MsConfig loads BACKUP folder

[J27]

When i first turn my computer on it takes forever to load. My hour glass sits there for atleast a good five minutes running before it will even let me think about doing anything. I took everything i could out of my startup folder and im still having the same problem. Ive defragged and ran scan disk as well as adaware. My problem with msconfig is that when i run it it popups a backup folder directory. Ive read the threads on msconfig here and i dont think that that is what im supposed to be seeing when using msconfig. So i need some help here cause my pc is running very slowwwwwly and im getting tired of it.


Im using Win Xp professional.

[Miz]

Just to make sure I'm understanding correctly: You go to Start>Run, type in "msconfig" (without the quotes) and click OK but instead of the msconfig window opening, a folder of some sort opens?

If I've got it right, what, exactly, is the folder that opens?

That said, the usual cause of interminable bootup times is, as you have already figured out, too many things loading on startup, some of which will show in the msconfig startup list, some of which won't.

The best way to stop programs from loading on startup is from within each program's Options or Preferences or Settings...if it offers that choice. With more and more users figuring out how to use msconfig, more and more software developers are writing their stuff to override the msconfig settings. Use msconfig only for those programs which do not offer a way to disable their loading on startup.

Since you have XP, also go to Black Viper's site and use the settings in the "Safe" column to turn off XP's unnecessary services. It's a tedious process but well worth it in terms of better system performance and online security....and shorter boot times.

Finally, if you haven't already, download, install, immediately update and then run Spybot and/or Ad-Aware. Read the help files to familiarize yourself with how they work. I recommend you use them both since each tends to find things the other misses. Let them clean up any spyware found.

Don't skip the update step, it's important.

Getting rid of spyware might also solve the msconfig problem, since spyware can do some strange, strange things.

[J27]

When i go to Start, Run and type in msconfig it opens up a directory window that states at the top of the address bar C:\WINDOWS\MSConfig and inside is ONE folder which is named
Backups



And yes ive done adaware......

[Ezduzit]

Very odd indeed.

What happens when you go to C:\Windows and run msconfig from there? Any odd behaviour?

You can also right-click msconfig.exe > Send to > Desktop (create shortcut) if you like.

[J27]

I dont see msconfig.exe in my Windows folder.... and my Backups folder is empty.

[SuperSparks]

The default location for Msconfig is Windows\PCHealth\HelpCtr\Binaries. There is a backup copy located in Windows\System32\dllcache. It sounds as if something has got moved or corrupted, so try copying the copy from dllcache into that Binaries folder.

[rambler]

Sounds like there's a shortcut to the MSCONFIG folder somewhere in the search path, probably in C:\Windows. While I'm not someone who immediately recommends searching for spyware or a virus/trojan, if what I suggest IS the case, it's the sort of trick one of these might pull. Someone who doesn't open folders in detail view, and with file extensions hidden wouldn't spot the difference.

[J27]

Didnt find the backup copy you said was here Windows\System32\dllcache. But there was a copy in Windows\PCHealth\HelpCtr\Binaries. So i ran it and got rid of anything that i no longer had that was loading or that i wasnt using. I also went to Black Vipers site and found it very usefull.


Also i noticed that when i double click on My Computer to look inside that it gives me a error message stating that a error occurred and it was going to close. Then my screen flickers and it looks like windows is getting to shut down....but it doesnt ...everything comes back but on opposite sides of my moniter..........

[SuperSparks]

OK, I think you should run Hijack This and post the logfile here, it's quite possible that you've got some kind of malware:

Hijack This

[J27]

Heres my Hijack this log file:


Logfile of HijackThis v1.97.7
Scan saved at 4:15:35 PM, on 4/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\WINY\winy.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\MSMGT.exe
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\System32\msbb.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
C:\America Online 6.0\waol.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ICQ\Icq.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msipcsv.exe
C:\PROGRAM FILES\POWERARCHIVER\POWERARC.EXE
C:\WINDOWS\TEMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#22776
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-explorer.net/search_page.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.address.com/search/ie.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/yc...om/search?p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\wr3ck1t.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\2.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {0A68C5A2-64AE-4415-88A2-6542304A4745} - C:\PROGRA~1\COMMON~1\MSIETS\msiets.dll
O2 - BHO: (no name) - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\ieiw\ieiw.dll
O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\WS_FTP PRO\WSBHO2K0.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WinTools\btiein.dll
O2 - BHO: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - (no file)
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O2 - BHO: (no name) - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\ieiw\mssearch.dll
O2 - BHO: (no name) - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\System32\amcis2.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\ieiw\msiesh.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: &Search Toolbar - {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - C:\PROGRA~1\COMMON~1\MSIETS\msiets.dll
O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\Program Files\Xupiter\XupiterToolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [MD IE Plugin] C:\Program Files\WINY\winy
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.exe
O4 - HKLM\..\Run: [MemoryMeter] C:\Program Files\MemoryMeter\MemoryMeter.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
O4 - HKLM\..\Run: [XFM] C:\WINDOWS\XFM.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ConquerCam] C:\Program Files\ConquerCam\ConquerCam.exe /tray
O4 - HKCU\..\Run: [Web Messenger AP] C:\Program Files\PAGECHAT\PAGECHAT.EXE /minimize
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnecta\wmtray.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .nwc: C:\Program Files\NoteWorthy Software\NWC Browser Plugin\npnwcw32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: ChatSpace Java Client 3.1.0.209 - http://66.45.42.38:8000/Java/cms31209.cab
O16 - DPF: DigiChat Applet - http://demo2.digi-net.com/DigiChat/D.../Client_IE.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/game...s/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/game.../y/t21t0_x.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct0_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/game...s/y/cct0_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot2_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/game...s/y/dtt1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/game.../y/fltt1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/game...ts/y/nt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/game...s/y/grt3_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potb_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt0_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/game...s/y/sdt0_x.cab
O16 - DPF: Yahoo! Toki Toki Boom - http://download.games.yahoo.com/game...ts/y/vtj_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/game...s/y/tvt0_x.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.netpaloffers.net/NetpalOf...O1/wr3ck1t.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download2.abetterinternet.com...8105/clean.cab
O16 - DPF: {4F96CE92-09EA-49D3-B478-F1892F6DCB6D} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs/...ams/hotbar.cab
O16 - DPF: {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} (&Search Toolbar) - http://www.trafficsyndicate.com/TB/C...oolbar_new.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...707.6472916667
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...mmapi_0727.dll
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/cd/Browser_Plugin.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://foolmoon.com:4080/chat/data/h...ie/msichat.cab
O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/s...d/websetup.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yaho...bio5_1_3_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = addressisp.com
O17 - HKLM\Software\..\Telephony: DomainName = addressisp.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{941E922F-9325-4868-9212-A743E44511A4}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = addressisp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = addressisp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = addressisp.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = addressisp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = addressisp.com

[SuperSparks]

I'm not very expert with Hijack This logs, but you've definitely got some nasties there. Search-explorer and Websearch is malware. You'd better wait until one of the gurus has a look before you delete anything though.

[P3-450]

Sheesh, now that is some log. did you run Adaware and spybot?

and also a virus scan.


close all browsers and place a tick in the below and click on fix.


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#22776
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-explorer.net/search_page.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.address.com/search/ie.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/y...com/search?p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\wr3ck1t.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\2.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {0A68C5A2-64AE-4415-88A2-6542304A4745} - C:\PROGRA~1\COMMON~1\MSIETS\msiets.dll
O2 - BHO: (no name) - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\ieiw\ieiw.dll
O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WinTools\btiein.dll
O2 - BHO: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - (no file)
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O2 - BHO: (no name) - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\ieiw\mssearch.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\ieiw\msiesh.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_11_0.dll
O3 - Toolbar: &Search Toolbar - {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} - C:\PROGRA~1\COMMON~1\MSIETS\msiets.dll
O3 - Toolbar: Xupiter - {57E69D5A-6539-4d7d-9637-775DE8A385B4} - C:\Program Files\Xupiter\XupiterToolbar.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [MD IE Plugin] C:\Program Files\WINY\winy
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
O4 - HKLM\..\Run: [XFM] C:\WINDOWS\XFM.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
O12 - Plugin for .nwc: C:\Program Files\NoteWorthy Software\NWC Browser Plugin\npnwcw32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {4F96CE92-09EA-49D3-B478-F1892F6DCB6D} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs...rams/hotbar.cab
O16 - DPF: {8A05273A-2EA5-42DE-AA75-59EA7D9D50D7} (&Search Toolbar) - http://www.trafficsyndicate.com/TB/...toolbar_new.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://foolmoon.com:4080/chat/data/...sie/msichat.cab

[J27]

What am i supposed to tick on the HackThis program??

[P3-450]

After you run the scan, in the results next to each entry there is a small square box, thats what you tick for every one of what i mentioned.

[J27]

Yeah i found it! Thank you guys so much. Everything works great now. Dont have to sit here and wait for five minutes to be able to do anything.............. Thanks!