# Trend Micro House Call



## doescher4 (Oct 4, 2001)

Hello,

I just ran the trend free virus scan because my computer has been running very slow for being on a cable connection plus a lot of stuff will not run anymore on it...such as my video players, search engines and yahoo messenger. I checked every drive on my computer and it only scanned a little over 2000 files...that just doesnt sound right because it only took like 5 minutes to run the scan and my AVG anti virus program runs for almost an hour before it is done scanning all my files. Does it sound like there is something messed up to anyone else?

thanks,
Lori


----------



## Bryan (Jul 3, 1999)

Please let us know what version of Windows your running. As a guess, I moved this to the "W95/98/ME" forum from the "All Other Software" forum because it seems like an overall Windows problems versus an individual third party software problem.

Have you updated the virus patterns for your AVG anti-virus software regularly?

Have you run Ad-Aware to be sure your clean of Spyware?

And go here and download StartupList. Double left click on it to unzip it and then double left click again on the .exe to run StartList. Then copy/paste it's results to a reply here.


----------



## doescher4 (Oct 4, 2001)

Bryan-- my os is windows 98 and yes the anti virus is updated on a regular basis. I have ran ad-aware a few times but will try it again. Here is my start up list.

Thanks
Lori

StartupList report, 10/6/02, 7:48:23 PM
StartupList version: 1.34.0
Started from : C:\UNZIPPED\STARTUPLIST134[1]\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\WINDOWS\SYSTEM\FSG_3202.EXE
C:\WINDOWS\TEMP\EACDOWNLOAD\ANTIVIRUS_INSTALL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HP PHOTOSMART\P1000\EREG\REMIND32.EXE
C:\PROGRAM FILES\2 FIND MP3\PARTNER\EZSTTTUB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPHIPM07.EXE
C:\WINDOWS\SYSTEM\HPHID407.EXE
C:\WINDOWS\PROFILES\LORI\START MENU\PROGRAMS\SEVERAL MSN SESSIONS\MSMSGS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\STARTUPLIST134[1]\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Profiles\lori\Start Menu\Programs\Startup]
Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\P1000\ereg\Remind32.exe
iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe

User shell folders Startup:
[C:\WINDOWS\Profiles\lori\Start Menu\Programs\Startup]
Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\P1000\ereg\Remind32.exe
iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
AtiCwd32 = Aticwd32.exe
AtiKey = Atitask.exe
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
AVG_CC = C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
LoadQM = loadqm.exe
ATTRedUpate = C:\PROGRAM FILES\COMMON FILES\MEDIACOM\MIGCFG\PROGRAMS\AutoUpdate.exe
WinampAgent = "C:\Program Files\Winamp3\winampa.exe"
WhenUSave = C:\Program Files\Save\Save.exe
Trickler = "c:\windows\system\fsg_3202.exe"
Eac_Rvndl = C:\WINDOWS\TEMP\EACDOWNLOAD\ANTIVIRUS_INSTALL.EXE -k
New.net Startup = rundll32 C:\WINDOWS\NEWDOT~1.DLL,NewDotNetStartup
babeie = rundll32 "C:\Program Files\CommonName\Toolbar\CNBabe.dll",DllStartup
HPHA1MON = C:\WINDOWS\SYSTEM\HPHA1MON.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Yahoo! Pager = C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

eZstub = C:\PROGRAM FILES\2 FIND MP3\PARTNER\EZSTTTUB.EXE

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exeadvpack.dll

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\THEOSB~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 4/10/2002, 11:1:28)

[rename]
NUL=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.BKP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

@C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
@ECHO OFF
rem
rem *** DO NOT EDIT THIS FILE! ***
rem
rem This file was created by the System Configuration Utility as
rem a placeholder for your AUTOEXEC.BAT file. Your actual
rem AUTOEXEC.BAT file has been saved under the name AUTOEXEC.TSH.
rem

--------------------------------------------------

C:\CONFIG.SYS listing:

rem
rem *** DO NOT EDIT THIS FILE! ***
rem
rem This file was created by the System Configuration Utility as
rem a placeholder for your CONFIG.SYS. Your actual CONFIG.SYS
rem file has been saved under the name CONFIG.TSH.
rem

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off
LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12
SET MOUSE=C:\COMPAQ\IMOUSE
LH C:\COMPAQ\IMOUSE\IMOUSE.COM
REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\GO!ZILLA\GOIEHLP.DLL (file missing) - {CD4C3CF0-4B15-11D1-ABED-709549C10000}
(no name) - (no file) - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
(no name) - C:\WINDOWS\SYSTEM\FAVORITE.DLL - {139D88E5-C372-469D-B4C5-1FE00852AB9B}
(no name) - C:\PROGRAM FILES\FLT\FLT.DLL - {665ACD90-4541-4836-9FE4-062386BB8F05}
(no name) - C:\WINDOWS\SYSTEM\NETPAL.DLL - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F}
ezSearchBar Helper - C:\WINDOWS\SYSTEM\EZSEARCH.DLL - {760A9DDE-1433-4A7C-8189-D6735BB5D3DD}
BabeIE - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBABE.DLL - {00000000-0000-0000-0000-000000000000}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
ICQ.job
Scan for Viruses.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[{4248083C-9656-11D2-8B7F-00105A17847A}]
CODEBASE = http://downloads.mplayer.com/MplayerStub.exe

[{E4B48560-123D-11d3-A73F-0060083E64FF}]
CODEBASE = http://www.thepalace.com/TPV/CC_SUPPORT.cab
OSD = C:\WINDOWS\Downloaded Program Files\Communities.com TPV Support.OSD

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.2\HRTBEAT.OCX

[TvHelper Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TV122.OCX

[VivoActive Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\VVWEB.OCX

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[FlashProp Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R880/V31Controls/x86/w98/en/actsetup.cab

[mwo Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MWMZ.DLL
CODEBASE = http://www.messagebay.com/code1/mwm.cab

[IPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[InstallFromTheWeb ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IFTW.DLL
CODEBASE = http://www.installfromtheweb.com/install/iftwclix.cab

[Ctp Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXCTP.DLL
CODEBASE = http://www.americangreetings.com/create/Install/AxCtp.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002082001/housecall.antivirus.com/housecall/xscan53.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}]
CODEBASE = http://205.252.89.9/Software_Plugin.exe

[plug Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\CHARGI~1.DLL
CODEBASE = http://dist02.chargitdial.com/chargitplug.dll

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.4\HMATCHMT.OCX
CODEBASE = http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Yahoo! Webcam Viewer Wrapper]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\YVWRCTL.DLL
CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

[Video Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\VIDEOX.DLL
CODEBASE = http://stream10k.redhotnetworks.com/cabs/videox.cab

[{00000012-890E-4AAC-AFD9-000000000000}]
CODEBASE = http://lop.com/global/software_plugin.exe

[{15589FA1-C456-11CE-BF01-00AA0055595A}]
CODEBASE = http://www.netsource101.com/files/source4/NetInstall4.exe

[ContentAuditX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONTEN~1.OCX
CODEBASE = http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab

[IEDial Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IEACCESS2.DLL
CODEBASE = http://usa-download.nocreditcard.com/download/Object/ieaccess2.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSCOM.DLL
CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab

[Yahoo! Audio UI1]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSUI.DLL
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}]
CODEBASE = http://www.talkingbuddy.com/talkingbuddyinstall.exe

[AtlFlip Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FLIPX.DLL
CODEBASE = http://www.flipviewer.com/exe/fvlite.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
CODEBASE = http://sc.communities.msn.com/controls/chat/msnchat42.cab

--------------------------------------------------
End of report, 12,950 bytes
Report generated in 1.224 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Bryan (Jul 3, 1999)

Go  here and follow the instructions to remove New.net

The goto Add/RemovePrograms again and see if you see an entry for When Usave or SaveNow or something of that nature. If you do, uninstall it.

Once that's done do this,

Start>Run, key in Msconfig and press enter. Now click on the Startup tab. Then locate the entries for Trickler and Bareie and remove the checkmarks next to them. Click on Apply and follow the prompts to restart Windows.

Then go here and download RefUpdate. Install it and the run it to Update your AdAware reference pattern file to the most recent patterns. Then run AdAware and let it clean what it finds and restart W98.

Then run StartupList again and post it's results to a reply here.


----------



## TonyKlein (Aug 26, 2001)

Also make sure you have the latest version of Ad-Aware installed (5.83)
If you don't, uninstall it first, and THEN install the latest version

And update it as Bryan said. You have TONS of spyware:

WhenUSave, TRickler (Gator), New.Net, CommonName bar, and Netpal, EZsearch, Flashtrack, Favoriteman, and Commonname bar Browser Helper Objects.

The mind boggles.

It would be best to run Ad-Aware in Safe Mode. It does a better job there.

If you want to run it normally, at least make sure that Internet Explorer is shut down wen you do.

Cheers,


----------



## doescher4 (Oct 4, 2001)

Bryan,

I did everything on your list and here is the newest startup list. Hope it looks better!

Lori

StartupList report, 10/7/02, 11:45:21 AM
StartupList version: 1.34.0
Started from : C:\UNZIPPED\STARTUPLIST134[1]\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
C:\WINDOWS\TEMP\EACDOWNLOAD\ANTIVIRUS_INSTALL.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\PROGRAM FILES\HP PHOTOSMART\P1000\EREG\REMIND32.EXE
C:\PROGRAM FILES\2 FIND MP3\PARTNER\EZSTTTUB.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPHIPM07.EXE
C:\WINDOWS\SYSTEM\HPHID407.EXE
C:\WINDOWS\PROFILES\LORI\START MENU\PROGRAMS\SEVERAL MSN SESSIONS\MSMSGS.EXE
C:\UNZIPPED\STARTUPLIST134[1]\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Profiles\lori\Start Menu\Programs\Startup]
Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\P1000\ereg\Remind32.exe
iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe

User shell folders Startup:
[C:\WINDOWS\Profiles\lori\Start Menu\Programs\Startup]
Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\P1000\ereg\Remind32.exe
iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
AtiCwd32 = Aticwd32.exe
AtiKey = Atitask.exe
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
AVG_CC = C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
LoadQM = loadqm.exe
ATTRedUpate = C:\PROGRAM FILES\COMMON FILES\MEDIACOM\MIGCFG\PROGRAMS\AutoUpdate.exe
WinampAgent = "C:\Program Files\Winamp3\winampa.exe"
Eac_Rvndl = C:\WINDOWS\TEMP\EACDOWNLOAD\ANTIVIRUS_INSTALL.EXE -k
HPHA1MON = C:\WINDOWS\SYSTEM\HPHA1MON.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Yahoo! Pager = C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

eZstub = C:\PROGRAM FILES\2 FIND MP3\PARTNER\EZSTTTUB.EXE

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exeadvpack.dll

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\THEOSB~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 7/10/2002, 11:30:54)

[rename]
NUL=c:\windows\TEMP\GLB1A2B.EXE
NUL=c:\windows\TEMP\GLB1A2B.EXE
[Rename]
NUL=C:\WINDOWS\NEWDOT~1.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

@C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
@ECHO OFF
rem
rem *** DO NOT EDIT THIS FILE! ***
rem
rem This file was created by the System Configuration Utility as
rem a placeholder for your AUTOEXEC.BAT file. Your actual
rem AUTOEXEC.BAT file has been saved under the name AUTOEXEC.TSH.
rem

--------------------------------------------------

C:\CONFIG.SYS listing:

rem
rem *** DO NOT EDIT THIS FILE! ***
rem
rem This file was created by the System Configuration Utility as
rem a placeholder for your CONFIG.SYS. Your actual CONFIG.SYS
rem file has been saved under the name CONFIG.TSH.
rem

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off
LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12
SET MOUSE=C:\COMPAQ\IMOUSE
LH C:\COMPAQ\IMOUSE\IMOUSE.COM
REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\GO!ZILLA\GOIEHLP.DLL (file missing) - {CD4C3CF0-4B15-11D1-ABED-709549C10000}
(no name) - (no file) - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
(no name) - C:\WINDOWS\SYSTEM\NETPAL.DLL (file missing) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F}
BabeIE - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBABE.DLL (file missing) - {00000000-0000-0000-0000-000000000000}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
ICQ.job
Scan for Viruses.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[{4248083C-9656-11D2-8B7F-00105A17847A}]
CODEBASE = http://downloads.mplayer.com/MplayerStub.exe

[{E4B48560-123D-11d3-A73F-0060083E64FF}]
CODEBASE = http://www.thepalace.com/TPV/CC_SUPPORT.cab
OSD = C:\WINDOWS\Downloaded Program Files\Communities.com TPV Support.OSD

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.2\HRTBEAT.OCX

[TvHelper Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\TV122.OCX

[VivoActive Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\VVWEB.OCX

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[FlashProp Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R880/V31Controls/x86/w98/en/actsetup.cab

[mwo Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MWMZ.DLL
CODEBASE = http://www.messagebay.com/code1/mwm.cab

[IPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[InstallFromTheWeb ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IFTW.DLL
CODEBASE = http://www.installfromtheweb.com/install/iftwclix.cab

[Ctp Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXCTP.DLL
CODEBASE = http://www.americangreetings.com/create/Install/AxCtp.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002082001/housecall.antivirus.com/housecall/xscan53.cab

[{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}]
CODEBASE = http://205.252.89.9/Software_Plugin.exe

[plug Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\CHARGI~1.DLL
CODEBASE = http://dist02.chargitdial.com/chargitplug.dll

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.4\HMATCHMT.OCX
CODEBASE = http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Yahoo! Webcam Viewer Wrapper]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\YVWRCTL.DLL
CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

[Video Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\VIDEOX.DLL
CODEBASE = http://stream10k.redhotnetworks.com/cabs/videox.cab

[{00000012-890E-4AAC-AFD9-000000000000}]
CODEBASE = http://lop.com/global/software_plugin.exe

[{15589FA1-C456-11CE-BF01-00AA0055595A}]
CODEBASE = http://www.netsource101.com/files/source4/NetInstall4.exe

[ContentAuditX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONTEN~1.OCX
CODEBASE = http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab

[IEDial Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IEACCESS2.DLL
CODEBASE = http://usa-download.nocreditcard.com/download/Object/ieaccess2.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSCOM.DLL
CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab

[Yahoo! Audio UI1]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSUI.DLL
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}]
CODEBASE = http://www.talkingbuddy.com/talkingbuddyinstall.exe

[AtlFlip Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FLIPX.DLL
CODEBASE = http://www.flipviewer.com/exe/fvlite.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
CODEBASE = http://sc.communities.msn.com/controls/chat/msnchat42.cab

--------------------------------------------------
End of report, 12,253 bytes
Report generated in 0.745 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Bryan (Jul 3, 1999)

Your almost there. Next go  here and download BHODemon and use it disable these three Browser Help Objects.

Netpal.dll
Cnbabe.dll
GOIEhlp.dll

Restart W98 and repost a new startup list.

BTW, do you have any idea what EzStub could be? I'm not familiar with it.


----------



## TonyKlein (Aug 26, 2001)

Also do this:

Go to Internet Options > Temp. Internet Files > Settings > Show Objects, and examine all ActiveX objects you see there.

Are any objects there marked 'damaged', rightclick them, and choose remove.

Now rightclick each one in turn, chose 'properties', and check the Version tab.

If the company is _anyone else but_ Macromedia, Apple, or Microsoft, rightclick the file, and choose 'remove'.

Cheers,


----------



## TonyKlein (Aug 26, 2001)

> _Originally posted by Bryan:_
> *
> BTW, do you have any idea what EzStub could be? I'm not familiar with it. *


http://www.npssoftware.com/2findmp3/

Cheers,


----------



## doescher4 (Oct 4, 2001)

Bryan and Tony,

I did everything that you had on your messages. Here is my new start up list. Hows it looking now? I really appreciate all your help!!

Lori

StartupList report, 10/7/02, 11:31:46 PM
StartupList version: 1.34.0
Started from : C:\UNZIPPED\STARTUPLIST134[1]\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\HP PHOTOSMART\P1000\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPHIPM07.EXE
C:\WINDOWS\SYSTEM\HPHID407.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\STARTUPLIST134[1]\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Profiles\lori\Start Menu\Programs\Startup]
Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\P1000\ereg\Remind32.exe
iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe

User shell folders Startup:
[C:\WINDOWS\Profiles\lori\Start Menu\Programs\Startup]
Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\P1000\ereg\Remind32.exe
iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
AtiCwd32 = Aticwd32.exe
AtiKey = Atitask.exe
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
AVG_CC = C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
LoadQM = loadqm.exe
ATTRedUpate = C:\PROGRAM FILES\COMMON FILES\MEDIACOM\MIGCFG\PROGRAMS\AutoUpdate.exe
WinampAgent = "C:\Program Files\Winamp3\winampa.exe"
HPHA1MON = C:\WINDOWS\SYSTEM\HPHA1MON.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Yahoo! Pager = C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
eZmmod = C:\PROGRA~1\ezula\mmod.exe

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exeadvpack.dll

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\THEOSB~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 7/10/2002, 11:54:26)

[rename]
C:\WINDOWS\SYSTEM\VSDATA95.VXD=C:\WINDOWS\SYSTEM\~GLH0007.TMP

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

@C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
@ECHO OFF
rem
rem *** DO NOT EDIT THIS FILE! ***
rem
rem This file was created by the System Configuration Utility as
rem a placeholder for your AUTOEXEC.BAT file. Your actual
rem AUTOEXEC.BAT file has been saved under the name AUTOEXEC.TSH.
rem

--------------------------------------------------

C:\CONFIG.SYS listing:

rem
rem *** DO NOT EDIT THIS FILE! ***
rem
rem This file was created by the System Configuration Utility as
rem a placeholder for your CONFIG.SYS. Your actual CONFIG.SYS
rem file has been saved under the name CONFIG.TSH.
rem

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off
LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12
SET MOUSE=C:\COMPAQ\IMOUSE
LH C:\COMPAQ\IMOUSE\IMOUSE.COM
REM C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE
C:\PROGRA~1\LOGITECH\MOUSEW~1\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\GO!ZILLA\GOIEHLP.DLL (disabled by BHODemon) (file missing) - {CD4C3CF0-4B15-11D1-ABED-709549C10000}
(no name) - (no file) - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
(no name) - C:\WINDOWS\SYSTEM\NETPAL.DLL (disabled by BHODemon) (file missing) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F}
BabeIE - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBABE.DLL (disabled by BHODemon) (file missing) - {00000000-0000-0000-0000-000000000000}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
ICQ.job
Scan for Viruses.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[{E4B48560-123D-11d3-A73F-0060083E64FF}]
CODEBASE = http://www.thepalace.com/TPV/CC_SUPPORT.cab
OSD = C:\WINDOWS\Downloaded Program Files\Communities.com TPV Support.OSD

[{AE1C01E3-0283-11d3-9B3F-00C04F8EF466}]

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R880/V31Controls/x86/w98/en/actsetup.cab

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.4\HMATCHMT.OCX
CODEBASE = http://lw7fd.law7.hotmail.msn.com/activex/HMAtchmt.ocx

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Yahoo! Webcam Viewer Wrapper]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\YVWRCTL.DLL
CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

[{15589FA1-C456-11CE-BF01-00AA0055595A}]
CODEBASE = http://www.netsource101.com/files/source4/NetInstall4.exe

[Yahoo! Audio UI1]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSUI.DLL
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
CODEBASE = http://sc.communities.msn.com/controls/chat/msnchat42.cab

--------------------------------------------------
End of report, 9,677 bytes
Report generated in 1.180 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## TonyKlein (Aug 26, 2001)

Looks fine.

One last thing you need to do:

Start > Run >Msconfig > Uncheck *eZmmod = C:\PROGRA~1\ezula\mmod.exe* on the Startup tab.

Click OK, and reboot.

http://www.cexx.org/toptext.htm

Cheers,


----------



## doescher4 (Oct 4, 2001)

Tony,

I seem to have another problem now. When I started my computer this morning and tried to open pages I got "this program has performed an illegal operation and will be shut down" every time I tried to open something. Finally I just shut down the computer and turned it back on. It came back up in safe mode. I seem to beable to open pages now but what do I do about the safe mode part? Could this have happened because of deleting a lot of the active X controls last night? I dont know, but I cant think of anything else that I altered except for that.

Thanks,
Lori


----------



## TonyKlein (Aug 26, 2001)

Lori,

If it continues to start up in Safe Mode, do a search for a file called Wnbootng.sts.

If you find one, delete it, and reboot.

If the file isn't there, please do this:

Go to Start/run, and type *Notepad /msdos.sys* (there's a space after 'notepad'!)

Your Msdos.sys file will now open in Notepad.
Go to Edit > select all, and then copy all.

Please post the contents here.

And if you should again get that same error, please click 'details' and tell us what it says.

Cheers,


----------

