[Resolved] Dial up scripting issue

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

FZWG

Thread Starter
Joined
Dec 17, 2000
Messages
974
Appreciate some assistance.

Whenever this PC loads up W98SE, a Dial up Scripting prompt shows up on the screen right after the desktop comes up. The prompt only appears shortly, appears to update, etc.

Any ideas what could be causing this?
 
Joined
Feb 13, 1999
Messages
8,974
I would guess it is in your startup items. Select Start, Run, and type: MSCONFIG and select OK. Select the Startup tab and look for the script option and uncheck it. If you uncheck the wrong one you can recheck it and try again.
 

FZWG

Thread Starter
Joined
Dec 17, 2000
Messages
974
Dan O,

Thank you for your reply.

Unchecked something called: icwscrps

The prompt did not come up when the PC was restarted.

However, ended up with some sort of screensaver that says "OpenGL" floating in a black background. It only happened for a few seconds, and then it went away. It does come back every time the PC restarts.

Any ideas on that one?
 
Joined
Dec 9, 2000
Messages
45,855
Is this the computer which was infected with the magistr virus?

The file icwscrps.exe is a renamed icwscrpt.exe. Whether it has been cleaned and is now simply the original Windows file with a new name is open to question. You may have other remnants. They scan as clean but simply do not belong where they are.

If you post the Startuplog we can see what you have going:

http://home.earthlink.net/~rmbox/Reticulated/Toys.html
 

FZWG

Thread Starter
Joined
Dec 17, 2000
Messages
974
Rollin' Rog,

Thank you for your reply.

The problem posted does happen with the pc that was infected with Magistr.

Will download Startuplog from the link you offered to the pc in question and will post it back with the results.

Once again, thanks for the help.
 
Joined
Dec 9, 2000
Messages
45,855
You're welcome FZWG; usually with magistr, these are files left in the startup config that don't seem to represent a threat other than being in the wrong place at the wrong time. It's usually pretty obvious what they are when we see the log.

Just run the startuplog.com file -- it will create a startuplog.txt file on the desktop. You can copy/paste that here. The stubbpaths.txt is not needed.
 

FZWG

Thread Starter
Joined
Dec 17, 2000
Messages
974
Here it goes!!

Guess you know how to make sense out of all of this. I sure don't!! This PC is sure a mess, all sorts of weird stuff happening.

---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 11-15-2001 8:58:28.65p
__________________________________________________________________________
__________________________________________________________________________

StartUp Log for Windows 95/98 - Freeware by rmbox
__________________________________________________________________________
__________________________________________________________________________

Comments:

This is a log of all the programs on your computer that
are starting automatically every time you start Windows.
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.53) - Release Date 8/19/2001

__________________________________________________________________________
__________________________________________________________________________

StartUp Log Index

1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations

__________________________________________________________________________
__________________________________________________________________________

The following is a list of your current Start-Ups
__________________________________________________________________________
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"CDInterceptor"="cdi.exe"
"Launcher"="relaunch.exe"
"TBTray"="tbtray.exe"
"SxgTkBar"="SxgTkBar.exe"
"LoadQM"="loadqm.exe"
"AtiCwd32"="Aticwd32.exe"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"STIMOM"="C:\\WINDOWS\\SYSTEM\\STIMOM.EXE"
"3D Texs"="C:\\WINDOWS\\SYSTEM\\3D Texs.scr"
"Basebalk"="C:\\WINDOWS\\SYSTEM\\Basebalk.scr"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"PCCIOMON.EXE"="\"C:\\Program Files\\Trend PC-cillin 2000\\PCCIOMON.EXE\""
"pop3trap.exe"="\"C:\\Program Files\\Trend PC-cillin 2000\\pop3trap.exe\""
"WebTrap.exe"="\"C:\\Program Files\\Trend PC-cillin 2000\\WebTrap.exe\""
"MSWheel"=""
"EXSHOW95.EXE"="EXSHOW95.EXE"
"Norton Auto-Protect"="C:\\PROGRA~1\\NORTON~1\\NORTON~2\\NAVAPW32.EXE /LOADQUIET"
"Norton CrashGuard Monitor"="\"C:\\PROGRAM FILES\\NORTON SYSTEMWORKS\\NORTON CRASHGUARD\\CGMenu.EXE\""
"Norton eMail Protect"="C:\\PROGRAM FILES\\NORTON SYSTEMWORKS\\NORTON ANTIVIRUS\\POProxy.exe"
"icwscrps"="C:\\WINDOWS\\SYSTEM\\icwscrps.exe"


==========================================================================
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\\Program Files\\Messenger\\msmsgs.exe /background"


==========================================================================
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"PCCIOMON.EXE"="\"C:\\Program Files\\Trend PC-cillin 2000\\PCCIOMON.EXE\""
"CSINJECT.EXE"="C:\\Program Files\\Norton SystemWorks\\Norton CleanSweep\\CSINJECT.EXE"
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe \"Norton SystemWorks\""


==========================================================================
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


==========================================================================
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.


These are the run and load lines in your WIN.INI file

run=

load=

==========================================================================
__________________________________________________________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.


This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

==========================================================================
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)


These are your program startups and set paths in your autoexec.bat file

C:\PROGRA~1\TRENDP~1\PCSCAN.EXE C:\ C:\WINDOWS\COMMAND\ /NS /WIN95
SET PATH=%PATH%;C:\WINDOWS\Twain_32\Scanwiz

==========================================================================
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your StartUp folder

C:\WINDOWS\Start Menu\Programs\StartUp\Rain.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Norton System Doctor.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\CleanSweep Smart Sweep-Internet Sweep.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\MSN Internet Access.lnk

==========================================================================
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your All Users StartUp folder


*(No start-ups found)*

==========================================================================
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================-
Registry StartUp Directories
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


.....................................................................

-=======================-
Registry Shell Spawning
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================-
HKLM RunOnceEx - Registry
-=========================-


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


-====================-
StubPaths - Registry (Partial Listing)
-====================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"OldStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
"StubPath"=""
"StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-

C:\essolo.com

IF EXIST C:\TBRDINIT.BAT CALL C:\TBRDINIT.BAT

-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-

SCRNSAVE.EXE=C:\WINDOWS\WEBSHOTS.SCR

==========================================================================
__________________________________________________________________________

- Supplemental Environment Information -

TMP=C:\WINDOWS\TEMP
TEMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
COMSPEC=C:\WINDOWS\COMMAND.COM
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\TWAIN_32\SCANWIZ
windir=C:\WINDOWS

File - c:\windows\deletefi.ini

==========================================================================
__________________________________________________________________________

- End -
 

FZWG

Thread Starter
Joined
Dec 17, 2000
Messages
974
Originally posted by FZWG
Here it goes!!

Guess you know how to make sense out of all of this. I sure don't!! This PC is sure a mess, all sorts of weird stuff happening.

---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 11-15-2001 8:58:28.65p
__________________________________________________________________________
__________________________________________________________________________

StartUp Log for Windows 95/98 - Freeware by rmbox
__________________________________________________________________________
__________________________________________________________________________

Comments:

This is a log of all the programs on your computer that
are starting automatically every time you start Windows.
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.53) - Release Date 8/19/2001

__________________________________________________________________________
__________________________________________________________________________

StartUp Log Index

1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations

__________________________________________________________________________
__________________________________________________________________________

The following is a list of your current Start-Ups
__________________________________________________________________________
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"CDInterceptor"="cdi.exe"
"Launcher"="relaunch.exe"
"TBTray"="tbtray.exe"
"SxgTkBar"="SxgTkBar.exe"
"LoadQM"="loadqm.exe"
"AtiCwd32"="Aticwd32.exe"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"STIMOM"="C:\\WINDOWS\\SYSTEM\\STIMOM.EXE"
"3D Texs"="C:\\WINDOWS\\SYSTEM\\3D Texs.scr"
"Basebalk"="C:\\WINDOWS\\SYSTEM\\Basebalk.scr"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"PCCIOMON.EXE"="\"C:\\Program Files\\Trend PC-cillin 2000\\PCCIOMON.EXE\""
"pop3trap.exe"="\"C:\\Program Files\\Trend PC-cillin 2000\\pop3trap.exe\""
"WebTrap.exe"="\"C:\\Program Files\\Trend PC-cillin 2000\\WebTrap.exe\""
"MSWheel"=""
"EXSHOW95.EXE"="EXSHOW95.EXE"
"Norton Auto-Protect"="C:\\PROGRA~1\\NORTON~1\\NORTON~2\\NAVAPW32.EXE /LOADQUIET"
"Norton CrashGuard Monitor"="\"C:\\PROGRAM FILES\\NORTON SYSTEMWORKS\\NORTON CRASHGUARD\\CGMenu.EXE\""
"Norton eMail Protect"="C:\\PROGRAM FILES\\NORTON SYSTEMWORKS\\NORTON ANTIVIRUS\\POProxy.exe"
"icwscrps"="C:\\WINDOWS\\SYSTEM\\icwscrps.exe"


==========================================================================
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\\Program Files\\Messenger\\msmsgs.exe /background"


==========================================================================
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"PCCIOMON.EXE"="\"C:\\Program Files\\Trend PC-cillin 2000\\PCCIOMON.EXE\""
"CSINJECT.EXE"="C:\\Program Files\\Norton SystemWorks\\Norton CleanSweep\\CSINJECT.EXE"
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe \"Norton SystemWorks\""


==========================================================================
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


==========================================================================
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.


These are the run and load lines in your WIN.INI file

run=

load=

==========================================================================
__________________________________________________________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.


This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

==========================================================================
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)


These are your program startups and set paths in your autoexec.bat file

C:\PROGRA~1\TRENDP~1\PCSCAN.EXE C:\ C:\WINDOWS\COMMAND\ /NS /WIN95
SET PATH=%PATH%;C:\WINDOWS\Twain_32\Scanwiz

==========================================================================
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your StartUp folder

C:\WINDOWS\Start Menu\Programs\StartUp\Rain.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Norton System Doctor.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\CleanSweep Smart Sweep-Internet Sweep.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\MSN Internet Access.lnk

==========================================================================
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your All Users StartUp folder


*(No start-ups found)*

==========================================================================
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================-
Registry StartUp Directories
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


.....................................................................

-=======================-
Registry Shell Spawning
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================-
HKLM RunOnceEx - Registry
-=========================-


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


-====================-
StubPaths - Registry (Partial Listing)
-====================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"OldStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
"StubPath"=""
"StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-

C:\essolo.com

IF EXIST C:\TBRDINIT.BAT CALL C:\TBRDINIT.BAT

-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-

SCRNSAVE.EXE=C:\WINDOWS\WEBSHOTS.SCR

==========================================================================
__________________________________________________________________________

- Supplemental Environment Information -

TMP=C:\WINDOWS\TEMP
TEMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
COMSPEC=C:\WINDOWS\COMMAND.COM
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\TWAIN_32\SCANWIZ
windir=C:\WINDOWS

File - c:\windows\deletefi.ini

==========================================================================
__________________________________________________________________________

- End -
To do is to be. To be is to do. To do is to do.
 
Joined
Dec 9, 2000
Messages
45,855
Ok, to eliminate the entry from msconfig all together, go to start and run regedit

>> navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run

or RUN- if you have this UNchecked in msconfig

>> with the RUN(-) key highlighted, in the right hand pane, right click on and delete:

"icwscrps"="C:\\WINDOWS\\SYSTEM\\icwscrps.exe"

>> Now you have 2 screen savers running, if you want to eliminate them entirely (as opposed to just unchecking them in msconfig), you can also right click on and delete (in the RUN key):

"3D Texs"="C:\\WINDOWS\\SYSTEM\\3D Texs.scr"

"Basebalk"="C:\\WINDOWS\\SYSTEM\\Basebalk.scr"


(the .scr extension indicates a screen saver, some of these may be viral rather than real screen savers, as an .scr extension is an executable program. If you aren't sure about them I would definitely delete them)

Once you have edited the registry, you should shut down, wait about 15 seconds to make sure nothing remains in memory, then restart.

>> after restarting, you can go to your c:\windows\system directory and delete the specific files you have eliminated from startup. Note the names carefully.

Just to satisfy my curiousity, though, before you delete icwscrps.exe, could you right click on it, select properties>version, and note the file size? I'm wondering whether it matches the original.
 

FZWG

Thread Starter
Joined
Dec 17, 2000
Messages
974
Rollin' Rog,

That was a good deal. Got rid of a couple of problems with your guidance. Those extra screen savers were raising havoc when the pc started. Now the strange stuff is gone.

On the icwscrps.exe file, the size reads: 147KB (151,040 bytes) 163,840 bytes used. Would like to ask, why is the last number (163,840) larger than the size of the file?

The only problem left to tackle on the pc in question is Internet Explorer and Outlook Express strange behaviors. Going to ask MSN first and see what they have to offer.

Thanks again for the help.
 
Joined
Dec 9, 2000
Messages
45,855
Great. Seems like the file size is exactly the same as the original, so I'm still going to go on the presumption that this file was "cleaned" somewhere along the line.

The reason the "used" bytes are more than the file size itself is because the hard drive is divided up in to "clusters" -- these wll vary according to the size of the drive itself and can be from 4kb to 32kb each (for a very large drive). If any portion of a cluster is used, the "whole" cluster is considered used.

In this case it looks like you have 16kb cluster sizes (indicating a HD of greater than 16gig but less than 32gig) and 3.2kb of one of those clusters were actually used but requiring an additional 12800 bytes to be reserved to fill out the 16kb.

Hope I did my math right.
 

FZWG

Thread Starter
Joined
Dec 17, 2000
Messages
974
Have a 20GB HD, so you got that one right.

On the file size, now I understand why the last number was larger. Makes sense.

Also, had some good luck solving some MSN connection problems that appeared with the virus infection. PC is working good, so far. Problems are getting worked out.

Thanks for the help.

Have a good weekend and a great Thanksgiving day.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top