1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I get an error message at Startup...missing file.info32.exe

Discussion in 'Virus & Other Malware Removal' started by sino, Oct 9, 2003.

Thread Status:
Not open for further replies.
  1. sino

    sino Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    3
    I am also experiencing the same problem with my startup. I have included the following from the startup list.txt that was provided.

    StartupList report, 10.09.2003, 4:57:10 PM
    StartupList version: 1.52
    Started from : C:\UNZIPPED\STARTUPLIST\STARTUPLIST.EXE
    Detected: Windows 95 B (Win9x 4.00.1212)
    Detected: Internet Explorer v5.00 (5.00.2919.6304)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\LOADWC.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\XUPITER\XUPITERSTARTUP2003.EXE
    C:\PROGRAM FILES\XUPITER\XTCFGLOADER.EXE
    C:\COREL\SUITE8\PROGRAMS\DAD8.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\UNZIPPED\STARTUPLIST\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SystemTray = SysTray.Exe
    BrowserWebCheck = loadwc.exe
    xDownloader = C:\America Online 6.0\download\LNDOWNLOADER[1].EXE
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    SchedulingAgent = mstinit.exe /logon
    XupiterStartup = C:\Program Files\Xupiter\XupiterStartup2003.exe
    XupiterCfgLoader = C:\Program Files\Xupiter\XTCfgLoader.exe
    Tapicfg.exe = \tapicfg.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    SchedulingAgent = mstask.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=info32.exe hpfsched

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 31/8/2003, 20:49:50)

    [Rename]
    NUL=C:\WINDOWS\TEMP\A~NSISU_.EXE

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_2_3_0.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\INCRED~1\BHO\BHO.DLL - {269B6797-664E-48AA-B283-B012BDF6E525}

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [Yahoo! Companion]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_2_3_0.DLL
    CODEBASE = http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_2_3_0.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 4,211 bytes
    Report generated in 1.116 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Sino, you have an Xupiter infection. You should be able to remove it by installing, UPDATING, and running Spybot, following directions here. Be sure to reboot afterwards.

    http://tomcoyote.org/SPYBOT/index1.html

    You may also need to run the CoolwebShredder as you have been hijacked by it as well:

    http://www.spywareinfo.com/~merijn/files/cwshredder.zip

    For good measure you might want to try Ad-Aware :

    Ad-Aware Home Page and Ad-Aware 6: Reference Guide by Winchester73

    I'm going to split this off so you have your own thread. We prefer that to "piggybacks"

    Welcome to TSG...

    Also, when done, post a HijackThis Scanlog instead:

    http://www.tomcoyote.org/hjt/

    If you get a missing msvbm60 error when trying to run it, you will need to install updated VB runtime files

    http://support.microsoft.com/default.aspx?kbid=290887
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/170849

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice