New Logfile - Computer taking forever to boot

I have been attempting to discover what has infected my W98 computer. It takes forever to boot and the CPU is usually 100% busy during the boot. It seems to run fairly normal after its done doing what ever its doing. I do get the Shell ext error message : Camera Manager not registered when attempting to view the properties of a desktop icon. What's this about? I haven't noticed any adverse attacks an do not sense that is is sending messages over the internet. The entire boot process is weird. Its very slow to load the desktop icons and then does about 40 disk seeks towards the end before I can use the computer. What's happened and how do I fix it Help is definitely needed and appreciated.
Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 10:06:34 PM, on 5/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\BELLSOUTH\CONNECTION TOOL\IPCLIENT.EXE
C:\PROGRAM FILES\BELLSOUTH\CONNECTION TOOL\IPMON32.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
C:\TOOLS_95\IMGICON.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\TEMP STUFF\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~3\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [tgcmd] C:\WINDOWS\TEMP\ConnectionManager\sprt\vault\tg\tgcmd.exe /server /nosystray /deaf
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\BELLSOUTH\CONNECTION TOOL\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\BELLSOUTH\CONNECTION TOOL\IPMon32.exe"
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton Personal Firewall\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: Office Startup.lnk = C:\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38132.3092939815

 

Hi Pontiac,

Installing the latest version of IE6 SP1 might help, since that will replace many outdated system files (also advisale from a security point of view)

I will list some startups that are iunnecessary in my view. Rememeber that this is subjective.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [tgcmd] C:\WINDOWS\TEMP\ConnectionManager\sprt\vault\tg\tgcmd.exe /server /nosystray /deaf
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\PROGRAM FILES\BELLSOUTH\CONNECTION TOOL\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\BELLSOUTH\CONNECTION TOOL\IPMon32.exe"

O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan

Then reboot.
Just to be safe do an online virusscan, you will find several listed here: http://www.wilders.org/free_services_m.htm

HTH,

Pieter

 

Pieter,
I want to thank you for your time and intellect to be able to help me with this. I have completed the recommendations you made and also updated W98 and directX while I was at it. I plan on getting a new computer soon so had not been careful about doing the updates (not very wise). The shellext error (Camera Manager...) is gone. The system seems to boot better but still has a period of disk accesses after the desktop icons seem to be fully loaded, but maybe it was always like this and I've forgotten. This makes me a happy camper for now - Thanks - Thanks - Thanks!!!
Roger H.

Here's the resulting scan log:

Logfile of HijackThis v1.97.7
Scan saved at 5:31:02 PM, on 5/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\TOOLS_95\IMGICON.EXE
C:\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\TEMP STUFF\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~3\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton Personal Firewall\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunOnce: [ACMWrapperV2.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\ACMWrapperV2.dll"
O4 - HKLM\..\RunOnce: [MediaPlayerV2.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\MediaPlayerV2.dll"
O4 - HKLM\..\RunOnce: [driversV2.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\driversV2.dll"
O4 - HKLM\..\RunOnce: [Cdbootable.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Cdbootable.dll"
O4 - HKLM\..\RunOnce: [cdDataPS.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdDataPS.dll"
O4 - HKLM\..\RunOnce: [cdExtra.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdExtra.dll"
O4 - HKLM\..\RunOnce: [cdmp3.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\cdmp3.dll"
O4 - HKLM\..\RunOnce: [database.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\database.dll"
O4 - HKLM\..\RunOnce: [ISO9660.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\ISO9660.dll"
O4 - HKLM\..\RunOnce: [Joliet.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Joliet.dll"
O4 - HKLM\..\RunOnce: [Udf.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Udf.dll"
O4 - HKLM\..\RunOnce: [creator.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\creator.dll"
O4 - HKLM\..\RunOnce: [Translator.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CreatorAPI\Translator.dll"
O4 - HKLM\..\RunOnce: [CDEngine.dll] c:\windows\system\regsvr32.exe /s "C:\Program Files\Common Files\Adaptec Shared\CDEngine\CDEngine.dll"
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - Startup: Iomega Watch.lnk = C:\Tools_95\IOWATCH.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - Startup: Iomega Disk Icons.lnk = C:\Tools_95\IMGICON.EXE
O4 - Startup: Office Startup.lnk = C:\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38132.3092939815

 

Glad we could help.

Please read How did this happen and can I prevent it?

Practice now so your new computer will have a safe start.

Regards,

Pieter