1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

firewall problem

Discussion in 'Earlier Versions of Windows' started by BLAZIN GUNZ, Jan 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. BLAZIN GUNZ

    BLAZIN GUNZ Thread Starter

    Joined:
    Dec 1, 2002
    Messages:
    54
    i try to use my web cam on yahoo and it says i'm behind a fire wall but i didnt know i had one. can u tell be how to find my firewall and how to shut it off. i contacted my cable internet provider and they said they dont block yahoo, that the problem must be on my pc. hope someone can help
     
  2. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    Are you running a router or ZoneAlarm?

    John
     
  3. BLAZIN GUNZ

    BLAZIN GUNZ Thread Starter

    Joined:
    Dec 1, 2002
    Messages:
    54
    i'm not sure what a router is and i dont have zonealarm, i use fix it utilities for my anti virus if that helps any
     
  4. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten

    Joined:
    Jun 7, 2001
    Messages:
    47,973
  5. anthonydono

    anthonydono

    Joined:
    Jan 14, 2003
    Messages:
    5
    Hi, I have posted a problem here on this site also and whilst I am waiting for a brainyperson to solve it, I thought I would try and help someone else in return, the firewall is a filter that is used by antivirus for example all info passes thru it to be scanned etc, I had a similar problem and when I had to remove the antivirus I discovered that I had no probs, I am not suggesting for a oment to remove the antivirus DONT. just wanted to try and explain what the firewall was. try reconfiguring the antivirus firewall settings.

    hope it helps.
     
  6. BLAZIN GUNZ

    BLAZIN GUNZ Thread Starter

    Joined:
    Dec 1, 2002
    Messages:
    54
    StartupList report, 1/14/2003, 9:10:33 PM
    StartupList version: 1.40
    Started from : C:\UNZIPPED\STARTUPLIST14\STARTUPLIST.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v5.50 (5.50.4134.0600)
    * Using default options
    * Using verbose mode
    * Including empty and uninteresting sections
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\CPQMLDET.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\DPLAYSVR.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\UNZIPPED\STARTUPLIST14\STARTUPLIST.EXE

    This lists all processes running in memory, which are all active
    programs and some non-exe system components.

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    MemTurbo.lnk = C:\unzipped\memturbo.exe

    User shell folders Startup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
    *No files*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    This lists all programs or shortcuts in folders marked by Windows as
    'Autostart folder', which means any files within these folders are
    launched when Windows is started. The Windows standard is that only
    shortcuts (*.lnk, *.pif) should be present in these folders.
    The location of these folders is set in the Registry.

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    Hidserv = Hidserv.exe run
    CpqBootPerfDb = C:\Cpqs\Scom\CpqBootPerfDb.exe
    LoadQM = loadqm.exe
    Digital Dashboard = C:\Program Files\Compaq\Digital Dashboard\CPQMLDET.exe

    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.
    The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
    are run once and then deleted by Windows.

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe

    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *No values found*

    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.
    The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
    are run once and then deleted by Windows.

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce


    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.
    The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
    are run once and then deleted by Windows.

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    This lists programs that run Registry keys marked by Windows as
    'Autostart key'. To the left are values that are used to clarify what
    program they belong to, to the right the program file that is started.
    The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
    are run once and then deleted by Windows.

    --------------------------------------------------

    Enumerating RunOnceEx keys:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\*

    *No subkeys found*

    This lists a special autorun Registry key, from which both programs
    and functions within DLLs can be launched without RUNDLL32.EXE. The
    format for running a DLL function is
    "DllFile.dll|FunctionName|CommandLineArguments", the format for
    running a program is "||Program.exe CommandLineArguments".
    This autorun key is used very rarely.

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    This Registry value determines how Windows runs files (in this case
    .EXE files). If this file is executable, it should read "%1" %*.
    ("%1" /S for screensavers, .SCR files.) If it needs to be opened
    with some other program, it should read program.exe "%1" %*.
    File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
    File types that are not executable are types like .DOC, .LNK, .BMP,
    .JPEG, .SHS, .VBS, .HTA etc.

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    This Registry value determines how Windows runs files (in this case
    .COM files). If this file is executable, it should read "%1" %*.
    ("%1" /S for screensavers, .SCR files.) If it needs to be opened
    with some other program, it should read program.exe "%1" %*.
    File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
    File types that are not executable are types like .DOC, .LNK, .BMP,
    .JPEG, .SHS, .VBS, .HTA etc.

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    This Registry value determines how Windows runs files (in this case
    .BAT files). If this file is executable, it should read "%1" %*.
    ("%1" /S for screensavers, .SCR files.) If it needs to be opened
    with some other program, it should read program.exe "%1" %*.
    File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
    File types that are not executable are types like .DOC, .LNK, .BMP,
    .JPEG, .SHS, .VBS, .HTA etc.

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    This Registry value determines how Windows runs files (in this case
    .PIF files). If this file is executable, it should read "%1" %*.
    ("%1" /S for screensavers, .SCR files.) If it needs to be opened
    with some other program, it should read program.exe "%1" %*.
    File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
    File types that are not executable are types like .DOC, .LNK, .BMP,
    .JPEG, .SHS, .VBS, .HTA etc.

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S "%3"

    This Registry value determines how Windows runs files (in this case
    .SCR files). If this file is executable, it should read "%1" %*.
    ("%1" /S for screensavers, .SCR files.) If it needs to be opened
    with some other program, it should read program.exe "%1" %*.
    File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
    File types that are not executable are types like .DOC, .LNK, .BMP,
    .JPEG, .SHS, .VBS, .HTA etc.

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

    This Registry value determines how Windows runs files (in this case
    .HTA files). If this file is executable, it should read "%1" %*.
    ("%1" /S for screensavers, .SCR files.) If it needs to be opened
    with some other program, it should read program.exe "%1" %*.
    File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
    File types that are not executable are types like .DOC, .LNK, .BMP,
    .JPEG, .SHS, .VBS, .HTA etc.

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [SetupcPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

    [AppletsPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

    [PerUser_CVT_Inis]
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

    [FontsPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

    [PerUser_HNW_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf

    [PerUser_ICW_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [{89820200-ECBD-11cf-8B85-00AA005B4395}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [PerUser_moviemaker] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf

    [>PerUser_MSN_Clean] *
    StubPath = C:\WINDOWS\msnmgsr1.exe

    [{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
    StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

    [PerUser_Msinfo] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

    [PerUser_Msinfo2] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

    [MotownMmsysPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

    [MotownAvivideoPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

    [PerUser_Base] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

    [SamplerPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf

    [ShellPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

    [Shell2PerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

    [PerUser_winbase_Links] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

    [PerUser_winapps_Links] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

    [PerUser_LinkBar_URLs] *
    StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

    [TapiPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

    [PerUser_MSWordPad_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

    [PerUserOldLinks] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

    [MmoptRegisterPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

    [PerUser_CDPlayer_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

    [OlsPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

    [OlsMsnPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

    [PerUser_PCHealth] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf

    [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

    [PerUser_Paint_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

    [PerUser_Calc_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

    [PerUser_Enable_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf

    [PerUser_Wingames_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf

    [PerUser_ZoneGame_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf

    [PerUser_PBGame_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf

    [MotownRecPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

    [PerUser_Vol] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

    [MotownMPlayPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

    [PerUser_RNA_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

    [PerUser_CharMap_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

    [PerUser_Dialer_Inis] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

    [MmoptMusicaPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

    [MmoptJunglePerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

    [MmoptRobotzPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

    [MmoptUtopiaPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /uninstall

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

    [OlsAolPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

    [OlsAttPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf

    [OlsProdigyPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf

    [OlsEarthlinkPerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf

    [Shell3PerUser] *
    StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

    [PerUser_Preptool] *
    StubPath = rundll.exe Setupx.dll,InstallHinfSection Install 64 C:\WINDOWS\INF\RUNLAST.INF

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    Programs listed here are components of the Windows Setup that were
    only ran when Windows started for the first time. To prevent them
    from running multiple times, Windows checks for a key with the same
    name at the HKCU root. If it's not found, the component at the HKLM
    root is ran, and a matching key is created at the HKCU root so the
    component is not ran again next time. Most entries involve either
    RUNDLL.EXE or RUNDLL32.EXE, so a suspicious key is not hard to find.

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    The chat program ICQ includes an ICQ Agent that can be configured to
    launch one or multiple browsers when an Internet connection is
    detected. To configure it, open the ICQ Preferences menu and check
    under 'Connection' for a button labelled 'Edit Launch List'.

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    These two entries in WIN.INI are leftover from Windows 3.x, which
    used them as values denoting programs that should be started up
    with Windows. Since Windows 95 and higher uses the Registry to
    store locations of autostart folders, these two entries in WIN.INI
    are redundant, and are rarely used.

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    The Shell key from SYSTEM.INI tells Windows what file handles
    the Windows shell, i.e. creates the taskbar, desktop icons etc. If
    programs are added to this line, they are all ran at startup.
    The SCRNSAVE.EXE line tells Windows what is the default screensaver
    file. This is also a leftover from Windows 3.x and should not be used.
    (Since Windows 95 and higher stores this setting in the Registry.)
    The 'drivers' line loads non-standard DLLs or programs.

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    Due to a bug in Windows 9x, it mistakenly uses C:\Explorer.exe and
    other instances (if present) when searching for Explorer.exe.
    Explorer.exe should only exists in the Windows folder.
    Windows NT is vulnerable to this as well, but only if the
    'Shell' Registry value from the previous section
    is just 'Explorer.exe' instead of the full path.
    Additionally, presence of \WINDOWS\Explorer\Explorer.exe indicates
    infection with the [email protected]r virus.

    --------------------------------------------------

    C:\WINDOWS\WININIT.INI listing:

    *File not found*

    WININIT.INI is a settings file for WININIT.EXE, which updates files
    at startup that are normally in use when Windows is running. It is
    mostly used when installing programs or patches that need the
    computer to be restarted to complete the install. After such a reboot,
    WININIT.INI is renamed to WININIT.BAK.

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 14/1/2003, 11:56:36)

    [rename]
    NUL=C:\WINDOWS\TEMP\setupdl.exe

    WININIT.INI is a settings file for WININIT.EXE, which updates files
    at startup that are normally in use when Windows is running. It is
    mostly used when installing programs or patches that need the
    computer to be restarted to complete the install. After such a reboot,
    WININIT.INI is renamed to WININIT.BAK.

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    Autoexec.bat is the very first file to autostart when the computer
    starts, it is a leftover from DOS and older Windows versions.
    Windows NT, Windows ME, Windows 2000 and Windows XP don't use this
    file. It is generally used by virusscanners to scan files before
    Windows starts.

    --------------------------------------------------

    C:\CONFIG.SYS listing:

    *File is empty*

    Config.sys loads device drivers for DOS, and is rarely used in
    Windows versions newer than Windows 95. Originally it loaded
    drivers for legacy sound cards and such.

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    @C:\WINDOWS\tmpcpyis.bat

    Winstart.bat loads just before the Windows shell, and is used for
    starting things like soundcard drivers, mouse drivers. Rarely used.

    --------------------------------------------------

    C:\WINDOWS\DOSSTART.BAT listing:

    @echo off

    Dosstart.bat loads if you select 'MS-DOS Prompt' from the Startup
    menu when the computer is starting, or if you select 'Restart in
    MS-DOS Mode' from the Shutdown menu in Windows. Mostly used for
    DOS-only drivers, like sound or mouse drivers.

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    Some file extensions are always hidden, like .lnk (shortcut) and
    .pif (shortcut to MS-DOS program). The Life_Stages virus was a .shs
    (Shell Scrap) file that had the extension hidden by default. This can
    be a security risk when a virus with a double-extension filename is
    on the loose, since the extension can be hidden even when 'Don't show
    extensions for known filetypes' is turned off.
    The shortcut overlay acts as a reminder that the file is just a shortcut.
    If the shortcut overlay is removed, the difference between a file and
    a shortcut is invisible.

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    Regedit.exe is the Windows Registry Editor. Without it, you cannot
    access the Registry or merge Registry scripts into the Registry.
    Several viruses/trojans mess with this important system file, e.g.
    moving it somewhere else or replacing it with a copy of the trojan.
    Above checks will ensure that Regedit.exe is in the correct place
    and that it really is Regedit.
    If you have ScriptSentry installed, the .reg command
    is altered and you fail the check. Don't worry
    about this.

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}
    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    MSIE features Browser Helper Objects (BHO) that plug into MSIE and
    can do virtually anything on your system. Benevolant examples are
    the Google Toolbar and the Acrobat Reader plugin. More often though,
    BHO's are installed by spyware and serve you to a neverending flow
    of popups and ads as well as tracking your browser habits, claiming
    they 'enhance your browsing experience'.

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job
    Registration reminder 3.job
    Symantec NetDetect.job
    Check E-mail.job
    Synchronize Time.job

    The Windows Task Scheduler can run programs at a certain time,
    automatically. Though very unlikely, this can be exploited by
    making a job that runs a virus or trojan.

    --------------------------------------------------

    Enumerating Download Program Files:

    [Microsoft XML Parser for Java]
    CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [DirectAnimation Java Classes]
    CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
    OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [Yahoo! Audio Conferencing]
    InProcServer32 = C:\PROGRAM FILES\YAHOO!\MESSENGER\YACSCOM.DLL
    CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab

    [{7A32634B-029C-4836-A023-528983982A49}]
    CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

    [Java Plug-in 1.3.1_04]
    InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
    CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab

    [Java Plug-in 1.3.1_04]
    InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
    CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab

    [SurroundVideoCtrl Object]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSSURVID.OCX
    CODEBASE = http://encarta.msn.com/encnet/external/MSSurVid.cab

    [iPIX ActiveX Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
    CODEBASE = http://www.ipix.com/download/ipixx.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Yahoo! Pool 2]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.games.yahoo.com/games/clients/y/potb_x.cab
    OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd

    [Hotmail Attachments Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HMATCHMT.OCX
    CODEBASE = http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [LEGO Stormrunner]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://mindstorms.lego.com/stormrunner/stormrunner1-1-0.cab
    OSD = C:\WINDOWS\Downloaded Program Files\LEGO Stormrunner.osd

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\HRTBEAT.OCX
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37620.5523958333

    [GSDACtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GSDA.DLL
    CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    [{731918D2-517A-47E2-886A-3BC1380C591D}]
    CODEBASE = http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab

    [WONWebLauncher Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WONWEBLAUNCHERCONTROL.OCX
    CODEBASE = http://www.flipside.com/cab/WONWebLauncherControl.cab

    [{D9EC0A76-03BF-11D4-A509-0090270F86E3}]
    CODEBASE = http://www.spywarelabs.com/1105030103/VBouncerOuter1105.exe

    [YahooYMailTo Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll

    The items in Download Program Files are programs you downloaded and
    automatically installed themselves in MSIE. Most of these are Java
    classes Media Player codecs and the likes. Some items are only
    visible from the Registry and may not show up in the folder.

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
    Protocol #1: C:\WINDOWS\SYSTEM\msafd.dll
    Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
    Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
    Protocol #4: C:\WINDOWS\SYSTEM\rsvpsp.dll
    Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll

    The Windows Socket system (Winsock) connects your system to the
    Internet. Part of this task is resolving domain names (www.server.com)
    to IP addresses (12.23.34.45) which is handler by several system
    files, called Layered Service Providers (LSPs), which work as a
    chain: if one LSP is gone, the chain is broken and Winsock cannot
    resolve domain names - which means no program on your system can
    access the Internet.

    --------------------------------------------------
    End of report, 32,578 bytes
    Report generated in 0.545 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/113177

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice