Ports

[TonyKlein]

Lori,

This thread is now getting so long that I don't know what has or has not been tried, but do this:

If you're running Win95,98, or ME, download StartLog.com from this site: http://home.earthlink.net/~rmbox/Ret...d/Only_IE.html

Doubleclick it, and it will generate a text file on your desktop that will list all the applications that start in the many places when you start Windows.

We don't need to see StubPath.txt, just Startup.Log

Just go to 'Edit/select all', then copy, and paste it into your reply.

If it's too long to fit into one posting you'll need to split it into two parts, and post twice.

If this is Win 2000, NT, or XP, do this:

Go to Start/run, and type Msinfo32, followed by OK.
Go to Software Environment/Startup Programs.
Click Edit/'Select all', and then 'copy'
Now paste the contents in your post.

It wil help us troubleshoot.

Also do this:

Download BHODemon, launch the program, and tell us what BHOs it detects.


About the Black icons, if this is Win 95, 98, or ME, your Icon cache is probably corrupted.
Delete the 'ShelliconCache' file in your Windows folder.

Subsequently, reboot.
Windows will automatically recreate the file.

NOTE: You need to be able to view hidden files to see the ShellIconCache file: click Folder Options on the View menu in Windows Explorer, click the View tab, click Show All Files, and then click OK.

You can also try the 'repair icons' option in TweakUI.

Afterwards, in order to diminish the chance of the problem recurring, increase the size of your Icon cache:

Copy the following bold text to Notepad:

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer]
"Max Cached Icons"="2048"

Save as Icons.reg, doubleclick it, and have it merged into the registry.

Good luck,

[ljc1174]

Ok, I've downloaded Tweak... that was cool! icons look like they are here and full color...

But, this has restored before but has gone back to black after a reboot.

the link paul gave, i noticed something about cydoor, this has been on my pc, spybot has found it twice... what is cydoor

is there anything else i can use to detect for spyware and unwanted advertising? Gator was found again after a deletion as well...
One note, I've never downloaded Gator, bonzi buddy or any other "buddies" to my pc.
Is there any relation to these problems and JS/NOCLOSE? That virus was found about 3 weeks ago on my pc.
(I mentioned that once before but no one has said anything)

Prince... I'm on icq if you wanna go through those settings with me, if Pete doesn't beat you to it! LOL (j/j)

[ljc1174]

Thank you TonyKlein!!!

This might help... I'll post back in a few with any results... my fingers hurt!!! (i'm beginning to see muscle's with all the typing i've been doing!!!)

[TonyKlein]

Posting your startups will certainly help us troubleshoot your problems.

About Cydoor: http://www.cexx.org/cydoor.htm

[Prince_Serendip]

Hi Lori! After reading Forum Admin/Paul's posting I see I won't have to publish after all. I don't use ICQ so it would be okay if spy1 gets there first. He's also an experienced Win ME user and most certainly is qualified to advise you. It may not seem like it--we are all such individual characters here--but we actually do work as a team. Thumbs up everyone!

To snowman, Spybot does conflict with the Cleaner and another proggy that I can't find nor remember right now. I always turn everything off except Explorer before doing a scan. That's probably why you had trouble. It's a good app. Give it another chance, after you have had a good long sleep? (I can get help for you but need to know your OS. IM me.) Take care my friend.

Prince

thanks for your offer of help....however..SpyBot will never touch this os ever again.....have been backing up and preparing to re-format......no fixing this mess....may still need to purchase a new monitor.....

snowman

Prince

just letting you know.....computer wont last another hour.......got to reformat now........seeya whenever I seeya buddy


snowman

[ljc1174]

---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 08-16-2002 11:13:38.18p
__________________________________________________________________________
__________________________________________________________________________

StartUp Log for Windows 95/98 - Freeware by rmbox
__________________________________________________________________________
__________________________________________________________________________

Comments:

This is a log of all the programs on your computer that
are starting automatically every time you start Windows.
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.56) - Release Date 3/11/2002

__________________________________________________________________________
__________________________________________________________________________

StartUp Log Index

1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations

__________________________________________________________________________
__________________________________________________________________________

The following is a list of your current Start-Ups
__________________________________________________________________________
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"Hidserv"="Hidserv.exe run"
"LoadQM"="loadqm.exe"
"DXM6Patch_981116"="C:\\WINDOWS\\p_981116.exe /Q:A"
"LVComs"="C:\\WINDOWS\\SYSTEM\\LVComS.exe"
"ADUserMon"="C:\\Program Files\\Iomega\\AutoDisk\\ADUserMon.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"POINTER"="point32.exe"
"Adaptec DirectCD"="C:\\PROGRA~1\\IOMEGA~1\\DIRECTCD.EXE"
"Alogserv"="C:\\Program Files\\McAfee\\McAfee VirusScan\\alogserv.exe"
"McAfee Guardian"="\"C:\\PROGRAM FILES\\MCAFEE\\MCAFEE SHARED COMPONENTS\\GUARDIAN\\CMGRDIAN.EXE\" /SU"
"Mirabilis ICQ"="C:\\Program Files\\ICQ\\NDetect.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"CreateCD"="C:\\PROGRA~1\\IOMEGA~1\\EASYCD~1\\CREATECD\\CREATECD.EXE -r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"


==========================================================================
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /startmonitor"
"Yahoo! Pager"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\ypager.exe -quiet"


==========================================================================
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"
"ADService"="C:\\Program Files\\Iomega\\AutoDisk\\ADService.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"SchedulingAgent"="mstask.exe"
"SSDPSRV"="C:\\WINDOWS\\SYSTEM\\ssdpsrv.exe"
"*StateMgr"="C:\\WINDOWS\\System\\Restore\\StateMgr.exe"
"McAfeeVirusScanService"="C:\\Program Files\\McAfee\\McAfee VirusScan\\AVSYNMGR.EXE"
"TrueVector"="C:\\WINDOWS\\SYSTEM\\ZONELABS\\VSMON.EXE -service"


==========================================================================
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


==========================================================================
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.


These are the run and load lines in your WIN.INI file

run=

load=

[ljc1174]

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.


This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

==========================================================================
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)


These are your program startups and set paths in your autoexec.bat file


==========================================================================
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your StartUp folder

C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Works Calendar Reminders.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\PowerReg SchedulerV2.exe

==========================================================================
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your All Users StartUp folder

C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm.lnk

==========================================================================
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================-
Registry StartUp Directories
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


.....................................................................

-=======================-
Registry Shell Spawning
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================-
HKLM RunOnceEx - Registry
-=========================-


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


-=========================-
HKU (.Default) Run - Registry
-=========================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /startmonitor"
"Yahoo! Pager"="C:\\PROGRA~1\\YAHOO!\\MESSEN~1\\ypager.exe -quiet"


-==============================-
HKU (.Default) RunOnce - Registry
-==============================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


-================================-
StubPaths - Registry (Partial Listing)
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
"StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
"StubPath"=""
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\ie4uinit.exe"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

-=================-
WINSTART.BAT File - (c:\windows\winstart.bat)
-=================-

@C:\WINDOWS\tmpcpyis.bat

-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-



LH C:\PROGRA~1\MICROS~1\MOUSE\MOUSE.EXE


-=================-
WININIT.BAK File - (c:\windows\wininit.bak)
(name) (type) (size)(modified)(time)
wininit bak 47 08-16-02 2:40a
-=================-

[rename]
NUL=C:\WINDOWS\DOWNLO~1\IEGATOR.DLL
-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-


==========================================================================
__________________________________________________________________________

- Supplemental Environment Information -

PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
COMSPEC=C:\WINDOWS\COMMAND.COM
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
windir=C:\WINDOWS

File - c:\windows\Wininit.bak
File - c:\windows\deletefi.ini

==========================================================================
__________________________________________________________________________

- End -

[ljc1174]

BHODEMON:

ACROIEHELPER.OCX{06849E9F-4D59-B87D-784B7D6BE0B3}
YCOMP4,0,2.8.DLL{EF99BD21-C1FB-11D2-892F-0090271D4F88}

[ljc1174]

As far as the shell thing you told me to do, I'm kinda chicken to do that, but I'm gonna try the tweak thing first... see if that helps... but I don't remember seeing anything when I first used tweak... but i'll run it again.

Thanks I hope the two prior posts aren't showing anything bad...

[ljc1174]

Quote:

quoting: Mike Healan link=board=30;threadid=3022;start=90#20550 date=1029481217]

Quote:

Maybe a corrupted icon cache?

Download TweakUI and install it. Click on Repair and choose Repair Icons and click Repair Now. You may need to do that a couple of times.

Depending on which version of windows you have .....

For Windows 95/98/ME/2000, http://www.microsoft.com/ntworkstati.../NTTweakUI.asp

For XP Home and Pro, http://www.microsoft.com/windowsxp/p.../powertoys.asp

tweak is not opening, it's giving me the open with what program...
what happened?

and just to show;i took three pics of my screen... I think I attached the right one... this screen show my icons in the folder looking like little bombs. the pic sux but it gives you an idea. and my cons have turned black and white on my explorer bar....

[ljc1174]

Where is Mike Healan

HELPPPPPPPPPPPP!!!

ROFL

histaria has set in... my mudslides are going down quickly!!!

[Mike_Healan]

Which version did you get? There's a trick to installing the 95/98[me=Mike Healan]version.[/me]

You have to unzip it, then right click on tweak.inf and choose install, then go into the control panel to run it.

[TonyKlein]

I don't see anything nasty in your StartupLog that could cause this.

You will benefit by consulting Pacman's Startup List and unchecking unneccessary applications on the Msconfig/Startup tab (Start > Run > Msconfig).

About deleting ShellIconCache, this file will be recreated automatically when you reboot. It's just your Icon Cache, and there's nothing scary about it.
Your black icon issue is avery common issue, and this is the solution every time, so I advise you to do it.

There's 0 (zero) chance of negative side effects.

The only BHO's you have are Yahoo! Tool bar, and the Adobe Acrobat plugin. Nothing nasty there either.

[TonyKlein]

About TweakUI, if you decide to do that instead of deleting ShellIconCache (which I still think you should do), nstallation is a little different from usual:

1) Download TweakUI
2) Doubleclick TweakUI.exe.
3) Four Files are unpacked to a folder you specify.
4) Find the file TweakUI.inf, and RIGHTclick it.
5) Choose 'install' from the context menu.

Subsequently you'll find TweakUI in Control Panel.

Good luck,

[ljc1174]

ok, i'll let you know which one i do and if it works..

thanks!

[ljc1174]

Quote:

quoting: Mike Healan link=board=30;threadid=3022;start=105#20790 date=1029569735]
Which version did you get? There's a trick to installing the 95/98[me=Mike Healan]version.[/me]

You have to unzip it, then right click on tweak.inf and choose install, then go into the control panel to run it.

It downloaded to my windows temp folder and when i right clicked, it gave me open with...
There are no signs of it in the control panel.
~Lori

[TonyKlein]

You shouldn't rightclick TweakUI exe, but doubleclick it in order to start the self-extractor.

Please read what I posted again.

[ljc1174]

Ok, the first time I downloaded tweakui, it downloaded to my c:/windows/temp folder, i opened the folder, it was there... but it would not open.

so, i downloaded it again, and had the program and folder placed on my desktop, i opened the tweakui folder and it gave me the open with program when i double clicked tweakui.exe
there are four items in this folder
tweakui.cnt (CNT file)
tweakui (control panel extension)
tweakui (help file)
tweakui (setup information)

yes, further help is needed, i'm doing what you said, but it's not working for me.

[TonyKlein]

Rightclick TweakUI.inf, and choose 'install'.

If you're not finding TweakUI.inf, but just TweakUI, do this:

Go to Windows Explorer > View > Folder Options > View, and make sure "Hide file extensions for known file types" is unchecked.

BTW, you know there's an alternative, don't you?

Delete ShellIconCache, reboot, and your icons will most probably be back to normal.

[ljc1174]

ok, i'm doing that... (delete thingy)

i'll post back and let ya know.

will this stop Internet Explorer from opening as downloadalot?

[TonyKlein]

Nope, this is only to get rid of your black icons.

Here's the relevant MS article:

Icons Displayed Incorrectly in Control Panel or on the desktop

I now see that MS says to delete ShellIconCache in Safe Mode.

Hmmm, I've always done it with Windows running, and I've never heard of cases where that didn't work.

Just delete the file.

[ljc1174]

Well, I deleted the file, it gave me a hard time when rebooting... I had to reboot three times, and after going back into my windows folder to add that cache code to up the size, the shelliconcache is no where in sight...

I didn't see your post about the safe mode, until now...

But, my icons seem to be ok, for the moment!

[TonyKlein]

In order to 'up the size' you don't need to go into the Windows Folder, if you read carefully what I posted.

That's a registry script, and it's added to the Registry.

You won't find the results among the files and folders on your drive.

I'm glad to hear your icons are back to normal, though.