hey thanx for the help. I ran the program twice and then it says that no peper files where detected. I really appreciate your help. But i still get the popups when i start the computer that say that WindowsSystem32 could not be found. Theres like ten popups that pop up. I was wondering, since you really helped me alot by lling me what to do, i wanted to know if u knew how to fix that problem. C:WindowsSystem32 could not be found. Thank you

This is what it says when I turn on my computer

Error Loading C:\WINDOWS\System32\ielcaabe.dll
The specified module can not be found

Error Loading C:\WINDOWS\System32\wmcbaaca.dll
The specified module can not be found

Error Loading C:\WINDOWS\Stsyem32\he3bbcff.dll
The specified module can not be found

Error Loading C:\WINDOWS\System32\icddefff.dll
The specified module can not be found

That’s what it shows and some of them are repeated more than once.

Does anyone know how to fix that. If you do please tell me.
Thanx 4 your help

P. S: And about that peper files thing, I ran it again and I was online and it still told me the same thing. No peper files where found. The only time it found things was the first time I ran it. I fixed that already though. I guess I should’ve mentioned that. Srry

This is my new Hijack this logfile. Is there still problems with it other than that WindowsSystem32 dll thing posted above? If so what else should i do

Logfile of HijackThis v1.98.0
Scan saved at 11:52:51 PM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msCMTSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ipds.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\System32\wping.exe
C:\WINDOWS\System32\LzioMediaUpdater.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ipgb.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\avimsnsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE
C:\WINDOWS\System32\ir32_32.exe
C:\Documents and Settings\Jessy\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {905429DE-19AE-14A9-E359-B2D986ECF629} - C:\WINDOWS\system32\ipgb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [wping.exe] C:\WINDOWS\System32\wping.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [LzioMediaUpdater] C:\WINDOWS\System32\LzioMediaUpdater.exe
O4 - HKLM\..\Run: [AutoLoader20sp1PIjZYPI] "C:\WINDOWS\System32\shefos.exe" /PC="AM.SKHN" /HideUninstall /HideDir
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [he3bbcff] rundll32.exe C:\WINDOWS\System32\he3bbcff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [wmcbaaca] rundll32.exe C:\WINDOWS\System32\wmcbaaca.dll,EnableRunDLL32
O4 - HKLM\..\Run: [icddefff] rundll32.exe C:\WINDOWS\System32\icddefff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [ielcaabe] rundll32.exe C:\WINDOWS\System32\ielcaabe.dll,EnableRunDLL32
O4 - HKLM\..\Run: [273V35V] shefos.exe
O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe C:\WINDOWS\System32\icddefff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [he3e3fc4] rundll32.exe C:\WINDOWS\System32\he3bbcff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [iel2cde8] rundll32.exe C:\WINDOWS\System32\ielcaabe.dll,EnableRunDLL32
O4 - HKLM\..\Run: [wm41a398] rundll32.exe C:\WINDOWS\System32\wmcbaaca.dll,EnableRunDLL32
O4 - HKLM\..\Run: [ipgb.exe] C:\WINDOWS\system32\ipgb.exe
O4 - HKLM\..\RunOnce: [ipds.exe] C:\WINDOWS\ipds.exe
O4 - HKLM\..\RunOnce: [sysdw32.exe] C:\WINDOWS\system32\sysdw32.exe
O4 - HKLM\..\RunOnce: [msuu.exe] C:\WINDOWS\system32\msuu.exe
O4 - HKLM\..\RunOnce: [ipyj.exe] C:\WINDOWS\system32\ipyj.exe
O4 - HKLM\..\RunOnce: [appjb32.exe] C:\WINDOWS\appjb32.exe
O4 - HKLM\..\RunOnce: [mfcia32.exe] C:\WINDOWS\system32\mfcia32.exe
O4 - HKLM\..\RunOnce: [addbu32.exe] C:\WINDOWS\system32\addbu32.exe
O4 - HKLM\..\RunOnce: [appwx32.exe] C:\WINDOWS\appwx32.exe
O4 - HKLM\..\RunOnce: [nettz.exe] C:\WINDOWS\nettz.exe
O4 - HKLM\..\RunOnce: [apidg.exe] C:\WINDOWS\apidg.exe
O4 - HKLM\..\RunOnce: [apion.exe] C:\WINDOWS\system32\apion.exe
O4 - HKLM\..\RunOnce: [ntjy32.exe] C:\WINDOWS\ntjy32.exe
O4 - HKLM\..\RunOnce: [crme32.exe] C:\WINDOWS\system32\crme32.exe
O4 - HKLM\..\RunOnce: [atlyj.exe] C:\WINDOWS\system32\atlyj.exe
O4 - HKLM\..\RunOnce: [ieim32.exe] C:\WINDOWS\ieim32.exe
O4 - HKLM\..\RunOnce: [cryn.exe] C:\WINDOWS\system32\cryn.exe
O4 - HKLM\..\RunOnce: [crfs32.exe] C:\WINDOWS\system32\crfs32.exe
O4 - HKLM\..\RunOnce: [d3yo32.exe] C:\WINDOWS\system32\d3yo32.exe
O4 - HKLM\..\RunOnce: [javajl32.exe] C:\WINDOWS\system32\javajl32.exe
O4 - HKLM\..\RunOnce: [ipnr32.exe] C:\WINDOWS\ipnr32.exe
O4 - HKLM\..\RunOnce: [addba.exe] C:\WINDOWS\addba.exe
O4 - HKLM\..\RunOnce: [crif.exe] C:\WINDOWS\crif.exe
O4 - HKLM\..\RunOnce: [appod32.exe] C:\WINDOWS\system32\appod32.exe
O4 - HKLM\..\RunOnce: [ntov.exe] C:\WINDOWS\ntov.exe
O4 - HKLM\..\RunOnce: [sdkxo.exe] C:\WINDOWS\system32\sdkxo.exe
O4 - HKLM\..\RunOnce: [apihg32.exe] C:\WINDOWS\system32\apihg32.exe
O4 - HKLM\..\RunOnce: [d3wl.exe] C:\WINDOWS\system32\d3wl.exe
O4 - HKLM\..\RunOnce: [winxj.exe] C:\WINDOWS\winxj.exe
O4 - HKLM\..\RunOnce: [addew.exe] C:\WINDOWS\system32\addew.exe
O4 - HKLM\..\RunOnce: [atlpu.exe] C:\WINDOWS\atlpu.exe
O4 - HKLM\..\RunOnce: [ieqa32.exe] C:\WINDOWS\system32\ieqa32.exe
O4 - HKLM\..\RunOnce: [ieko.exe] C:\WINDOWS\system32\ieko.exe
O4 - HKLM\..\RunOnce: [atlcv32.exe] C:\WINDOWS\atlcv32.exe
O4 - HKLM\..\RunOnce: [javarq32.exe] C:\WINDOWS\javarq32.exe
O4 - HKLM\..\RunOnce: [apppj.exe] C:\WINDOWS\apppj.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ir32_32] C:\WINDOWS\System32\ir32_32.exe
O4 - HKCU\..\Run: [wping.exe] C:\WINDOWS\System32\wping.exe
O4 - HKCU\..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe
O4 - HKCU\..\Run: [Jws9RRZpe] avimsnsv.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/TrfV3nd02.cab
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vsigns/0003C00/setup.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} - http://ads.dealhelper.com/updates/DealHelperNew.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D0490B4-AABF-4554-BFA8-611D183BD737}: NameServer = 206.13.29.12 206.13.30.12
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

I did what you told me to and this is the log i got. The only thing i couldnt do was after i started the computer in Safe mode, and running hijack this, was delete the second set of files (the bold ones). It didnt dind them.

Logfile of HijackThis v1.98.0
Scan saved at 6:22:50 PM, on 7/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msCMTSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\crqb.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\System32\LzioMediaUpdater.exe
C:\WINDOWS\system32\ipgb.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\wping.exe
C:\WINDOWS\System32\ir32_32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\Program Files\Microsoft Works\MSWorks.exe
c:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE
C:\Documents and Settings\Jessy\Desktop\hthis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [wping.exe] C:\WINDOWS\System32\wping.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [LzioMediaUpdater] C:\WINDOWS\System32\LzioMediaUpdater.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [he3bbcff] rundll32.exe C:\WINDOWS\System32\he3bbcff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [wmcbaaca] rundll32.exe C:\WINDOWS\System32\wmcbaaca.dll,EnableRunDLL32
O4 - HKLM\..\Run: [icddefff] rundll32.exe C:\WINDOWS\System32\icddefff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [ielcaabe] rundll32.exe C:\WINDOWS\System32\ielcaabe.dll,EnableRunDLL32
O4 - HKLM\..\Run: [273V35V] shefos.exe
O4 - HKLM\..\Run: [icdd7ee6] rundll32.exe C:\WINDOWS\System32\icddefff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [he3e3fc4] rundll32.exe C:\WINDOWS\System32\he3bbcff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [iel2cde8] rundll32.exe C:\WINDOWS\System32\ielcaabe.dll,EnableRunDLL32
O4 - HKLM\..\Run: [wm41a398] rundll32.exe C:\WINDOWS\System32\wmcbaaca.dll,EnableRunDLL32
O4 - HKLM\..\Run: [ipgb.exe] C:\WINDOWS\system32\ipgb.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [systk.exe] C:\WINDOWS\systk.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [wping.exe] C:\WINDOWS\System32\wping.exe
O4 - HKCU\..\Run: [Quicknote] C:\Program Files\Quicknote\quicknote.exe
O4 - HKCU\..\Run: [ir32_32] C:\WINDOWS\System32\ir32_32.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D0490B4-AABF-4554-BFA8-611D183BD737}: NameServer = 206.13.29.12 206.13.30.12
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

and i also have a slow restart

like on the desktop, it takes foerever to start