# windows me



## BLAZIN GUNZ (Dec 1, 2002)

HERE'S MY PROBLEMS, I HOPE SOMEONE CAN GIVE ME SOME INSIGHT. I RAN PC DOCTOR, AND THIS IS WHAT IT SAID.
THESE FILES WERE NOT FOUND, MEDIUM SEVERITY.
C://CPQS//TOOLS//CPQSLOG.EXE
C:/WINDOWS/TEMP/IXP000.TMP/
C:/WINDOWS/SBNET/REMOVEAD.BAT
C:/PROGRA~1/ACCESS~1/PCXIMP32.FLT

THESE ARE THE PROBLEMS, HOPE YOU CAN GIVE ME SOME SUGGESTIONS IN FIXING. ANOTHER MESSAGE PC DOCTOR SAID WAS THAT A COUPLE OF THESE PROBLEMS MAY SHUT DOWN WHEN TRYING TO USE THEM.


----------



## Bvr01Fvr (Aug 10, 2002)

Your computer is a COMPAQ right?

Try running the "system file checker" tool. (If I remember correctly it can be found in one of the"System Information's" pull down menus.) If you can't find "System Information" or "System File Checker", use "Help" to locate it.

If the utility prompts you to extract a file from the Windows 98 CD and you don't have one, tell it to look in *C:\WINDOWS\OPTIONS\CABS* for the file .


----------



## BLAZIN GUNZ (Dec 1, 2002)

I TRIED TO FIND SYSTEM FILE CHECKER, CANT FIND IT ANYWHERE ON THIS COMPUTER, I'M STILL HAVING PROBLEMS WITH THE COMPUTER SHUTING DOWN ON ME. I UNINSTALLED SOMETHING THE OTHER DAY, AND THIS STARTED HAPPENING. COULD SOMETHING ELSE HAVE BEEN CONNECTED TO THE UNINSTALL THAT SHOULDNT HAVE GONE WITH IT? YES, I HAVE A COMPAQ. I ALSO HAVE "FIX IT" AND ITS HELPED ALOT, HAS GOTTEN RID OF 34 PROBLEMS OUT OF 38, STILL NEED TO FIX OTHER 4.


----------



## telecom69 (Oct 12, 2001)

Hi there,why dont you try doing a system restore?it cant hurt anything,just go and restore to before you uninstalled, if its not too long back,you never know it mighr just help .....


----------



## TonyKlein (Aug 26, 2001)

I don't know PC Doctor, (or is it Norton Windoctor, THAT I know.) but you probably don't even need all those files.

If you're uncertain how to interpret its results, it would be best to ignore them.

More problems result from people "cleaning up" their computers, than from folks who never do...


----------



## NotRiteÂ² (Nov 7, 2002)

If you have not previously installed the patch for the System Restore that comes with ME, that will not be an option for you. The System Restore that comes with ME is flawed and is need of a patch as it will not restore to points created after Sept. 8th, 2001. You can find the patch at the following link.

ME does not have System File Checker. It has the System Restore.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q290700&FR=1

Good Luck


----------



## BLAZIN GUNZ (Dec 1, 2002)

HOW DO U GET THOSE COOL PICTURES NEXT TO YOUR NAMES?


----------



## pvc9 (Jul 7, 2002)

Not sure if your problem is solved. But one advice, because you're new here...plz dont post in CAPS...its better/easier to read if you post in lower case...

About the cool pictures, check the below link. They're called Avatars...

Avatars


----------



## BLAZIN GUNZ (Dec 1, 2002)

still need to know about the 4 problems at the top of the page, what they are, what they do, how to fix,(restore didnt help) and computer still crashes once in awhile, not nearly as much tho


----------



## pvc9 (Jul 7, 2002)

*C:/WINDOWS/TEMP/IXP000.TMP/ * is not at all required...

If the system is freezing frequently, whats loading at startup? Check the below link, download Startup List and post back with the results -

www.lurkhere.com/~nicefiles/


----------



## BLAZIN GUNZ (Dec 1, 2002)

i hope i did this right
i didnt do it right, i have startuplist on a note pad, how do i display it?


----------



## TonyKlein (Aug 26, 2001)

Go to Edit > Select all.

Then to Edit > Copy

Now RIGHTclick anywhere in a empty area of your reply here at TSG, and choose 'Paste' from the context menu.

And there's your List.

It's like magic!


----------



## BLAZIN GUNZ (Dec 1, 2002)

HERE IT IS StartupList report, 12/2/2002, 2:50:57 AM
StartupList version: 1.40
Started from : C:\UNZIPPED\STARTUPLIST14\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v5.50 (5.50.4134.0600)
* Using default options
* Using verbose mode
* Including empty and uninteresting sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SCARDSVR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SBNET\SHOWBEHIND.EXE
C:\PROGRAM FILES\SAVENOW\SAVENOW.EXE
C:\PROGRAM FILES\XUPITER\XUPITERSTARTUP.EXE
C:\PROGRAM FILES\XUPITER\XTCFGLOADER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\ONTRACK\FIX-IT\MXTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST14\STARTUPLIST.EXE

This lists all processes running in memory, which are all active
programs and some non-exe system components.

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Fix-It.lnk = C:\Program Files\Ontrack\Fix-It\mxtask.exe

User shell folders Startup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

This lists all programs or shortcuts in folders marked by Windows as
'Autostart folder', which means any files within these folders are
launched when Windows is started. The Windows standard is that only
shortcuts (*.lnk, *.pif) should be present in these folders.
The location of these folders is set in the Registry.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Hidserv = Hidserv.exe run
CpqBootPerfDb = C:\Cpqs\Scom\CpqBootPerfDb.exe
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
LoadQM = loadqm.exe
ShowBehind = C:\WINDOWS\SBNET\SHOWBEHIND.EXE 
SaveNow = C:\PROGRA~1\SAVENOW\SaveNow.exe
XupiterStartup = C:\Program Files\Xupiter\XupiterStartup.exe
XupiterCfgLoader = C:\Program Files\Xupiter\XTCfgLoader.exe
Fix-It AV = C:\PROGRA~1\ONTRACK\FIX-IT\MEMCHECK.EXE
Pop-Up Stopper = "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.
The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
are run once and then deleted by Windows.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
ScardSvr = C:\WINDOWS\SYSTEM\ScardSvr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.
The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
are run once and then deleted by Windows.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.
The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
are run once and then deleted by Windows.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.
The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
are run once and then deleted by Windows.

--------------------------------------------------

Enumerating RunOnceEx keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\*

*No subkeys found*

This lists a special autorun Registry key, from which both programs
and functions within DLLs can be launched without RUNDLL32.EXE. The
format for running a DLL function is
"DllFile.dll|FunctionName|CommandLineArguments", the format for
running a program is "||Program.exe CommandLineArguments".
This autorun key is used very rarely.

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

This Registry value determines how Windows runs files (in this case
.EXE files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

This Registry value determines how Windows runs files (in this case
.COM files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

This Registry value determines how Windows runs files (in this case
.BAT files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

This Registry value determines how Windows runs files (in this case
.PIF files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S "%3"

This Registry value determines how Windows runs files (in this case
.SCR files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

This Registry value determines how Windows runs files (in this case
.HTA files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[PerUser_CVT_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[FontsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[PerUser_HNW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf

[PerUser_ICW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[PerUser_moviemaker] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Base] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[SamplerPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf

[ShellPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[PerUserOldLinks] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

[PerUser_PCHealth] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[PerUser_Paint_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Enable_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf

[PerUser_Wingames_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_ZoneGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_PBGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf

[MotownRecPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[MotownMPlayPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[MmoptMusicaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptJunglePerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptRobotzPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptUtopiaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[OlsAolPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsAttPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsProdigyPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsEarthlinkPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf

[Shell3PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

[PerUser_Preptool] *
StubPath = rundll.exe Setupx.dll,InstallHinfSection Install 64 C:\WINDOWS\INF\RUNLAST.INF

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

Programs listed here are components of the Windows Setup that were
only ran when Windows started for the first time. To prevent them
from running multiple times, Windows checks for a key with the same
name at the HKCU root. If it's not found, the component at the HKLM
root is ran, and a matching key is created at the HKCU root so the
component is not ran again next time. Most entries involve either
RUNDLL.EXE or RUNDLL32.EXE, so a suspicious key is not hard to find.

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

The chat program ICQ includes an ICQ Agent that can be configured to
launch one or multiple browsers when an Internet connection is
detected. To configure it, open the ICQ Preferences menu and check
under 'Connection' for a button labelled 'Edit Launch List'.

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

These two entries in WIN.INI are leftover from Windows 3.x, which
used them as values denoting programs that should be started up
with Windows. Since Windows 95 and higher uses the Registry to
store locations of autostart folders, these two entries in WIN.INI
are redundant, and are rarely used.

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\3DFLOW~1.SCR
drivers=mmsystem.dll power.drv

The Shell key from SYSTEM.INI tells Windows what file handles
the Windows shell, i.e. creates the taskbar, desktop icons etc. If
programs are added to this line, they are all ran at startup.
The SCRNSAVE.EXE line tells Windows what is the default screensaver
file. This is also a leftover from Windows 3.x and should not be used.
(Since Windows 95 and higher stores this setting in the Registry.)
The 'drivers' line loads non-standard DLLs or programs.

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

Due to a bug in Windows 9x, it mistakenly uses C:\Explorer.exe and
other instances (if present) when searching for Explorer.exe.
Explorer.exe should only exists in the Windows folder.
Windows NT is vulnerable to this as well, but only if the 
'Shell' Registry value from the previous section 
is just 'Explorer.exe' instead of the full path.
Additionally, presence of \WINDOWS\Explorer\Explorer.exe indicates
infection with the [email protected]r virus.

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

WININIT.INI is a settings file for WININIT.EXE, which updates files
at startup that are normally in use when Windows is running. It is
mostly used when installing programs or patches that need the
computer to be restarted to complete the install. After such a reboot,
WININIT.INI is renamed to WININIT.BAK.

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 1/12/2002, 3:54:40)

[Rename]
C:\WINDOWS\USER.BAK=C:\WINDOWS\USER.DAT
C:\WINDOWS\USER.DAT=C:\WINDOWS\USER.DFG

WININIT.INI is a settings file for WININIT.EXE, which updates files
at startup that are normally in use when Windows is running. It is
mostly used when installing programs or patches that need the
computer to be restarted to complete the install. After such a reboot,
WININIT.INI is renamed to WININIT.BAK.

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

Autoexec.bat is the very first file to autostart when the computer
starts, it is a leftover from DOS and older Windows versions.
Windows NT, Windows ME, Windows 2000 and Windows XP don't use this
file. It is generally used by virusscanners to scan files before
Windows starts.

--------------------------------------------------

C:\CONFIG.SYS listing:

*File is empty*

Config.sys loads device drivers for DOS, and is rarely used in
Windows versions newer than Windows 95. Originally it loaded
drivers for legacy sound cards and such.

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

*File not found*

Winstart.bat loads just before the Windows shell, and is used for
starting things like soundcard drivers, mouse drivers. Rarely used.

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off

Dosstart.bat loads if you select 'MS-DOS Prompt' from the Startup
menu when the computer is starting, or if you select 'Restart in
MS-DOS Mode' from the Shutdown menu in Windows. Mostly used for
DOS-only drivers, like sound or mouse drivers.

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

Some file extensions are always hidden, like .lnk (shortcut) and
.pif (shortcut to MS-DOS program). The Life_Stages virus was a .shs
(Shell Scrap) file that had the extension hidden by default. This can
be a security risk when a virus with a double-extension filename is
on the loose, since the extension can be hidden even when 'Don't show
extensions for known filetypes' is turned off.
The shortcut overlay acts as a reminder that the file is just a shortcut.
If the shortcut overlay is removed, the difference between a file and
a shortcut is invisible.

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

Regedit.exe is the Windows Registry Editor. Without it, you cannot
access the Registry or merge Registry scripts into the Registry.
Several viruses/trojans mess with this important system file, e.g.
moving it somewhere else or replacing it with a copy of the trojan.
Above checks will ensure that Regedit.exe is in the correct place
and that it really is Regedit.
If you have ScriptSentry installed, the .reg command
is altered and you fail the check. Don't worry
about this.

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\XUPITER\UPDATES\XTUPDATE.DLL - {2662BDD7-05D6-408F-B241-FF98FACE6054}

MSIE features Browser Helper Objects (BHO) that plug into MSIE and
can do virtually anything on your system. Benevolant examples are
the Google Toolbar and the Acrobat Reader plugin. More often though, 
BHO's are installed by spyware and serve you to a neverending flow
of popups and ads as well as tracking your browser habits, claiming
they 'enhance your browsing experience'.

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Registration reminder 3.job
Symantec NetDetect.job
Check E-mail.job
Synchronize Time.job

The Windows Task Scheduler can run programs at a certain time,
automatically. Though very unlikely, this can be exploited by
making a job that runs a virus or trojan.

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[Yahoo! Audio Conferencing]
CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab

[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

[Java Plug-in 1.3.1_04]
InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab

[Java Plug-in 1.3.1_04]
InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab

[{9DBAFCCF-592F-FFFF-FFFF-00608CEC297C}]
CODEBASE = http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab

[SurroundVideoCtrl Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSSURVID.OCX
CODEBASE = http://encarta.msn.com/encnet/external/MSSurVid.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/download/ipixx.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Yahoo! Pool 2]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/potb_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HMATCHMT.OCX
CODEBASE = http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[LEGO Stormrunner]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://mindstorms.lego.com/stormrunner/stormrunner1-1-0.cab
OSD = C:\WINDOWS\Downloaded Program Files\LEGO Stormrunner.osd

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HRTBEAT.OCX
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37578.2904282407

[{A27CFCAE-9351-4D74-BFFC-21EB19693D8C}]
CODEBASE = http://www.xupiter.com/search2/install/XupiterToolbarLoader.cab

The items in Download Program Files are programs you downloaded and
automatically installed themselves in MSIE. Most of these are Java
classes Media Player codecs and the likes. Some items are only
visible from the Registry and may not show up in the folder.

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
Protocol #1: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #4: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll

The Windows Socket system (Winsock) connects your system to the
Internet. Part of this task is resolving domain names (www.server.com)
to IP addresses (12.23.34.45) which is handler by several system
files, called Layered Service Providers (LSPs), which work as a
chain: if one LSP is gone, the chain is broken and Winsock cannot
resolve domain names - which means no program on your system can
access the Internet.

--------------------------------------------------
End of report, 32,763 bytes
Report generated in 1.037 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## TonyKlein (Aug 26, 2001)

Well, totally unrelated to your original "problem", you do turn out to have a remarkable amount of spyware: Gator, SaveNow, Xupiter, and others.

Do this:

Download Spybot - Search & Destroy

It looks for spyware, but also targets dialers, keyloggers, and other nasties, and it's freeware.
It's an excellent alternative to Ad-Aware, which has been updated less than frequently in recent times.

After installing, go to the Online tab, and search for and install all updates.

Next, go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, hit 'Check All', and have SpyBot remove all it finds.

SSD will sometimes not be able to remove all _active_ components on the first 'fix'. 
You will then get a dialog asking you to run SSD at next start. 
Click yes and reboot. SSD will then come up before the system puts these components 'in use'. 
You will then be able to 'fix' everything.

Good luck,


----------



## BLAZIN GUNZ (Dec 1, 2002)

the spy bot worked great, it freed up alot of space on here, thanks. i've been try to get rid of that xupiter junk for awhile now, it came in with some download i got about a month ago and i've been trying to get rid of it ever since yaaaaaa, i finally did with your help, THANK YOU


----------



## TonyKlein (Aug 26, 2001)

Hey, no prob!


----------



## RckOn06 (Jun 26, 2003)

Hey, I just started using this, I'm having some computer problems that I'd really like to resolve. But first, how do I turn on my "private messaging"?


----------



## Dick Lewis (Jun 18, 2003)

those aren't file problems, those are old files still being pointed to in the registry, thats no problem, just leave them alone. programs that say stuff like that is a problem are a problem, i would trash that junk and quit using it. there will always be dead pointers even if you clean them all out every day, there will be new ones tomorrow.


----------

