1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

unknown item in stsrtup

Discussion in 'Earlier Versions of Windows' started by bboop, Jan 23, 2002.

Thread Status:
Not open for further replies.
Advertisement
  1. bboop

    bboop Thread Starter

    Joined:
    Jan 17, 2002
    Messages:
    107
    when I run msconfig ,in my startup folder It has webinstall2 can't find anything on this , out beside it reads INS9IB5.TMP/R/A. I looked in temp. folder could'nt find it. Any ideas? Also Newdot~1.dll do I need this to startup
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    It sounds like you have stuff there that shouldn't be -- both "legitmate", but undesirable, and just plain illegitimate.

    We need to take a very full look at what you have loading and running at startup before offereing specific advice.

    I'd suggest two things for starters.

    1-- run a complete antivirus scan if you haven't done one recently. You can do an online scan here:

    http://housecall.antivirus.com/pc_housecall/

    2 -- after running the scan and having it do what it can to eliminate undesirables, go to the site below and download a copy of the Startuplog.zip. Unzip it and run Startuplog.com. It will place a copy of Startuplog.txt on your desktop. Copy and paste the full contents of that (not stubbpaths.txt) in your next reply.

    http://home.earthlink.net/~rmbox/Reticulated/Toys.html
     
  3. bestshotdude

    bestshotdude

    Joined:
    Dec 26, 2001
    Messages:
    92
    Try this too. Start-Programs-Accessories-System Tools-System Information then click on the + for Software Environment on the left window and select Startup. This will give you a listing of all programs that are currently loading at the time Windows starts. You can drag the column that has the description of the program as far as you need to see just what it is that the programs are. If you see a lot of things you don't need, like scanners, printers even anti-virus programs that you can choose to run after start up from the programs listing they can be safely removed by running "msconfig" and unchecking the box. Unless you have a cable or DSL connection. Then leave the anti-virus active. Hope this helps.
     
  4. bboop

    bboop Thread Starter

    Joined:
    Jan 17, 2002
    Messages:
    107
    Here is a list of startup. I do have dsl .
    ---------- C:\WINDOWS\desktop\StartUp.Log

    Start-Ups checked at 01-24-2002 3:35:53.95p
    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log for Windows 95/98 - Freeware by rmbox
    __________________________________________________________________________
    __________________________________________________________________________

    Comments:

    This is a log of all the programs on your computer that
    are starting automatically every time you start Windows.
    Using this log can be a quick way to spot trojans.

    StartUp Log (version 1.54) - Release Date 12/12/2001

    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log Index

    1. HKLM Run
    2. HKCU Run
    3. HKLM RunOnce
    4. HKCU RunOnce
    5. HKLM RunServices
    6. HKLM RunServicesOnce
    7. WIN.INI file
    8. SYSTEM.INI file
    9. AUTOEXEC.BAT file
    10. StartUp folder
    11. All Users StartUp
    12. Misc. StartUp Configurations

    __________________________________________________________________________
    __________________________________________________________________________

    The following is a list of your current Start-Ups
    __________________________________________________________________________
    __________________________________________________________________________

    1. HKLM Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ScanRegistry"="c:\\windows\\scanregw.exe /autorun"
    "TaskMonitor"="c:\\windows\\taskmon.exe"
    "SystemTray"="SysTray.Exe"
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "NAV DefAlert"="C:\\PROGRA~1\\NORTON~1\\DEFALERT.EXE"
    "Norton Auto-Protect"="C:\\PROGRA~1\\NORTON~1\\NAVAPW32.EXE /LOADQUIET"
    "POINTER"="point32.exe"
    "Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
    "LoadQM"="loadqm.exe"
    "CriticalUpdate"="c:\\windows\\SYSTEM\\wucrtupd.exe -startup"
    "StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\stimon.exe"
    "WebInstall2"="C:\\WINDOWS\\TEMP\\INS91B5.TMP /R /A"
    "FileScan"=""
    "Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"


    ==========================================================================
    __________________________________________________________________________

    2. HKCU Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]


    ==========================================================================
    __________________________________________________________________________

    3. HKLM RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    4. HKCU RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    5. HKLM RunServices - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "TrueVector"="C:\\WINDOWS\\SYSTEM\\ZONELABS\\VSMON.EXE -service"
    "MiniLog"="C:\\WINDOWS\\SYSTEM\\ZONELABS\\MINILOG.EXE -service"


    ==========================================================================
    __________________________________________________________________________

    6. HKLM RunServicesOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


    ==========================================================================
    __________________________________________________________________________

    7. WIN.INI File - (c:\windows\win.ini)

    Your win.ini run/load lines should look like run= and load= exclusively.
    There should be nothing to the right of the equal signs.


    These are the run and load lines in your WIN.INI file

    run=

    load=

    ==========================================================================
    __________________________________________________________________________

    8. SYSTEM.INI File - (c:\windows\system.ini)

    Your system.ini shell line should look like shell=Explorer.exe exclusively.
    You should only see Explorer.exe following the equal sign.


    This is the shell line in your SYSTEM.INI file

    shell=Explorer.exe

    ==========================================================================
    __________________________________________________________________________

    9. AUTOEXEC.BAT File - (c:\autoexec.bat)

    (Some trojans have been known to start from this file)


    These are your program startups and set paths in your autoexec.bat file

    REM [Header]

    REM [CD-ROM Drive]

    REM [Miscellaneous]

    REM [Display]

    REM [Sound, MIDI, or Video Capture Card]

    REM [Mouse]


    ==========================================================================
    __________________________________________________________________________

    10. StartUp Folder - (c:\windows\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your StartUp folder

    C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk

    ==========================================================================
    __________________________________________________________________________

    11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your All Users StartUp folder

    C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm.lnk

    ==========================================================================
    __________________________________________________________________________

    12. Miscellaneous StartUp Configurations

    -============================-
    Registry StartUp Directories
    -============================-

    Should show the Start Menu StartUp and All Users StartUp directories

    .....................................................................

    [1] HKCU - Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    "Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [2] HKCU - User Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


    .....................................................................

    [3] HKLM - Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

    "Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [4] HKLM - User Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


    .....................................................................

    -=======================-
    Registry Shell Spawning
    -=======================-

    Open Commands for Executable File Types

    @="\"%1\" %*"
    (.exe file - RegPath = HKCR\exefile\shell\open\command)

    @="\"%1\" %*"
    (.com file - RegPath = HKCR\comfile\shell\open\command)

    @="\"%1\" /S"
    (.scr file - RegPath = HKCR\scrfile\shell\open\command)

    @="\"%1\" %*"
    (.bat file - RegPath = HKCR\batfile\shell\open\command)

    @="\"%1\" %*"
    (.pif file - RegPath = HKCR\piffile\shell\open\command)

    @="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
    (.hta file - RegPath = HKCR\htafile\shell\open\command)

    -=========================-
    HKLM RunOnceEx - Registry
    -=========================-


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


    -=========================-
    HKU (.Default) Run - Registry
    -=========================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]


    -==============================-
    HKU (.Default) RunOnce - Registry
    -==============================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    -================================-
    StubPaths - Registry (Partial Listing)
    -================================-

    (Please see the StubPath.txt on your desktop for complete listing)

    HKLM\Software\Microsoft\Active Setup\Installed Components


    "OldStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
    "RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
    "StubPath"="c:\\windows\\msnmgsr1.exe"
    "StubPath"=""
    "StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L"
    "OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
    "RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
    "OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
    "RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
    "StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

    -=================-
    DOSSTART.BAT File - (c:\windows\dosstart.bat)
    -=================-

    @echo off

    REM Notes:
    REM DOSSTART.BAT is run whenenver you choose "Restart the computer
    REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
    REM you to load programs that you might not want loaded in Windows,
    REM (because they have functional equivalents) but that you do
    REM want loaded under MS-DOS. The two primary candidates for
    REM this are MSCDEX and a real mode driver for the mouse you ship
    REM with your system. Commands that you want present in both Windows
    REM and MS-DOS should be placed in the Autoexec.bat in the
    REM \Image directory of your reference server. Please note that for
    REM MSCDEX you will need to load the corresponding real-mode CD
    REM driver in Config.sys. This driver won't be used by Windows 98
    REM but will be available prior to and after Windows 98 exits.
    REM
    REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
    REM before Windows loads and access the CD-ROM. All you have to do
    REM is press F8 and then run DOSSTART to load MSCDEX and your real
    REM mode mouse driver (no need to remember the command line parameters
    REM for these two files.
    REM
    REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
    REM - The string following the /D: statement must explicitly match
    REM the string in CONFIG.SYS following your CD-ROM device driver.

    REM MSCDEX.EXE /D:OEMCD001 /l:d
    REM MOUSE.EXE


    LH C:\PROGRA~1\MICROS~1\MOUSE\MOUSE.EXE

    -=====================-
    Screen Saver Settings (Possible system.ini start-up)
    -=====================-

    SCRNSAVE.EXE=C:\WINDOWS\WEBSHOTS.SCR

    ==========================================================================
    __________________________________________________________________________

    - Supplemental Environment Information -

    TMP=c:\windows\TEMP
    TEMP=C:\windows\TEMP
    winbootdir=C:\WINDOWS
    PATH=C:\WINDOWS;c:\windows;c:\windows\COMMAND
    COMSPEC=C:\WINDOWS\COMMAND.COM
    windir=C:\WINDOWS

    File - c:\windows\Wininit.ini
    File - c:\windows\deletefi.ini

    ==========================================================================
    __________________________________________________________________________

    - End -
    have dsl
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Startup profile looks fairly clean. Just a couple of strange items there:

    "WebInstall2"="C:\\WINDOWS\\TEMP\\INS91B5.TMP /R /A"
    "FileScan"=""

    I don't see newdot so I guess you must have unchecked it. Run msconfig and do the same for the two items above. Then reboot and go to Add/Remove programs and look for NEW.NET. We want to remove this. After doing it, restart and let me know how things are going. I'll tell you how to remove the unchecked entries from msconfig permanently.


    http://www.new.net/help_faq.tp#p4
    http://www.cexx.org/newnet.htm
     
  6. bboop

    bboop Thread Starter

    Joined:
    Jan 17, 2002
    Messages:
    107
    Thanks for the help . I did all that ,rebooted everything seems to have loaded find except task sch. icon , but thats ok I do all that stuff myself . I did uncheck newdot earlier. also miccrosoft update keeps putting itself there I've unchecked it several times .ok I think I'm ready to remove them from msconfig.
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Okedoke. Go to start and run regedit

    Click in order:

    + HKey_Local_Machine
    + Software
    + Microsoft
    + Windows
    + CurrentVersion

    RUN-

    Run- is the folder where you will see any items you have UNchecked in Msconfig. You can right click on the entries in the RIGHT hand pane and delete them.

    You will be looking for:

    "WebInstall2"="C:\\WINDOWS\\TEMP\\INS91B5.TMP /R /A"
    "FileScan"=""

    and possibly Newdotnet which may not have been removed by the uninstall.

    Don't remove anything else unless you are sure you don't want to reenable it at some time.
     
  8. bboop

    bboop Thread Starter

    Joined:
    Jan 17, 2002
    Messages:
    107
    Ok, I did that .then I restarted when the password box came up I clicked on cancel and it locked up . my heart sk skipped a beat . so rebooted seems fine now. Thanks a lot for your help and time.:)
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/66149

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice