# zztop



## Evilmistage (Jan 18, 2003)

I have a Dell Dimension L500r computer that somehow got hosed by my sons friend. I am having a tremendous amount of trouble with programs shutting down, error messages, etc. I can't even run zztop to restore the computer back to original factory settings without getting an error message saying that it can't continue because of an internal error. I am currently running Windows 98. Any ideas? Please help. It's still a very good computer. The following is the startup list report:

StartupList report, 1/18/03, 7:01:26 PM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.50 (5.50.4134.0600)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\WJVIEW.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\ACS495\MIXGHOST.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\EBATESMOEMONEYMAKER\EBATESMOEMONEYMAKER.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
PowerReg Scheduler.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
TCASUTIEXE = TCAUDIAG.EXE -off
EM_EXEC = c:\mouse\system\em_exec.exe
LoadQM = loadqm.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
CashToolbar = C:\Program Files\CashToolbar\mistagee\version1.52a-cash\CashToolbar.exe
EbatesMoeMoneyMaker = wjview /cp "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
ccApp = c:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccRegVfy = c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
QD FastAndSafe = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /startup
AudioHQ = C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
Mixghost = C:\ACS495\MixGhost.exe
WhenUSave = C:\PROGRA~1\SAVE\Save.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ccEvtMgr = c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
CSINJECT.EXE = c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
SymTray - Norton SystemWorks = c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
MSMSGS = C:\Program Files\Messenger\msmsgs.exe /background
msbb = C:\PROGRAM FILES\MSBB.EXE
eZmmod = C:\PROGRA~1\ezula\mmod.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 26/12/2002, 10:19:22)

[rename]
NUL=C:\PROGRA~1\CREATIVE\SURROU~1\CTSYSVOL.SKN
NUL=C:\PROGRA~1\CREATIVE\SURROU~1\CTSYSVOL.EXE
c:\windows\SYSTEM\msjstick.drv=c:\windows\SYSTEM\msjstick.001
[Leprechauns]
Reboot=yes

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\MCAFEE~1;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
IF ERRORLEVEL 1 PAUSE

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\CASHTO~1\MISTAGEE\VERSIO~1.52A\CASHTO~1.DLL - {5F5564AC-DE7A-4DCD-9296-32E71A35DCB6}
(no name) - C:\WINDOWS\SYSTEM\BHO2.DLL - {53E10C2C-43B2-4657-BA29-AAE179E7D35C}
NAV Helper - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
WINALIGN.JOB
Symantec NetDetect.job
Norton SystemWorks One Button Checkup.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[WildTangent Control]
InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WEBDRIVER.DLL
CODEBASE = http://www.wildtangent.com/install/wdriver/driveway/microsoft/wtinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[&Yahoo! Companion]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10a.cab

[{2C38A62E-D257-40E8-8BB7-5624E38FEB0A}]
CODEBASE = http://66.230.220.3/dialerhost/download/yCltJYeu/sexsoftware.cab

[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

[BHO.clsUrlSearch]
InProcServer32 = C:\WINDOWS\SYSTEM\BHO2.DLL
CODEBASE = http://207.44.176.11/auth/IE_InstllC.exe

--------------------------------------------------
End of report, 7,879 bytes
Report generated in 0.824 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Davey7549 (Feb 28, 2001)

Evilmistage
Welcome to TSG!
There seems to be a couple of nasties and one unknown in your startup group that I can see. I am not the best in Spyware or viruses so I am moving this to security but in the meantime until one of the security experts chime in I suggest you download Spybot and setup to run. 
http://www.lurkhere.com/~nicefiles/
After Spybot is downloaded Unzip and setup. after you arrive at the main screen for Spybot click the Online tab and have it check for updates. After updates highlight all found and click install. After install click settings, then file sets, then remove check from system internal and Tracks if present. After that click Spybot S&D tab and run Spybot. all items in red are eligible for removal. Select remove items.

After the above is done see if that helps you problem.

Dave


----------



## $teve (Oct 9, 2001)

hmmm........your sons friend has some "varied" surfing habits 

cant see any sign of infection other than the spyware and adware.....but thats all you need to start messing things about on these computers.daves advice on spybot should make things smoother.
after you run spybot(click the update button first)reboot and then post another startup log,you nay have to manually delete some stuff but dont worry,its quite simple.....then lets see if we can help stop it from re-occuring
good luck


----------



## Evilmistage (Jan 18, 2003)

I followed your instructions on running Spybot. Here i the most recent Startup List Report. Thank you in advance for all of your help.

StartupList report, 1/19/03, 6:36:26 AM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.50 (5.50.4134.0600)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\WJVIEW.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\ACS495\MIXGHOST.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\EBATESMOEMONEYMAKER\EBATESMOEMONEYMAKER.EXE
C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
PowerReg Scheduler.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
TCASUTIEXE = TCAUDIAG.EXE -off
EM_EXEC = c:\mouse\system\em_exec.exe
LoadQM = loadqm.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
EbatesMoeMoneyMaker = wjview /cp "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
ccApp = c:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccRegVfy = c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
QD FastAndSafe = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /startup
AudioHQ = C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
Mixghost = C:\ACS495\MixGhost.exe
WhenUSave = C:\PROGRA~1\SAVE\Save.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ccEvtMgr = c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
CSINJECT.EXE = c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
SymTray - Norton SystemWorks = c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
MSMSGS = C:\Program Files\Messenger\msmsgs.exe /background

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 19/1/2003, 6:28:50)

[Rename]
C:\WINDOWS\PROFILES\MISTAGEE\user.bak=C:\WINDOWS\PROFILES\MISTAGEE\user.dat
C:\WINDOWS\PROFILES\MISTAGEE\user.dat=C:\WINDOWS\PROFILES\MISTAGEE\user.pak
C:\WINDOWS\PROFILES\KITTYK~1\user.bak=C:\WINDOWS\PROFILES\KITTYK~1\user.dat
C:\WINDOWS\PROFILES\KITTYK~1\user.dat=C:\WINDOWS\PROFILES\KITTYK~1\user.pak
C:\WINDOWS\system.bak=C:\WINDOWS\system.dat
C:\WINDOWS\user.bak=C:\WINDOWS\user.dat
C:\WINDOWS\system.dat=C:\WINDOWS\system.pak
C:\WINDOWS\user.dat=C:\WINDOWS\user.pak

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\MCAFEE~1;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
IF ERRORLEVEL 1 PAUSE

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {53E10C2C-43B2-4657-BA29-AAE179E7D35C}
NAV Helper - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
WINALIGN.JOB
Symantec NetDetect.job
Norton SystemWorks One Button Checkup.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[{FA13A9FA-CA9B-11D2-9780-00104B242EA3}]
CODEBASE = http://www.wildtangent.com/install/wdriver/driveway/microsoft/wtinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[&Yahoo! Companion]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10a.cab

[{2C38A62E-D257-40E8-8BB7-5624E38FEB0A}]
CODEBASE = http://66.230.220.3/dialerhost/download/yCltJYeu/sexsoftware.cab

[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

[{53E10C2C-43B2-4657-BA29-AAE179E7D35C}]
CODEBASE = http://207.44.176.11/auth/IE_InstllC.exe

--------------------------------------------------
End of report, 7,472 bytes
Report generated in 0.323 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Davey7549 (Feb 28, 2001)

Evilmistage
At first glance there are two remaining that concern Me.

1) C:\PROGRAM FILES\EBATESMOEMONEYMAKER\EBATESMOEMONEYMAKER.EXE

Do you have any Idea of what this is? I do not get any hits on it! If you also do not have any idea what it is I would suggest going to start\run type in msconfig then enter. Click the startup tab and scroll to locate this line. Uncheck the line, Click Apply then OK and restart system.

2) [{2C38A62E-D257-40E8-8BB7-5624E38FEB0A}] 
CODEBASE = http://66.230.220.3/dialerhost/down...sexsoftware.cab 
is located in your list under Enumerated downloaded program files.

See if you can locate this at IE\Tools\Internet Options\Temp Interent files\settings tab\view objects tab if there highlight and delete.

Dave


----------



## Evilmistage (Jan 18, 2003)

Found both of the referenced files:

1) C:\PROGRAM FILES\EBATESMOEMONEYMAKER\EBATESMOEMONEYMAKER.EXE

2) [{2C38A62E-D257-40E8-8BB7-5624E38FEB0A}] 
CODEBASE = http://66.230.220.3/dialerhost/down...sexsoftware.cab 
is located in your list under Enumerated downloaded program files.

I have deleted them and rebooted the system. Just as side note, while I was in the "msconfig" location, it showed that the "&Yahoo Companion" file was damaged. Is this something that I need to concern myself with? Is it repairable/replaceable? Does it matter? Also, when I ran Norton WinDoctor, it repaired all repairable files except for the following:

"awdetect.dll might be located on a removeable drive, a non-visible volume such as NFTS drive, or on a network. If "C:\PROGRAM FILES\CREATIVE\8xxx\UNINSTALL.EXE" cannot find the file, you might need to reinstall "C:\PROGRAM FILES\CREATIVE\8xxx\UNINSTALL.EXE"

I'm not certain I know how to handle this. Again, thank you in advance.

The following is the latest Startup List Report:

StartupList report, 1/19/03, 9:32:54 AM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.50 (5.50.4134.0600)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\ACS495\MIXGHOST.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
PowerReg Scheduler.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
TCASUTIEXE = TCAUDIAG.EXE -off
EM_EXEC = c:\mouse\system\em_exec.exe
LoadQM = loadqm.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
ccApp = c:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccRegVfy = c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
QD FastAndSafe = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /startup
AudioHQ = C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
Mixghost = C:\ACS495\MixGhost.exe
WhenUSave = C:\PROGRA~1\SAVE\Save.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ccEvtMgr = c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
CSINJECT.EXE = c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
SymTray - Norton SystemWorks = c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
MSMSGS = C:\Program Files\Messenger\msmsgs.exe /background

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 19/1/2003, 6:28:50)

[Rename]
C:\WINDOWS\PROFILES\MISTAGEE\user.bak=C:\WINDOWS\PROFILES\MISTAGEE\user.dat
C:\WINDOWS\PROFILES\MISTAGEE\user.dat=C:\WINDOWS\PROFILES\MISTAGEE\user.pak
C:\WINDOWS\PROFILES\KITTYK~1\user.bak=C:\WINDOWS\PROFILES\KITTYK~1\user.dat
C:\WINDOWS\PROFILES\KITTYK~1\user.dat=C:\WINDOWS\PROFILES\KITTYK~1\user.pak
C:\WINDOWS\system.bak=C:\WINDOWS\system.dat
C:\WINDOWS\user.bak=C:\WINDOWS\user.dat
C:\WINDOWS\system.dat=C:\WINDOWS\system.pak
C:\WINDOWS\user.dat=C:\WINDOWS\user.pak

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\MCAFEE~1;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
IF ERRORLEVEL 1 PAUSE

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {53E10C2C-43B2-4657-BA29-AAE179E7D35C}
NAV Helper - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
WINALIGN.JOB
Symantec NetDetect.job
Norton SystemWorks One Button Checkup.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[{FA13A9FA-CA9B-11D2-9780-00104B242EA3}]
CODEBASE = http://www.wildtangent.com/install/wdriver/driveway/microsoft/wtinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[&Yahoo! Companion]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10a.cab

[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

[{53E10C2C-43B2-4657-BA29-AAE179E7D35C}]
CODEBASE = http://207.44.176.11/auth/IE_InstllC.exe

--------------------------------------------------
End of report, 7,100 bytes
Report generated in 0.328 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Davey7549 (Feb 28, 2001)

Evilmistage
The awdetect.dll is not coming up on any searches so I am unsure what program it would be associated with. I see you listed the creative folder and another folder 8xxx which I have no clue what 8xxx would be. At this point I would not be overly concerned about that. 
The Yahoo companion if you use it will have to have the object deleted and companion redownloaded.

There are other items that you can safely disable within your Msconfig startups and they will start on demand when required. It is best you take it from here and review your items starting in msconfig and that way you will become familiar with what you have and what it does. There are two reference sites I will list below where you can go to and find out what each and every item in your startup folder does and whether it can be safely turned off.

Your system already should be running better and after more limiting of your startups it will run faster. Here are the two sites I mentioned and after you are done let us know how well your system is running.

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
also
http://www.pacs-portal.co.uk/startup_content.htm

Another item you also may wish to do is a bit of housecleaning. Here is some tips.

Step 1- Close all open applications.
Step 2- Go to start\find and type in *.tmp (no space between asterisk and period) and hit enter. Anything it find shows in right pane are left overs and should be deleted. 
NOTE: The key here is close all apps then do Search\find! Otherwise you may have a file you were working on deleted.
Go to edit, select all, select delete and click OK to delete.
Step 3- Now navigate using windows explorer, to the C:\Windows\Temp folder and click on it. Everything in the folder, and within the folders under the Temp folder is fair game for deletion. Delete any items found that have a date older than the date you are doing this. Leave any temps that carry the date you are doing action.
Step 4- Open Internet Explorer and go to tools\internet options and click on tab to delete temp files, click all offline content and click OK. Now while still there go to temp settings and mark box to check every visit to web-page. 
Step 5- Click OK, Click OK. Close IE.
Step 6- Run a through scandisk and then Defrag.

Dave


----------



## $teve (Oct 9, 2001)

davey....8xxx is a porn advertising site ........there is also "whenUsave"in there........im trying to locate a file i have with deletion instructions.......

ok evilmistagelets get rid of this "whenU" thing,there is more than one variant "whenUsave" or "whenUdownload" but the instructions are much the same.

open the registry (start->run->regedit) and find the key: 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 
delete the 'SaveNow' or 'WhenUSave' value. reboot and you should be able to delete the 'SaveNow' or 'Save' folder inside 'Program Files'. 

to remove the ActiveX objects installed by the download and Db variants, open the 'downloaded program files' folder inside the Windows folder, and deleting the SaveNow object - the name of this is 'WhenUDownload' in the Download variant, and 'FC327B3F-377B-4CB7-8B61-27CD69816BC3' in the Db variant. 

SaveNow often also installs 'WeatherCast', a system tray icon that displays the current weather conditions. Unless you find this useful for some reason, you should probably also remove this from Add/Remove Programs. 

if you have any problems with regedit,just let us know


----------



## Evilmistage (Jan 18, 2003)

Completed all of the recommended suggestions. You are absolutely correct in you statement that my system should be running better! All of that wonderful "scribbling noise" to the hard drive has stopped. I once again tried to run "zztop" to restore back to factory settings but just like the first couple of attempts, I am getting an error message saying that "INTEGRITY CHECK FAILED". Because of this, it will not let me continue restoration. As always, thank you in advance.

The following is the most recent Startuplist Report:

StartupList report, 1/20/03, 9:09:33 AM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.50 (5.50.4134.0600)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\ACS495\MIXGHOST.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\UNZIPPED\STARTUPLIST151\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
PowerReg Scheduler.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
TCASUTIEXE = TCAUDIAG.EXE -off
EM_EXEC = c:\mouse\system\em_exec.exe
LoadQM = loadqm.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
ccApp = c:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccRegVfy = c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
QD FastAndSafe = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /startup
AudioHQ = C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
Mixghost = C:\ACS495\MixGhost.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ccEvtMgr = c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
CSINJECT.EXE = c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
NPROTECT = c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
SymTray - Norton SystemWorks = c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
MSMSGS = C:\Program Files\Messenger\msmsgs.exe /background

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 20/1/2003, 7:30:26)

[Rename]
C:\WINDOWS\PROFILES\MISTAGEE\user.bak=C:\WINDOWS\PROFILES\MISTAGEE\user.dat
C:\WINDOWS\PROFILES\MISTAGEE\user.dat=C:\WINDOWS\PROFILES\MISTAGEE\user.pak
C:\WINDOWS\PROFILES\KITTYK~1\user.bak=C:\WINDOWS\PROFILES\KITTYK~1\user.dat
C:\WINDOWS\PROFILES\KITTYK~1\user.dat=C:\WINDOWS\PROFILES\KITTYK~1\user.pak
C:\WINDOWS\system.bak=C:\WINDOWS\system.dat
C:\WINDOWS\user.bak=C:\WINDOWS\user.dat
C:\WINDOWS\system.dat=C:\WINDOWS\system.pak
C:\WINDOWS\user.dat=C:\WINDOWS\user.pak

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\MCAFEE~1;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
IF ERRORLEVEL 1 PAUSE

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {53E10C2C-43B2-4657-BA29-AAE179E7D35C}
NAV Helper - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
WINALIGN.JOB
Symantec NetDetect.job
Norton SystemWorks One Button Checkup.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[{FA13A9FA-CA9B-11D2-9780-00104B242EA3}]
CODEBASE = http://www.wildtangent.com/install/wdriver/driveway/microsoft/wtinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[&Yahoo! Companion]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10a.cab

[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

[{53E10C2C-43B2-4657-BA29-AAE179E7D35C}]
CODEBASE = http://207.44.176.11/auth/IE_InstllC.exe

--------------------------------------------------
End of report, 7,029 bytes
Report generated in 0.362 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## $teve (Oct 9, 2001)

well now you have a squeeky clean system 
these little programs will help in the future.
spywareguard: 
http://www.spywareinfo.com/downloads/swguard/

"spywareblaster" www.wilderssecurity.com/spywareblaster.html

both very small.......very updatable and very free 
keep in touch on here if you need any more help.
take care


----------



## Davey7549 (Feb 28, 2001)

Evilmistage
Also here is a bit of information about the Image Integrity error you are receiving. It appears an Image of your system is taken at first start and preserved for zztop to use. If this image becomes corrupt use of it is stopped. 
Here is the Tech Support clip I found.


> Dell ZZTOP Restore Procedure as given by Dell in Webtalk
> There is an application called ZigZag that will restore your system to like factory new condition. There is a method (known as ZIGZAG) to restore your system's software to its original, factory-downloaded condition. (NOTE--Any data not backed up before running the ZIGZAG program will be lost from the C: partition)
> 
> The first step is to boot to the Dell Diagnostics diskette and choose 'Exit to MS-DOS' from the menu. At the A:\ prompt, type ZZTOP and press .
> ...


Hope that sheds a bit more light on it for you.

Dave


----------

