PDA

View Full Version : startup log question (W98)


makko
08-12-2002, 06:51 PM
hi,

i have a guy here whos laptop has been infested with all sorts of programs. he wants some help. so ive made a copy of his startup.

can someone comment on it please, ive uninstalled his kazaa, and replaced it with kazzalight, after this log was made.

thanks


---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at
__________________________________________________ ________________________
__________________________________________________ ________________________

StartUp Log for Windows 95/98 - Freeware by rmbox
__________________________________________________ ________________________
__________________________________________________ ________________________

Comments:

This is a log of all the programs on your computer that
are starting automatically every time you start Windows.
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.56) - Release Date 3/11/2002

__________________________________________________ ________________________
__________________________________________________ ________________________

StartUp Log Index

1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations

__________________________________________________ ________________________
__________________________________________________ ________________________

The following is a list of your current Start-Ups
__________________________________________________ ________________________
__________________________________________________ ________________________

1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ScanRegistry"="c:\\windows\\scanregw.exe /autorun"
"TaskMonitor"="c:\\windows\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"IrMon"="IrMon.exe"
"Promon.exe"=""
"AtiPTA"="Atiptaab.exe"
"Ati2cwxx"="Ati2cwxx.exe"
"AtiGart"="c:\\Ati\\Gart\\AtiGart.exe"
"Check Dock"="c:\\windows\\options\\cabs\\cdock.exe"
"Hibernation"="C:\\Programfiler\\COMPAQ\\PWRCON\\HIB32.EXE"
"CPQCalib"="C:\\Programfiler\\COMPAQ\\PWRCON\\CPQCALIB.EXE"
"CPQAcDc"="C:\\Programfiler\\Compaq\\PowerCon Enhancements\\CPQAcDc.Exe"
"hkss"="C:\\Programfiler\\Compaq\\Supportsoftware til Genvejstaster\\hkss.exe"
"Compaq Computer Security"="rundll32.exe C:\\PROGRA~1\\COMPAQ\\SECURI~1\\SECURE32.CPL,Servi ce"
"SynTPLpr"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPEnh.exe"
"EM_EXEC"="c:\\mouse\\system\\em_exec.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStar tup"
"Norman ZANDA"="C:\\NORMAN\\NVC\\BIN\\ZLH.EXE /LOAD /SPLASH"
"Danu TermiNET"="C:\\PROGRAMFILER\\DANU\\TERMINET\\TERMINET.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"


================================================== ========================
__________________________________________________ ________________________

2. HKCU Run - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Taskbar Display Controls"="RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY"


================================================== ========================
__________________________________________________ ________________________

3. HKLM RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]


================================================== ========================
__________________________________________________ ________________________

4. HKCU RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce]


================================================== ========================
__________________________________________________ ________________________

5. HKLM RunServices - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"ATIPOLAB"="ati2plab.exe"
"CPQALERT"="CPQALERT.EXE"
"CPQDMI"="CPQDMI.EXE"
"Norman ZANDA"="C:\\NORMAN\\NVC\\BIN\\ZANDA.EXE /LOAD"
"SchedulingAgent"="mstask.exe"


================================================== ========================
__________________________________________________ ________________________

6. HKLM RunServicesOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]


================================================== ========================
__________________________________________________ ________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.


These are the run and load lines in your WIN.INI file

run=

load=

================================================== ========================
__________________________________________________ ________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.


This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

================================================== ========================
__________________________________________________ ________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)


These are your program startups and set paths in your autoexec.bat file

@ECHO OFF
@ECHO OFF



















SET PATH=C:\DMI98\WIN32\BIN
SET WIN32DMIPATH=C:\DMI98\WIN32
mode con codepage prepare=((850) c:\windows\COMMAND\ega.cpi)
mode con codepage select=850
keyb no,,c:\windows\COMMAND\keyboard.sys

================================================== ========================
__________________________________________________ ________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your StartUp folder

*(No start-ups found)*

================================================== ========================
__________________________________________________ ________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your All Users StartUp folder


*(No start-ups found)*

================================================== ========================
__________________________________________________ ________________________

12. Miscellaneous StartUp Configurations

-============================-
Registry StartUp Directories
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.................................................. ...................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start-meny\\Programmer\\Oppstart"

.................................................. ...................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders


.................................................. ...................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\exp lorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start-meny\\Programmer\\Oppstart"

.................................................. ...................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\exp lorer\User Shell Folders


.................................................. ...................

-=======================-
Registry Shell Spawning
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================-
HKLM RunOnceEx - Registry
-=========================-


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnceEx]


-=========================-
HKU (.Default) Run - Registry
-=========================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Run]
"Taskbar Display Controls"="RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY"


-==============================-
HKU (.Default) RunOnce - Registry
-==============================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\RunOnce]


-================================-
StubPaths - Registry (Partial Listing)
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"OldRealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldRealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"StubPath"=""
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-

@echo off

REM Notes:
REM DOSSTART.BAT is run whenenver you choose "Restart the computer
REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
REM you to load programs that you might not want loaded in Windows,
REM (because they have functional equivalents) but that you do
REM want loaded under MS-DOS. The two primary candidates for
REM this are MSCDEX and a real mode driver for the mouse you ship
REM with your system. Commands that you want present in both Windows
REM and MS-DOS should be placed in the Autoexec.bat in the
REM \Image directory of your reference server. Please note that for
REM MSCDEX you will need to load the corresponding real-mode CD
REM driver in Config.sys. This driver won't be used by Windows 98
REM but will be available prior to and after Windows 98 exits.
REM
REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
REM before Windows loads and access the CD-ROM. All you have to do
REM is press F8 and then run DOSSTART to load MSCDEX and your real
REM mode mouse driver (no need to remember the command line parameters
REM for these two files.
REM
REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
REM - The string following the /D: statement must explicitly match
REM the string in CONFIG.SYS following your CD-ROM device driver.

REM MSCDEX.EXE /D:OEMCD001 /l:d
REM MOUSE.EXE

c:\mouse\mouse.exe


-=================-
WININIT.BAK File - (c:\windows\wininit.bak)
(name) (type) (size)(modified)(time)
Innhold i C:\WINDOWS
wininit bak 4 571 26.07.02 21:04
-=================-



[Rename]
NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\S ETB231.TMP
NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\S ETB232.TMP
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IE PEERS.RCX
C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\RSASIG.DLL
C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\XENROLL.DLL
C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\MSCAT32.DLL
C:\WINDOWS\SYSTEM\MSSIP32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\MSSIP32.DLL
C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MSSIGN32.DLL
C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\CRYPTUI.DLL
C:\WINDOWS\SYSTEM\CRYPTNET.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\CRYPTNET.DLL
C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\CRYPTEXT.DLL
C:\WINDOWS\SYSTEM\WLDAP32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\WLDAP32.DLL
C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\DXTMSFT.DLL
C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\DXTRANS.DLL
C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MMUTILSE.DLL
C:\WINDOWS\SYSTEM\JSNO.DLL=C:\WINDOWS\SYSTEM\IE4SE TUP\JSNO.DLL
C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4S ETUP\HLINK.DLL
C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\I E4SETUP\PROCTEXE.OCX
C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SET UP\URL.DLL
C:\WINDOWS\SYSTEM\COMCTL32.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM383.TMP
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTE M\IE4SETUP\ACM3B4.TMP
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM1001.TMP
C:\WINDOWS\SYSTEM\MSHTML.TLB=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM1005.TMP
C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM1033.TMP
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM1034.TMP
C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM1040.TMP
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM1041.TMP
C:\WINDOWS\SYSTEM\JSCRIPT.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM1044.TMP
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM1050.TMP
C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM1053.TMP
C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM1070.TMP
C:\WINDOWS\SYSTEM\CRYPT32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM1074.TMP
C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM1085.TMP
C:\WINDOWS\SYSTEM\ACTXPRXY.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM1091.TMP
C:\WINDOWS\SYSTEM\SOFTPUB.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM1095.TMP
C:\WINDOWS\SYSTEM\MSOSS.DLL=C:\WINDOWS\SYSTEM\IE4S ETUP\ACM10A0.TMP
C:\WINDOWS\SYSTEM\MLANG.DLL=C:\WINDOWS\SYSTEM\IE4S ETUP\ACM10A3.TMP
C:\WINDOWS\SYSTEM\IMGUTIL.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM10B0.TMP
C:\WINDOWS\SYSTEM\WINTRUST.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM10E0.TMP
C:\WINDOWS\SYSTEM\RSABASE.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM10F1.TMP
C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM1101.TMP
C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM1105.TMP
C:\WINDOWS\SYSTEM\SHDOC401.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM1113.TMP
C:\WINDOWS\SYSTEM\SHD401LC.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM1115.TMP
C:\WINDOWS\SYSTEM\CORPOL.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM1120.TMP
C:\WINDOWS\SYSTEM\SHFOLDER.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM1126.TMP
C:\WINDOWS\SYSTEM\PSBASE.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM1153.TMP
C:\WINDOWS\SYSTEM\PSTORES.EXE=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM1155.TMP
C:\WINDOWS\SYSTEM\PSTORERC.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\ACM1161.TMP
C:\WINDOWS\SYSTEM\DSSBASE.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\ACM1171.TMP
C:\WINDOWS\SYSTEM\INSENG.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM1182.TMP
C:\WINDOWS\SYSTEM\MSLS31.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM11A4.TMP
C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\ACM11B3.TMP
NUL=C:\WINDOWS\SHELLI~1
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\S ET2390.TMP
NUL=C:\WINDOWS\SYSTEM\SENS.DLL
C:\WINDOWS\SYSTEM\SENS.DLL=C:\WINDOWS\SYSTEM\SET23 92.TMP
NUL=C:\WINDOWS\SYSTEM\ES.DLL
C:\WINDOWS\SYSTEM\ES.DLL=C:\WINDOWS\SYSTEM\SET2394 .TMP
NUL=C:\WINDOWS\SYSTEM\ESSHARED.DLL
C:\WINDOWS\SYSTEM\ESSHARED.DLL=C:\WINDOWS\SYSTEM\S ET2395.TMP
NUL=C:\WINDOWS\SYSTEM\ESTIER2.DLL
C:\WINDOWS\SYSTEM\ESTIER2.DLL=C:\WINDOWS\SYSTEM\SE T23A0.TMP
NUL=C:\WINDOWS\fonts\COMIC.TTF
C:\WINDOWS\fonts\COMIC.TTF=C:\WINDOWS\COMIC.tt2
NUL=C:\WINDOWS\fonts\COMICBD.TTF
C:\WINDOWS\fonts\COMICBD.TTF=C:\WINDOWS\COMICBD.tt 2
NUL=C:\WINDOWS\fonts\IMPACT.TTF
C:\WINDOWS\fonts\IMPACT.TTF=C:\WINDOWS\IMPACT.tt2
c:\windows\SYSTEM\OLEAUT32.DLL=c:\windows\SYSTEM\O LEAUT32.001


-=================-
WININIT.INI File - (c:\windows\wininit.ini)
(name) (type) (size)(modified)(time)
Innhold i C:\WINDOWS
wininit ini 44 12.08.02 17:05
-=================-

[rename]
NUL=c:\windows\TEMP\_iu14D2N.tmp
-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-

SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\DENGYL~1.SCR

================================================== ========================
__________________________________________________ ________________________

- Supplemental Environment Information -

TMP=c:\windows\TEMP
TEMP=C:\windows\TEMP
winbootdir=C:\WINDOWS
COMSPEC=C:\WINDOWS\COMMAND.COM
PATH=C:\WINDOWS;c:\windows;c:\windows\COMMAND;C:\D MI98\WIN32\BIN
WIN32DMIPATH=C:\DMI98\WIN32
windir=C:\WINDOWS

File - c:\windows\Wininit.ini
File - c:\windows\Wininit.bak

================================================== ========================
__________________________________________________ ________________________

- End -
TonyKlein
08-12-2002, 07:29 PM
You've still got the New.Net foistware there.

Go to Start > Run, type Msconfig, and uncheck NewNet on the Startup tab.

Click OK, and reboot.

Uninstall NewNet through Control Panel/Software Add\Remove.

Now download and install Refupdate Utility (http://www.wyvernworks.com/Lavasoft/aaw.exe>Ad-Aware</a>).
This utility searches for, downloads and automatically installs the latest AAW reffile (the spyware definitions, so to speak).

Run the refupdate.exe installation file, and once installed, go to Start Menu&gt;Programs, find the Lavasoft Refupdate entry and run it.
Click connect; it will open a connection to the internet to check and update the current signature file.

When that's completed open Ad-aware, look at the bottom left corner, it should say "Signature file in use: # 032-23.06.2002".

Then have your drives and registry scanned for spyware, check all found files and reg keys, hit 'backup', then click continue, and have them all removed.

Reboot again.

Finally, take a look at <a target="_blank" href=http://www.pacs-portal.co.uk/startup_pages/startup_full.htm>Pacman's Startup List</a>, to help you determine what else may be disabled from startup.

Good luck, Tony
makko
08-13-2002, 02:37 AM
i have installed adaware on his laptop (i use it myself, with ref update) i showed him how to do it a good time ago. the only spyware he has on now is the dummy cd_clint.dll from kazaalite.
(if you can trust ad-aware, and i know ad... doesnt detect it.

Thanks for looking at it, and i will e-mail him youre suggestion regarding msconfig

thanks again for the help-

one note: today i got my first "cmos checksum error" when booting up. had to use default cmos. And no i havent made a backup bymyself.
after i continued without making changes in bioes. the only message i got was to set date and time.

after rebooting i dont see a difference, i actually think my pc has improved?????

gonna by a new harddisk tomorrow, and a new cmos "coincell" battery while im at it.

if you think im writing to much, its because its 3:30 am here, and ive had 8 cups of coffe the since midnight.

(and opened the pc case at least 6 times)

are you still reading?