firewall problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BLAZIN GUNZ

Thread Starter
Joined
Dec 1, 2002
Messages
54
i try to use my web cam on yahoo and it says i'm behind a fire wall but i didnt know i had one. can u tell be how to find my firewall and how to shut it off. i contacted my cable internet provider and they said they dont block yahoo, that the problem must be on my pc. hope someone can help
 

bassetman

Moderator (deceased) - Gone but never forgotten
Joined
Jun 7, 2001
Messages
47,973
Are you running a router or ZoneAlarm?

John
 

BLAZIN GUNZ

Thread Starter
Joined
Dec 1, 2002
Messages
54
i'm not sure what a router is and i dont have zonealarm, i use fix it utilities for my anti virus if that helps any
 
Joined
Jan 14, 2003
Messages
5
Hi, I have posted a problem here on this site also and whilst I am waiting for a brainyperson to solve it, I thought I would try and help someone else in return, the firewall is a filter that is used by antivirus for example all info passes thru it to be scanned etc, I had a similar problem and when I had to remove the antivirus I discovered that I had no probs, I am not suggesting for a oment to remove the antivirus DONT. just wanted to try and explain what the firewall was. try reconfiguring the antivirus firewall settings.

hope it helps.
 

BLAZIN GUNZ

Thread Starter
Joined
Dec 1, 2002
Messages
54
StartupList report, 1/14/2003, 9:10:33 PM
StartupList version: 1.40
Started from : C:\UNZIPPED\STARTUPLIST14\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v5.50 (5.50.4134.0600)
* Using default options
* Using verbose mode
* Including empty and uninteresting sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\CPQMLDET.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\DPLAYSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\UNZIPPED\STARTUPLIST14\STARTUPLIST.EXE

This lists all processes running in memory, which are all active
programs and some non-exe system components.

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
MemTurbo.lnk = C:\unzipped\memturbo.exe

User shell folders Startup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

This lists all programs or shortcuts in folders marked by Windows as
'Autostart folder', which means any files within these folders are
launched when Windows is started. The Windows standard is that only
shortcuts (*.lnk, *.pif) should be present in these folders.
The location of these folders is set in the Registry.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Hidserv = Hidserv.exe run
CpqBootPerfDb = C:\Cpqs\Scom\CpqBootPerfDb.exe
LoadQM = loadqm.exe
Digital Dashboard = C:\Program Files\Compaq\Digital Dashboard\CPQMLDET.exe

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.
The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
are run once and then deleted by Windows.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.
The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
are run once and then deleted by Windows.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce


This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.
The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
are run once and then deleted by Windows.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

This lists programs that run Registry keys marked by Windows as
'Autostart key'. To the left are values that are used to clarify what
program they belong to, to the right the program file that is started.
The values in the 'RunOnce', 'RunOnceEx' and 'RunServicesOnce' keys
are run once and then deleted by Windows.

--------------------------------------------------

Enumerating RunOnceEx keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\*

*No subkeys found*

This lists a special autorun Registry key, from which both programs
and functions within DLLs can be launched without RUNDLL32.EXE. The
format for running a DLL function is
"DllFile.dll|FunctionName|CommandLineArguments", the format for
running a program is "||Program.exe CommandLineArguments".
This autorun key is used very rarely.

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

This Registry value determines how Windows runs files (in this case
.EXE files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

This Registry value determines how Windows runs files (in this case
.COM files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

This Registry value determines how Windows runs files (in this case
.BAT files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

This Registry value determines how Windows runs files (in this case
.PIF files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S "%3"

This Registry value determines how Windows runs files (in this case
.SCR files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

This Registry value determines how Windows runs files (in this case
.HTA files). If this file is executable, it should read "%1" %*.
("%1" /S for screensavers, .SCR files.) If it needs to be opened
with some other program, it should read program.exe "%1" %*.
File types that are executable are .EXE, .COM, .PIF, .BAT, .SCR.
File types that are not executable are types like .DOC, .LNK, .BMP,
.JPEG, .SHS, .VBS, .HTA etc.

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[PerUser_CVT_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[FontsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[PerUser_HNW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf

[PerUser_ICW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[PerUser_moviemaker] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Base] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[SamplerPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf

[ShellPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[PerUserOldLinks] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

[PerUser_PCHealth] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[PerUser_Paint_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Enable_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf

[PerUser_Wingames_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_ZoneGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_PBGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf

[MotownRecPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[MotownMPlayPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[MmoptMusicaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptJunglePerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptRobotzPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptUtopiaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /uninstall

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[OlsAolPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsAttPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsProdigyPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsEarthlinkPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf

[Shell3PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

[PerUser_Preptool] *
StubPath = rundll.exe Setupx.dll,InstallHinfSection Install 64 C:\WINDOWS\INF\RUNLAST.INF

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

Programs listed here are components of the Windows Setup that were
only ran when Windows started for the first time. To prevent them
from running multiple times, Windows checks for a key with the same
name at the HKCU root. If it's not found, the component at the HKLM
root is ran, and a matching key is created at the HKCU root so the
component is not ran again next time. Most entries involve either
RUNDLL.EXE or RUNDLL32.EXE, so a suspicious key is not hard to find.

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

The chat program ICQ includes an ICQ Agent that can be configured to
launch one or multiple browsers when an Internet connection is
detected. To configure it, open the ICQ Preferences menu and check
under 'Connection' for a button labelled 'Edit Launch List'.

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

These two entries in WIN.INI are leftover from Windows 3.x, which
used them as values denoting programs that should be started up
with Windows. Since Windows 95 and higher uses the Registry to
store locations of autostart folders, these two entries in WIN.INI
are redundant, and are rarely used.

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

The Shell key from SYSTEM.INI tells Windows what file handles
the Windows shell, i.e. creates the taskbar, desktop icons etc. If
programs are added to this line, they are all ran at startup.
The SCRNSAVE.EXE line tells Windows what is the default screensaver
file. This is also a leftover from Windows 3.x and should not be used.
(Since Windows 95 and higher stores this setting in the Registry.)
The 'drivers' line loads non-standard DLLs or programs.

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

Due to a bug in Windows 9x, it mistakenly uses C:\Explorer.exe and
other instances (if present) when searching for Explorer.exe.
Explorer.exe should only exists in the Windows folder.
Windows NT is vulnerable to this as well, but only if the
'Shell' Registry value from the previous section
is just 'Explorer.exe' instead of the full path.
Additionally, presence of \WINDOWS\Explorer\Explorer.exe indicates
infection with the [email protected]r virus.

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

WININIT.INI is a settings file for WININIT.EXE, which updates files
at startup that are normally in use when Windows is running. It is
mostly used when installing programs or patches that need the
computer to be restarted to complete the install. After such a reboot,
WININIT.INI is renamed to WININIT.BAK.

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 14/1/2003, 11:56:36)

[rename]
NUL=C:\WINDOWS\TEMP\setupdl.exe

WININIT.INI is a settings file for WININIT.EXE, which updates files
at startup that are normally in use when Windows is running. It is
mostly used when installing programs or patches that need the
computer to be restarted to complete the install. After such a reboot,
WININIT.INI is renamed to WININIT.BAK.

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

Autoexec.bat is the very first file to autostart when the computer
starts, it is a leftover from DOS and older Windows versions.
Windows NT, Windows ME, Windows 2000 and Windows XP don't use this
file. It is generally used by virusscanners to scan files before
Windows starts.

--------------------------------------------------

C:\CONFIG.SYS listing:

*File is empty*

Config.sys loads device drivers for DOS, and is rarely used in
Windows versions newer than Windows 95. Originally it loaded
drivers for legacy sound cards and such.

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

@C:\WINDOWS\tmpcpyis.bat

Winstart.bat loads just before the Windows shell, and is used for
starting things like soundcard drivers, mouse drivers. Rarely used.

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off

Dosstart.bat loads if you select 'MS-DOS Prompt' from the Startup
menu when the computer is starting, or if you select 'Restart in
MS-DOS Mode' from the Shutdown menu in Windows. Mostly used for
DOS-only drivers, like sound or mouse drivers.

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

Some file extensions are always hidden, like .lnk (shortcut) and
.pif (shortcut to MS-DOS program). The Life_Stages virus was a .shs
(Shell Scrap) file that had the extension hidden by default. This can
be a security risk when a virus with a double-extension filename is
on the loose, since the extension can be hidden even when 'Don't show
extensions for known filetypes' is turned off.
The shortcut overlay acts as a reminder that the file is just a shortcut.
If the shortcut overlay is removed, the difference between a file and
a shortcut is invisible.

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

Regedit.exe is the Windows Registry Editor. Without it, you cannot
access the Registry or merge Registry scripts into the Registry.
Several viruses/trojans mess with this important system file, e.g.
moving it somewhere else or replacing it with a copy of the trojan.
Above checks will ensure that Regedit.exe is in the correct place
and that it really is Regedit.
If you have ScriptSentry installed, the .reg command
is altered and you fail the check. Don't worry
about this.

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL - {02478D28-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

MSIE features Browser Helper Objects (BHO) that plug into MSIE and
can do virtually anything on your system. Benevolant examples are
the Google Toolbar and the Acrobat Reader plugin. More often though,
BHO's are installed by spyware and serve you to a neverending flow
of popups and ads as well as tracking your browser habits, claiming
they 'enhance your browsing experience'.

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Registration reminder 3.job
Symantec NetDetect.job
Check E-mail.job
Synchronize Time.job

The Windows Task Scheduler can run programs at a certain time,
automatically. Though very unlikely, this can be exploited by
making a job that runs a virus or trojan.

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\MESSENGER\YACSCOM.DLL
CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab

[{7A32634B-029C-4836-A023-528983982A49}]
CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

[Java Plug-in 1.3.1_04]
InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab

[Java Plug-in 1.3.1_04]
InProcServer32 = C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll
CODEBASE = http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab

[SurroundVideoCtrl Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSSURVID.OCX
CODEBASE = http://encarta.msn.com/encnet/external/MSSurVid.cab

[iPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IPIXX.OCX
CODEBASE = http://www.ipix.com/download/ipixx.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Yahoo! Pool 2]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/potb_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd

[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HMATCHMT.OCX
CODEBASE = http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[LEGO Stormrunner]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://mindstorms.lego.com/stormrunner/stormrunner1-1-0.cab
OSD = C:\WINDOWS\Downloaded Program Files\LEGO Stormrunner.osd

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HRTBEAT.OCX
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37620.5523958333

[GSDACtl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\GSDA.DLL
CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

[{731918D2-517A-47E2-886A-3BC1380C591D}]
CODEBASE = http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab

[WONWebLauncher Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WONWEBLAUNCHERCONTROL.OCX
CODEBASE = http://www.flipside.com/cab/WONWebLauncherControl.cab

[{D9EC0A76-03BF-11D4-A509-0090270F86E3}]
CODEBASE = http://www.spywarelabs.com/1105030103/VBouncerOuter1105.exe

[YahooYMailTo Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll

The items in Download Program Files are programs you downloaded and
automatically installed themselves in MSIE. Most of these are Java
classes Media Player codecs and the likes. Some items are only
visible from the Registry and may not show up in the folder.

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
Protocol #1: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #4: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll

The Windows Socket system (Winsock) connects your system to the
Internet. Part of this task is resolving domain names (www.server.com)
to IP addresses (12.23.34.45) which is handler by several system
files, called Layered Service Providers (LSPs), which work as a
chain: if one LSP is gone, the chain is broken and Winsock cannot
resolve domain names - which means no program on your system can
access the Internet.

--------------------------------------------------
End of report, 32,578 bytes
Report generated in 0.545 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top