th machine is working faster.

My new bumper sticker: When in doubt--REINSTALL!!

Thanks for your ideas, etc. :D :D :) :cool: