i hate my computer

hustler316 · #1 January 12th, 2003, 03:30 AM

My computer is a big POS:flame:. here is my start up list any suggestions will be appreciated.

StartupList report, 1/11/2003, 7:32:27 PM
StartupList version: 1.50
Started from : C:\WINDOWS\TEMP\TD_0001.DIR\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\S3TRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LINKSYS\WPC11 CONFIG UTILITY\WPC11CFG.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DRWATSON.EXE
C:\PROGRAM FILES\REAL\REALDOWNLOAD\REALDOWNLOAD.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder
S3TRAY = S3tray.exe
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
SystemTray = SysTray.Exe
Tpwrtray = TPWRTRAY.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

Driver32 = C:\WINDOWS\SYSTEM\SCam32.exe
THotkey = C:\WINDOWS\SYSTEM\THotkey.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
McAfeeVirusScanService = C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
MSMSGS = "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SUPERB~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 9/1/2003, 23:23:8)

[Rename]
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SET 6373.TMP
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SET 6382.TMP
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SE T6390.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

@C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off
REM
REM
C:\PROGRA~1\MOUSEW~1\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\SYSTEM\NZDD.DLL - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C}
(no name) - C:\WINDOWS\SYSTEM\KER7120.DLL - {C7ADE150-743D-11D4-8141-00E029626F6A}
(no name) - C:\WINDOWS\SYSTEM\FAVORITE.DLL - {139D88E5-C372-469D-B4C5-1FE00852AB9B}
(no name) - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBABE.DLL (file missing) - {00000000-0000-0000-0000-000000000000}
(no name) - C:\PROGRAM FILES\COMMON FILES\MEDIA\OTGLOVE.DLL - {7011471D-3F74-498E-88E1-C0491200312D}
(no name) - C:\PROGRAM FILES\FLT\FLT.DLL - {665ACD90-4541-4836-9FE4-062386BB8F05}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Scan for Viruses.job
Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Registration reminder 3.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[Video Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\VIDEOX.DLL
CODEBASE = http://spystream.babenet.com/cabs/videox.cab

[Tracker Class]
InProcServer32 = C:\WINDOWS\SYSTEM\KER7120.DLL
CODEBASE = http://www.prizepopper.com/kernell32.cab

[{2C38A62E-D257-40E8-8BB7-5624E38FEB0A}]
CODEBASE = http://www.blatantsex.com//dialer/lsdialer_2.cab

[{A45F39DC-3608-4237-8F0E-139F1BC49464}]
CODEBASE = http://www.greatplugin.com/diallerfiles/007268.exe

[{10A1B95D-5E35-4935-8BC3-D43E81E8105E}]
CODEBASE = http://www.britney-spears-hot-pics.com/021795.exe

[{7D1E9C49-BD6A-11D3-87A8-009027A35D73}]
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[{2B323CD9-50E3-11D3-9466-00A0C9700498}]
CODEBASE = http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab

[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
CODEBASE = http://officeupdate.microsoft.com/Te...loads/outc.cab

[{51045741-8C4E-4EAC-8F03-08E43A6FBB29}]
CODEBASE = http://aft.ancestry.com/aftfiles/fil...FamilyTree.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.co...630.8680092593

--------------------------------------------------
End of report, 8,948 bytes
Report generated in 2.871 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

**AnnMarie** · #2 January 12th, 2003, 03:50 AM

Hi hustler316 - welcome to CTH. What problems are you having?

I can see that you have some nasties on your PC. I'm not sure if Spybot will pick them all up but it wouldnt hurt to try. Download Spybot - Search & Destroy from here

After installing, go to the Online tab, and search for and install all updates.

Next, go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.

NOTE: SSD will sometimes not be able to remove all active components in the first 'run'.
In that case you will get a dialog asking you to run SSD at next start.
Click yes and reboot.
Subsequently SSD will come up before the system puts these components 'in use', and it will then be able to 'fix' the rest.

When you have done that, open your browser and go to Tools > Internet Options and click on the General Tab. Click on Settings (next to Temporary Internet Files) and then click on View Objects. Rightclick on each of the below ActiveX controls and get rid of them.

[Video Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\VIDEOX.DLL
CODEBASE = http://spystream.babenet.com/cabs/videox.cab

[Tracker Class]
InProcServer32 = C:\WINDOWS\SYSTEM\KER7120.DLL
CODEBASE = http://www.prizepopper.com/kernell32.cab

[{2C38A62E-D257-40E8-8BB7-5624E38FEB0A}]
CODEBASE = http://www.blatantsex.com//dialer/lsdialer_2.cab

[{A45F39DC-3608-4237-8F0E-139F1BC49464}]
CODEBASE = http://www.greatplugin.com/diallerfiles/007268.exe

[{10A1B95D-5E35-4935-8BC3-D43E81E8105E}]
CODEBASE = http://www.britney-spears-hot-pics.com/021795.exe

If there are any damaged controls there, delete those also.

When you have finished, post a new startup list.

hustler316 · #3 January 12th, 2003, 05:16 AM

i have 390 problems, do i have ssd fix the problems or is there a way for me to get rid or them

**AnnMarie** · #4 January 12th, 2003, 05:23 AM

Check to make sure that you followed my instructions and let Spybot fix what it has found.

hustler316 · #5 January 12th, 2003, 06:13 AM

I have 17 items that i could view in the internet settings should i remove all of them? Are those the activex files you were talking about.

hustler316 · #6 January 12th, 2003, 06:20 AM

I figured it out disregard the last post. When i tried to remove the last 2 things on the list.

[{A45F39DC-3608-4237-8F0E-139F1BC49464}]
CODEBASE = http://www.greatplugin.com/diallerfiles/007268.exe

[{10A1B95D-5E35-4935-8BC3-D43E81E8105E}]
CODEBASE = http://www.britney-spears-hot-pics.com/021795.exe

iI said that there was not enough information to remove the files completly and to check the add/remove for more options but i don't see anything in there that looks like what i want

hustler316 · #7 January 12th, 2003, 06:25 AM

Here is the new start up list.

StartupList report, 1/11/2003, 11:20:19 PM
StartupList version: 1.50
Started from : C:\WINDOWS\TEMP\TD_0001.DIR\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\S3TRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\LINKSYS\WPC11 CONFIG UTILITY\WPC11CFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\REAL\REALDOWNLOAD\REALDOWNLOAD.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder
S3TRAY = S3tray.exe
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
SystemTray = SysTray.Exe
Tpwrtray = TPWRTRAY.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

Driver32 = C:\WINDOWS\SYSTEM\SCam32.exe
THotkey = C:\WINDOWS\SYSTEM\THotkey.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
McAfeeVirusScanService = C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
MSMSGS = "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SUPERB~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 9/1/2003, 23:23:8)

[Rename]
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SET 6373.TMP
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SET 6382.TMP
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SE T6390.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

@C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off
REM
REM
C:\PROGRA~1\MOUSEW~1\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\SYSTEM\NZDD.DLL - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Scan for Viruses.job
Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Registration reminder 3.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[{7D1E9C49-BD6A-11D3-87A8-009027A35D73}]
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[{2B323CD9-50E3-11D3-9466-00A0C9700498}]
CODEBASE = http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab

[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
CODEBASE = http://officeupdate.microsoft.com/Te...loads/outc.cab

[{51045741-8C4E-4EAC-8F03-08E43A6FBB29}]
CODEBASE = http://aft.ancestry.com/aftfiles/fil...FamilyTree.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.co...630.8680092593

--------------------------------------------------
End of report, 7,728 bytes
Report generated in 0.984 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

**AnnMarie** · #8 January 12th, 2003, 07:53 AM

Oh heavens, I dont know how I missed it the first time but you are also infected with the Sircam worm. Go here and download and run the Sircam Removal Tool. Make sure that you read the instructions very carefully. When you have finished, post another startup list.

hustler316 · #9 January 12th, 2003, 08:19 AM

How do i disable system restore?

**AnnMarie** · #10 January 12th, 2003, 08:23 AM

Here ya go How to disable or enable Windows Me System Restore

hustler316 · #11 January 12th, 2003, 09:20 AM

After i did the scan it said i had no infections on my computer. here's my start up list after the scan.

StartupList report, 1/12/2003, 2:08:18 AM
StartupList version: 1.50
Started from : C:\WINDOWS\TEMP\TD_0001.DIR\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\S3TRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\LINKSYS\WPC11 CONFIG UTILITY\WPC11CFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\REAL\REALDOWNLOAD\REALDOWNLOAD.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder
S3TRAY = S3tray.exe
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
SystemTray = SysTray.Exe
Tpwrtray = TPWRTRAY.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

THotkey = C:\WINDOWS\SYSTEM\THotkey.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
McAfeeVirusScanService = C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SUPERB~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 9/1/2003, 23:23:8)

[Rename]
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SET 6373.TMP
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SET 6382.TMP
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SE T6390.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

@C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off
REM
REM
C:\PROGRA~1\MOUSEW~1\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\SYSTEM\NZDD.DLL - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Scan for Viruses.job
Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Registration reminder 3.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[{7D1E9C49-BD6A-11D3-87A8-009027A35D73}]
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[{2B323CD9-50E3-11D3-9466-00A0C9700498}]
CODEBASE = http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab

[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
CODEBASE = http://officeupdate.microsoft.com/Te...loads/outc.cab

[{51045741-8C4E-4EAC-8F03-08E43A6FBB29}]
CODEBASE = http://aft.ancestry.com/aftfiles/fil...FamilyTree.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.co...630.8680092593

--------------------------------------------------
End of report, 7,557 bytes
Report generated in 0.931 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Thank you for your help it is much appreciated, you are an angel

**AnnMarie** · #12 January 12th, 2003, 09:32 AM

Hi hustler316 - all clear and you are very welcome

Dont forget to re-enable System Restore. If I were you, I would also look for a new AV unless you forgot to update McAfee. You can download a free one from here. If you decide to try it, uninstall McAfee first. How's your PC running now?

hustler316 · #13 January 12th, 2003, 09:38 AM

So far my computer is running perfect. You are a computer goddess. Thanks for all the wonderful help, I'll put a little something extra in your paycheck this week.

Justin

**AnnMarie** · #14 January 12th, 2003, 09:40 AM

Quote:

I'll put a little something extra in your paycheck this week.

LOL!!! Thanks Justin, much appreciated