1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Startup Problems

Discussion in 'Earlier Versions of Windows' started by ctpetro, Oct 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. ctpetro

    ctpetro Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    8
    I see that the following topics have already been discussed somewhat, however, I have not seen a solution to what I am experiencing.
    I am running Windows 98. Upon startup, I am getting a SVCINIT.EXE box that reads: "cannot find SVCINIT.EXE, make sure path and filename are correct"
    After clicking "OK", I then get a new box that reads: "could not run SVCINIT.EXE specified in the WIN.INI file, make sure file exists or remove reference to it in the WINI.INI file"
    After clicking "OK" to that, I get an error starting box that reads:
    "a required .DLL file, PSAPI.DLL was not found"
    After clicking "OK" to that, I can proceed. However, I notice that some sites are in "slow motion" since seeing these errors.
    Please keep in mind that I am not very computer saavy. If you can help, I would be very appreciative.
     
  2. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Hi and welcome. It could be some type of a keylogger or trojan.

    Can you download Hijack this, run it and post your scan log.

    http://www.tomcoyote.org/hjt/
     
  3. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    AcaCandy has got it right, it is a keylogger. Here is a link to Pest Patrol's page on this malware known as 007Starr. They give removal instructions there.
     
  4. ctpetro

    ctpetro Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    8
    Hello AcaCandy & Bill C,
    Here is my log:

    Logfile of HijackThis v1.97.3
    Scan saved at 6:08:41 AM, on 10/12/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\PTSNOOP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
    C:\WINDOWS\SYSTEM\MAPISP32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.martfinder.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:///
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xwebsearch.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:///
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchalot.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchalot.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchalot.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/
    F1 - win.ini: load=ptsnoop.exe
    F1 - win.ini: run=C:\WINDOWS\svcinit.exe
    O1 - Hosts: 66.250.171.136 auto.search.msn.com
    O1 - Hosts: 66.250.171.136 sitefinder.verisign.com
    O1 - Hosts: 66.250.171.136 sitefinder-idn.verisign.com
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\PROPEL ACCELERATOR\PRPL_IEPOPUPBLOCKER.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] systray.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [AtiKey] Atitask.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
    O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
    O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.searchalot.com/search.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
    O14 - IERESET.INF: MS_START_PAGE_URL=http://www.searchalot.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://64.157.10.150/diallerfiles/030083.exe
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
    O16 - DPF: {80F1B906-D066-11D3-AD70-009027B8ADBC} (WebPlayer Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/285e37bc58d6b67a3918/netzip/RdxIE601.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
    O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://directplugin.com/tl4000.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.accelerator.bellsouth.net/sdccommon/download/tgctlcm.cab
    O19 - User stylesheet: c:\windows\my.css

    I have Norton Systemworks 2002 installed, and have started receiving the following messages:
    "Unable to repair file C:\windows\system\svcinit.exe
    Infectedwith the Backdoor.Trojan virus"
    and: "repair failed [email protected] virus"

    Bill, I looked at the Pest Patrol page, and don't have a clue on what to do with that. Pardon my ignorance! I just use them, I don't know how they work. I really appreciate both of you taking the time to try and help me. I will be spreading the word on this site.
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,409
    First Name:
    Frank
    Ctpetro:

    You should also download and install AD-AWARE 6.0.181 and SPYBOT - SEARCH & DESTROY 1.2.0. You can read about and download them from here.

    Frank's Windows 95/98 Tips
     
  6. ctpetro

    ctpetro Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    8
    Hello Favallee (Frank?)

    Thank you for the links for Spybot & Adware. Since using them, I'm running just as fast as ever. (Maybe faster?) I also went in to Hijackthis and deleted the svcinit file, and the SVCINIT box that was appearing upon opening (Win98) is now gone. Thank you AcaCandy!!

    Now if I could just get rid of that damn error starting message:
    "a required .dll file, psapi.dll was not found...."

    thank you again,
    Chris
     
  7. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    You should also go to add/remove programs and delete new.net.
    Then rescan with hijack and and put a check next to these and have hjt fix em.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.martfinder.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:///
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xwebsearch.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:///
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchalot.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchalot.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchalot.com/search.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://xwebsearch.biz/
    F1 - win.ini: load=ptsnoop.exe
    F1 - win.ini: run=C:\WINDOWS\svcinit.exe
    O1 - Hosts: 66.250.171.136 auto.search.msn.com
    O1 - Hosts: 66.250.171.136 sitefinder.verisign.com
    O1 - Hosts: 66.250.171.136 sitefinder-idn.verisign.com
    O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
    O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
    O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.searchalot.com/search.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
    O14 - IERESET.INF: MS_START_PAGE_URL=http://www.searchalot.com
    O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://64.157.10.150/diallerfiles/030083.exe
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
    O16 - DPF: {80F1B906-D066-11D3-AD70-009027B8ADBC} (WebPlayer Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/285e37bc58d6b67a3918/netzip/RdxIE601.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
    O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://directplugin.com/tl4000.dll
    O19 - User stylesheet: c:\windows\my.css
     
  8. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    IEDLL.EXE
    Click Start - Run, type in MSCONFIG, then click OK - Startup(tab).

    Browse through the list of startup items until you find the one that pertains to IEDLL.EXE.

    Uncheck it, click Apply - OK, then reboot.

    This should prevent it from loading during startup and running in the background.
     
  9. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Then turn off from loading at startup:

    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    Try extracting a copy of this file psapi.dll to your windows\system directory.
     
  10. ctpetro

    ctpetro Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    8
    mobo,
    I went to my add/remove programs and could not find any new.net listed in the programs. ??

    AcaCandy,
    That fastball you threw to me was about 9 feet over my head!
    Can you throw me another one in "dummy language"?
     
  11. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Start run, then type sfc and hit ok....choose extract one file, have you 98 cd handy unless you have the .cab files on the hard drive, then type that file name and extract to c:\windows\system.

    The two items to turn off, via start, run, msconfig, startup tab....uncheck them there.
     
  12. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Startup Problems
  1. ryanhe
    Replies:
    3
    Views:
    470
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/171300

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice