# Help!!



## anisa (Mar 24, 2003)

Pls can someone have a look at my startup list and help me with what needs sorting out. my computer is very slow and something is taking up a lot of space. i would like to know if there are any errors that you can find. any help will me much appreciated. i have made a start by pasting my startup list. hope you can help!

StartupList report, 29/03/2003, 23:16:19
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\OSSPROXY.EXE
C:\PROGRAM FILES\CCONNECT\CCONNECT.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
LoadQM = loadqm.exe
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
NSCheck = C:\WINDOWS\SYSTEM\NSCHECK.EXE /boot
OSSProxy = C:\WINDOWS\SYSTEM\OSSPROXY.EXE

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 29/3/2003, 23:15:34)

[rename]
NUL=c:\PROGRA~1\COMMON~1\GMT\AUTOUP~1\GATOR_~1.GUA
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 24/3/2003, 13:45:26)

[rename]
C:\WINDOWS\SYSTEM\okshook.dll=C:\WINDOWS\SYSTEM\okshook.dl_

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job

--------------------------------------------------

Enumerating Download Program Files:

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\MSNCHAT45.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37573.475474537

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[{7A32634B-029C-4836-A023-528983982A49}]
CODEBASE = http://sc.communities.msn.com/controls/chat/msnchat42.cab

[nsBrowserConfig Class 2]
InProcServer32 = C:\WINDOWS\DOWNLO~1\NSCONFIG.DLL
CODEBASE = https://www.marketscore.com/globalconfig/nsconfig.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: CSLOA.DLL (file MISSING)
Protocol #2: CSLOA.DLL (file MISSING)
Protocol #3: CSLOA.DLL (file MISSING)
Protocol #4: CSLOA.DLL (file MISSING)
Protocol #5: CSLOA.DLL (file MISSING)
Protocol #6: CSLOA.DLL (file MISSING)
Protocol #13: CSLOA.DLL (file MISSING)

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 5,992 bytes
Report generated in 3.518 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Byteman (Jan 24, 2002)

Hi, You have some junkware running that seems to have messed with the Winsock (Internet files) You need to download and install SpyBot Search and Destroy to remove the pest (Gator).
This may or may not be the problem you have, but it is something that does drag performance.

Download SS&D to your desktop and install it. Do not run it until you have the program check for updates, get online and download any for the program itself, not "Skins"....and then run SS&D....the items found, that are pre-checked in red are what you need to have it remove. Gator is commonly used to quickly complete web forms, but it is junkware....there are much better free programs that do not have these bad features, one such is RoboForm, I will post a link for that later on. 
SS&D will find many other personal history lists, etc that you do NOT need to remove....there are settings such as File Sets, Usage Tracks that you can uncheck so they are not even detected. Anything detected and selected for removal will be backed up- there might be other junkwares, if any show that you
"must have", that is up to you, but it is best that they go. Some programs, like file sharing, some freewares, etc that come with the bundled junkware might not work correctly, but they are easily replaced by non-spyware apps. OK, get SS&D here:

http://security.kolla.de/index.php?lang=en&page=download
One more thing you may need is to fix the LSP files, so here is a program that will do that, scroll down the page for the text (info)file which you can read first, and the download next to it is ordinary .exe type, in case you do not have a file unzipping program. http://www.cexx.org/lspfix.htm
Here is a site I like- read about spyware, removal, clean apps,
lots of good stuff:

http://www.tom-cat.com/links/links-i.html#Cleanup


----------



## flavallee (May 12, 2002)

Anisa:

I agree about the use of Spybot - Search & Destroy to get rid of spyware. Download and install it and run it. When the list of files and registry entries appear, delete everything that appears in RED.

Click Start - Find/Search - Files And Folders, then bring up and delete everything that appears under:

*.TMP

C:\WINDOWS\TEMP\*.*

Click Start - Run, type in MSCONFIG, then click OK - Startup(tab). Leave ScanRegistry, SystemTray, and your anti-virus program checked. Many of the other items can be unchecked and disabled to reduce your startup load. For assistance in what to uncheck, read here.

By the way, what speed is your processor, how much RAM is installed, what size is the hard drive and how much free space is left?

Frank's Windows 95/98 Tips


----------



## TonyKlein (Aug 26, 2001)

The most obnoxious thing here is the NetSetter/Marketscore proxy foistware:

http://www.doxdesk.com/parasite/MarketScore.html

First try uninstalling it as described in the above article. Reboot when you're done.

Then Install, update, and run SpyBot S&D.


----------



## anisa (Mar 24, 2003)

Hello,

Thankyou to everyone that has replied. unfortunately, im away at the moment but as soon as i get back to my PC, i will do as you have told me and reply back to the questions you have asked me. Hope this is ok.

Thanks for all your help, much appreciated.


----------



## Byteman (Jan 24, 2002)

Hi anisa,
Yes, that will be fine- we are very used to waiting for posters to get time to do the work. No need to rush at all. Get back when you can, just reply to this thread (bookmark it if that helps) You can always find your thread by getting to the main page, use Search feature, type in your user name and it will show you the posts.


----------



## Byteman (Jan 24, 2002)

Hi, Right now, anisa is having trouble getting any updates for SS&D 1.2 here is the new thread: EDIT: There was a URL here to anisa's second thread, but we found out that there are two computers involved, so please disregard my post...there are two separate threads about two computers, both threads are about using SpyBot....


----------



## anisa (Mar 24, 2003)

just in case your wondering whats happening, i have 2 computers, one at home and one at uni. spybot is the problem i have at uni. and the other i cant access till i go home.


----------



## Byteman (Jan 24, 2002)

Hi anisa, Well this is a first for me- usually, we see posters making more than one thread about the same problem, so I apologize. Not often people post on same day about same problem on two different computers....I will correct my post and take away the link to your other thread....
OK, you are working on the computer at school. This thread will have to wait I guess, till you are back to this machine.


----------



## anisa (Mar 24, 2003)

Hi Byteman,

its not your fault, i should have made it clear.

The thing is, i was having a problem with my computer at uni, and i came on to this website and got a lot of help. it really sorted out my computer.

so, when i went home, i thought i'd do the same with the computer at home. sorry for the misunderstanding!

Will get back to you this weekend.

thanks for your help so far.


----------



## Byteman (Jan 24, 2002)

Hi, Found this about the CSLOA.DLL files you see in your Startup Log....they were part of the MarketScore thing that Tony K has written about... if this is still installed, it needs to go, follow his directions about that.

This is from here: http://support.microsoft.com/?kbid=306404

"CSLOA.dll is a file that is installed with the Marketscore (formerly NetSetter) Internet Accelerator program. The CSLOA.dll file is loaded by NSCHECK.exe. NSCHECK.exe loads from the startup group. To remove NSCHECK.EXE, run nscheck.exe /uninstall from the folder where the Nscheck.exe file is stored (by default, C:\Windows\System). For additional information about this program, visit the following PestPatrol Web site:
http://www.pestpatrol.com/PestInfo/N/NetSetter_Adware.asp"

The other things that SpyBot finds, that are pre-checked and shown in RED are all things that should go. You run SS&D, and click "Fix Selected Problems". The NSCHECK.exe file might also be detected by this newer version of SS&D, I am not sure...perhaps Tony K will advise us about it.


----------



## anisa (Mar 24, 2003)

Hi

I have ran SS&D and deleted spyware.

i have also deleted temp files.

i am having difficulties fixing LSP files, unistalling netsetter, marketscore.

any ideas??


----------



## TonyKlein (Aug 26, 2001)

Marketscore can be very hard to remove.

Are you running SpyBot 1.2 running the latest database updates?

If not install that latest version and update it.

And please go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'. 
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.


----------



## anisa (Mar 24, 2003)

Hi TK,

Ive done the Hi Jack thing, here it is:

Logfile of HijackThis v1.92.1
Scan saved at 21:50:22, on 07/04/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://uk.rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://uk.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
F1 - win.ini: run=hpfsched
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Search the Internet (HKLM)
O9 - Extra button: Start EasyFreeWebCam (HKLM)
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam (HKLM)
O9 - Extra button: Erotic (HKLM)
O9 - Extra button: AOL Instant Messenger (TM) (HKLM)
O10 - Broken Internet access because of LSP provider 'CSLOA.DLL' missing
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37573.475474537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab


----------



## TonyKlein (Aug 26, 2001)

Your log looks pretty clean.

You may want to check and have Hijack This fix the following items:

O9 - Extra button: Erotic (HKLM)

O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab

What I'd do is download and run this Winsock2 fix: http://digital-solutions.co.uk/lavasoft/whndnfix.zip

It does a fine job fixing a corrupted LSP stack on Win 98 and ME systems.

Also open your Network properties, and search for any suspicious entries in the appropriate tabs, under each protocol and it's properties, especially Gateway and DNS configurations!...
Go to Start ,Settings, double click Network. Highlight TCP/IP > dialup adapter. Click the properties box; you should get a dialogue box suggesting how to set the properties. Click ok. 
You will then have a Properties box. 
Click DNS configuration. Near the bottom is a box with all the domain suffixes. Delete the one(s) you don't use for your own networking.

Alternatively, Disable DNS.
And clear any entries under domain name as xxx.net/com, etc. A dialogue to restart the computor will then come up.......... (if you running a server or netrwork, check 'dhcp' entries as well)

Cheers,


----------



## anisa (Mar 24, 2003)

Hi TK,

Thanks for all your help.

I have deleted the files re Hi Jack this

i ran winsock but there were no problems and in the network icon, the disable DNS was already checked.

Just out of curiosity, for some weird odd reason, i do not have microsoft office on my computer, any idea why this is?? my brother installed windows ME and since then we havent had microsoft office. we had win95 before and the old version of microsoft office. is there anywhere i can download from the internet or anything?

Also, is there anything else i need to have a look at on my computer to make it run faster? and delete any other junk my computer has?

Thanks

Anisa


----------



## Byteman (Jan 24, 2002)

Hi, The MS Office program is a pay-for one, that may have come included with the computer, but if a newer operating system other than the original Windows was installed after formatting the hard drive, you would not get it replaced, as it is not part of a standard Windows install. There are free Office-like programs you can download, but they are pretty big space-wise for the hard drive....Star Office is one I know of, it takes quite a while to download unless you have high speed Internet and it is working well.
You may have the type of computer software that included Windows of some version, this is called a Restore type CD or CD kit, that can only replace Win95 and other apps contained on those CDs in your case. If ME was installed, it must have been after a disk format, in that case all data is gone. There are many fine free programs as I said, perhaps some of us will point you to some with links, or you can use any search engine to search for freeware. One of the better free places to download both shareware and freeware is:

www.zdnet.com


----------

