Hi again!
I don't see it in there ... but here it is:
StartupList report, 1/20/2003, 11:40:52 AM
StartupList version: 1.40.1
Started from : C:\WINDOWS\DESKTOP\NEW FOLDER\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADSGONE\ADSGONE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\STARTUPLIST.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
OmgStartup = C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
SystemTray = SysTray.Exe
LVComs = C:\WINDOWS\SYSTEM\LVComS.exe
LexStart = Lexstart.exe
LXSUPMON = C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
SchedulingAgent = mstask.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WebCamRT.exe =
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe
[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 18/1/2003, 16:28:4)
[Rename]
C:\PROGRA~1\MICROS~1\OFFICE\MSO9.DLL=C:\PROGRA~1\MICROS~1\OFFICE\TBMA1B6.TMP
C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL=C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\TBMA1D5.TMP
C:\PROGRA~1\COMMON~1\SYSTEM\MAPI\1033\95\EXSEC32.DLL=C:\PROGRA~1\COMMON~1\SYSTEM\MAPI\1033\95\TBMA243.TMP
C:\PROGRA~1\COMMON~1\SYSTEM\MAPI\1033\95\OMI9.DLL=C:\PROGRA~1\COMMON~1\SYSTEM\MAPI\1033\95\TBMA261.TMP
C:\PROGRA~1\MICROS~1\OFFICE\OUTLLIB.DLL=C:\PROGRA~1\MICROS~1\OFFICE\TBMA292.TMP
C:\PROGRA~1\MICROS~1\OFFICE\1033\OUTLLIBR.DLL=C:\PROGRA~1\MICROS~1\OFFICE\1033\TBMA2A5.TMP
C:\PROGRA~1\MICROS~1\OFFICE\OUTLOOK.EXE=C:\PROGRA~1\MICROS~1\OFFICE\TBMA2B2.TMP
C:\PROGRA~1\COMMON~1\SYSTEM\MAPI\1033\95\PSTPRX32.DLL=C:\PROGRA~1\COMMON~1\SYSTEM\MAPI\1033\95\TBMA2B5.TMP
NUL=C:\WINDOWS\TTFCACHE
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\PROGRA~1\COMMON~1\MICROS~1\MSInfo\;;C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP
--------------------------------------------------
C:\WINDOWS\WINSTART.BAT listing:
@C:\WINDOWS\tmpcpyis.bat
--------------------------------------------------
C:\WINDOWS\DOSSTART.BAT listing:
@echo off
REM Notes:
REM DOSSTART.BAT is run whenenver you choose "Restart the computer
REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
REM you to load programs that you might not want loaded in Windows,
REM (because they have functional equivalents) but that you do
REM want loaded under MS-DOS. The two primary candidates for
REM this are MSCDEX and a real mode driver for the mouse you ship
REM with your system. Commands that you want present in both Windows
REM and MS-DOS should be placed in the Autoexec.bat in the
REM \Image directory of your reference server. Please note that for
REM MSCDEX you will need to load the corresponding real-mode CD
REM driver in Config.sys. This driver won't be used by Windows 98
REM but will be available prior to and after Windows 98 exits.
REM
REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
REM before Windows loads and access the CD-ROM. All you have to do
REM is press F8 and then run DOSSTART to load MSCDEX and your real
REM mode mouse driver (no need to remember the command line parameters
REM for these two files.
REM
REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
REM - The string following the /D: statement must explicitly match
REM the string in CONFIG.SYS following your CD-ROM device driver.
REM MSCDEX.EXE /D:OEMCD001 /l:d
REM MOUSE.EXE
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Task Scheduler jobs:
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job
Norton AntiVirus - a.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
--------------------------------------------------
Enumerating Download Program Files:
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE =
http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE =
http://security2.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[AcceptLang Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SETACCEPTLANG.DLL
CODEBASE =
http://runonce.msn.com/setacceptlang.cab
[sonyctl.sonycm]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SONYCTL.DLL
CODEBASE =
http://supportcentral.sel.sony.com/sdccommon/download/sonyctl.CAB
[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
CODEBASE =
http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNPUPLD.DLL
CODEBASE =
http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
[MSN Chat Control 4.2]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT42.OCX
CODEBASE =
http://sc.communities.msn.com/controls/chat/msnchat42.cab
[Macromedia Authorware Web Player Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\AUTHORWA\AWSWAX.OCX
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\HMATCHMT.OCX
CODEBASE =
http://lw14fd.law14.hotmail.msn.com/activex/HMAtchmt.ocx
[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE =
http://download.yahoo.com/dl/installs/yinst.cab
[YahooYMailTo Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YMMAPI.DLL
CODEBASE =
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
[Cpuid Control]
InProcServer32 = C:\WINDOWS\CPUID.OCX
CODEBASE =
http://powe45.vwh.net/downloads/upgradefinder.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
[RdxIE Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
CODEBASE =
http://207.188.7.150/03a990cac734383a2716/netzip/RdxIE6.cab
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37587.4965625
[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\SYSTEM\OPUC.DLL
CODEBASE =
http://office.microsoft.com/productupdates/content/opuc.cab
[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE =
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
--------------------------------------------------
End of report, 11,822 bytes
Report generated in 0.555 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
=================
I guess it is just a wee ghost of Norton's past as you said ... kinda creeps me out not to be able to track down every little tidbit.
thanks again
Louise