Tech Support Forum - View Single Post

sherm · 07-16-2005, 10:07 AM

StartDreck log:

StartDreck (build 2.1.7 public stable) - 2005-07-16 @ 12:05:39 (GMT -04:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Chad at CHAD

»Registry
»Run Keys
»Current User
»Run
+AutorunsDisabled
*LogitechSoftwareUpdate="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
»RunOnce
+Setup
»Default User
»Run
*Usrr=C:\Program Files\etea\rpen.exe
»RunOnce
»Local Machine
»Run
*nwiz=nwiz.exe /install
*ShStatEXE="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
*McAfeeUpdaterUI="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
*ATIPTA=C:\WINDOWS\ATIPTAXX.EXE
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot\blindman.exe" %1
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
»Internet Explorer
»Current User
*Default_Search_URL=http://search.msn.com
*Local Page=C:\WINDOWS\SYSTEM32\blank.htm
*Search Bar=http://www.google.com/ie
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.google.com/
+SearchUrl
*provider=
+g
*=http://www.google.com/search?hl=en&lr=&q=%s
* =+
*+=%2B
*%=%25
*&=%26
*#=%23
»Default User
*Default_Search_URL=http://home.microsoft.com/search/lobby/search.asp
*Search Bar=http://home.microsoft.com/search/lobby/search.asp
*Start Page=http://www.emachines.com
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»Local Machine
*Default_Page_URL=http://www.emachines.com
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Bar=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.google.com
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*0aMCPClient={F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
`InprocServer32=
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
*UPnPMonitor={e57ce738-33e8-4c51-8354-bb4de9d215d1}
`InprocServer32=C:\WINDOWS\system32\upnpui.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=explorer.exe
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Chad\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\Chad\Start Menu\Programs\Startup\AutorunsDisabled\TClock2.lnk
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL = C:\DOCUME~1\Chad\LOCALS~1\Temp\topmins1.exe
*C:\WINDOWS\system32\drivers\etc\hosts
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\Ntrights.exe
*C:\Program Files\Windows Resource Kits\Tools\ntrights.exe
+C:\WINDOWS\system32\regini.exe
*C:\Program Files\Windows Resource Kits\Tools\regini.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
+C:\WINDOWS\_default.pif
*C:\WINDOWS\_default.pif
+C:\WINDOWS\alcrmv.exe
*C:\WINDOWS\alcrmv.exe
+C:\WINDOWS\alcupd.exe
*C:\WINDOWS\alcupd.exe
+C:\WINDOWS\AolCInUn.exe
*C:\WINDOWS\AolCInUn.exe
+C:\WINDOWS\atiadaxx.exe
*C:\WINDOWS\atiadaxx.exe
+C:\WINDOWS\atiiprxx.exe
*C:\Program Files\ATI Technologies\ATI Control Panel\atiiprxx.exe
*C:\WINDOWS\atiiprxx.exe
+C:\WINDOWS\atiphexx.exe
*C:\Program Files\ATI Technologies\ATI Control Panel\atiphexx.exe
*C:\WINDOWS\atiphexx.exe
+C:\WINDOWS\atiprbxx.exe
*C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe
*C:\WINDOWS\atiprbxx.exe
+C:\WINDOWS\atiptaxx.exe
*C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
*C:\WINDOWS\atiptaxx.exe
+C:\WINDOWS\explorer.exe
*C:\WINDOWS\explorer.exe
+C:\WINDOWS\explorer_original.exe
*C:\WINDOWS\explorer_original.exe
+C:\WINDOWS\hh.exe
*C:\WINDOWS\hh.exe
+C:\WINDOWS\ieuninst.exe
*C:\WINDOWS\ieuninst.exe
+C:\WINDOWS\InstIt.exe
*C:\WINDOWS\InstIt.exe
+C:\WINDOWS\IsUninst.exe
*C:\WINDOWS\IsUninst.exe
+C:\WINDOWS\mattie54.exe
*C:\WINDOWS\mattie54.exe
+C:\WINDOWS\mHotkey.exe
*C:\WINDOWS\mHotkey.exe
+C:\WINDOWS\MSDEVRC.exe
*C:\WINDOWS\MSDEVRC.exe
+C:\WINDOWS\muninst.exe
*C:\WINDOWS\muninst.exe
+C:\WINDOWS\nzmlymw.exe
*C:\WINDOWS\nzmlymw.exe
+C:\WINDOWS\oeuninst.exe
*C:\WINDOWS\oeuninst.exe
+C:\WINDOWS\PATCH.EXE
*C:\WINDOWS\PATCH.EXE
+C:\WINDOWS\regedit.exe
*C:\WINDOWS\regedit.exe
+C:\WINDOWS\ru.exe
*C:\WINDOWS\ru.exe
+C:\WINDOWS\runtsckl.exe
*C:\WINDOWS\runtsckl.exe
+C:\WINDOWS\setdebug.exe
*C:\WINDOWS\setdebug.exe
+C:\WINDOWS\SOUNDMAN.EXE
*C:\WINDOWS\SOUNDMAN.EXE
+C:\WINDOWS\tsc.exe
*C:\WINDOWS\tsc.exe
+C:\WINDOWS\twunk_16.exe
*C:\WINDOWS\twunk_16.exe
+C:\WINDOWS\twunk_32.exe
*C:\WINDOWS\twunk_32.exe
+C:\WINDOWS\UnGins.exe
*C:\WINDOWS\UnGins.exe
+C:\WINDOWS\UniFish3.exe
*C:\WINDOWS\UniFish3.exe
+C:\WINDOWS\uninst.exe
*C:\WINDOWS\uninst.exe
+C:\WINDOWS\UninstallFirefox.exe
*C:\WINDOWS\UninstallFirefox.exe
+C:\WINDOWS\UnInstallX.exe
*C:\WINDOWS\UnInstallX.exe
+C:\WINDOWS\unvise32qt.exe
*C:\WINDOWS\unvise32qt.exe
+C:\WINDOWS\winhelp.exe
*C:\WINDOWS\winhelp.exe
+C:\WINDOWS\wmback.exe
*C:\WINDOWS\wmback.exe
+C:\WINDOWS\NewFolder.vbs
*C:\WINDOWS\NewFolder.vbs
+C:\Program Files\Windows Resource Kits\Tools\tcmon.exe
*C:\Program Files\Windows Resource Kits\Tools\tcmon.bat
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+380=\SystemRoot\System32\smss.exe
+664=\??\C:\WINDOWS\system32\csrss.exe
+688=\??\C:\WINDOWS\system32\winlogon.exe
+732=C:\WINDOWS\system32\services.exe
+744=C:\WINDOWS\system32\lsass.exe
+888=C:\WINDOWS\system32\svchost.exe
+944=C:\WINDOWS\system32\svchost.exe
+980=C:\WINDOWS\System32\svchost.exe
+1028=C:\WINDOWS\System32\svchost.exe
+1344=C:\WINDOWS\system32\spoolsv.exe
+1416=C:\Program Files\ewido\security suite\ewidoctrl.exe
+1440=C:\Program Files\Network Associates\VirusScan\mcshield.exe
+1472=C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
+1624=C:\WINDOWS\System32\svchost.exe
+1684=C:\WINDOWS\system32\wdfmgr.exe
+1916=C:\WINDOWS\System32\alg.exe
+1408=C:\WINDOWS\Explorer.EXE
+1964=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
+1976=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
+1996=C:\WINDOWS\ATIPTAXX.EXE
+708=C:\Program Files\etea\rpen.exe
+2844=C:\Program Files\Aim\Aim 2\aim.exe
+3324=C:\Program Files\Winamp\winamp.exe
+2412=C:\Program Files\Soulseek\slsk.exe
+2540=C:\Program Files\Mozilla Firefox\firefox.exe
+528=C:\Documents and Settings\Chad\Desktop\startdreck\StartDreck.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

As for the AIM 2 program, it is actually just AIM. I have two different versions installed and I put the second in the AIM 2 folder.

07-16-2005, 10:07 AM	#17 (permalink)
sherm Registered User Join Date: Jul 2005 Posts: 11 OS: XP	StartDreck log: StartDreck (build 2.1.7 public stable) - 2005-07-16 @ 12:05:39 (GMT -04:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Chad at CHAD »Registry »Run Keys »Current User »Run +AutorunsDisabled LogitechSoftwareUpdate="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot »RunOnce +Setup »Default User »Run Usrr=C:\Program Files\etea\rpen.exe »RunOnce »Local Machine »Run nwiz=nwiz.exe /install ShStatEXE="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE McAfeeUpdaterUI="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey ATIPTA=C:\WINDOWS\ATIPTAXX.EXE +OptionalComponents +MSFS Installed=1 +MAPI Installed=1 NoChange=1 +MAPI Installed=1 NoChange=1 +MAPI Installed=1 NoChange=1 »RunOnce »RunServices »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat batfile="%1" %* +.com comfile="%1" % +.disabled SpybotSD.DisabledFile="C:\Program Files\Spybot\blindman.exe" %1 +.exe exefile="%1" %* +.hta htafile=C:\WINDOWS\System32\mshta.exe "%1" % +.htm FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.html FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.js JSFile=%SystemRoot%\System32\WScript.exe "%1" % +.jse JSEFile=%SystemRoot%\System32\WScript.exe "%1" % +.pif piffile="%1" % +.reg regfile=regedit.exe "%1" +.scr scrfile="%1" /S +.txt txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe VBEFile=%SystemRoot%\System32\WScript.exe "%1" % +.wsh WSHFile=%SystemRoot%\System32\WScript.exe "%1" % +.wsf WSFFile=%SystemRoot%\System32\WScript.exe "%1" % +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278} StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} StubPath=%SystemRoot%\system32\ie4uinit.exe »Browser Helper Objects (LM) »Internet Explorer »Current User Default_Search_URL=http://search.msn.com Local Page=C:\WINDOWS\SYSTEM32\blank.htm Search Bar=http://www.google.com/ie Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page=http://www.google.com/ +SearchUrl provider= +g =http://www.google.com/search?hl=en&lr=&q=%s =+ +=%2B %=%25 &=%26 #=%23 »Default User Default_Search_URL=http://home.microsoft.com/search/lobby/search.asp Search Bar=http://home.microsoft.com/search/lobby/search.asp Start Page=http://www.emachines.com SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »Local Machine Default_Page_URL=http://www.emachines.com Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Local Page=%SystemRoot%\system32\blank.htm Search Bar=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page=http://www.google.com CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) 0aMCPClient={F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} `InprocServer32= PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32= WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll UPnPMonitor={e57ce738-33e8-4c51-8354-bb4de9d215d1} `InprocServer32=C:\WINDOWS\system32\upnpui.dll »Special NT Values »Current User Load= Run= Programs=com exe bat pif cmd SHELL=explorer.exe »Default User Load= Run= Programs=com exe bat pif cmd SHELL= »Local Machine AppInit_DLLs= SHELL=Explorer.exe Userinit=C:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User C:\Documents and Settings\Chad\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\Chad\Start Menu\Programs\Startup\AutorunsDisabled\TClock2.lnk »Default User C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini »Local Machine C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini »INI-Files »WIN.INI\[windows] LOAD= RUN= »SYSTEM.INI\[boot] SHELL=explorer.exe »Text Files C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\msdos.sys C:\config.sys C:\WINDOWS\system32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 C:\autoexec.bat C:\WINDOWS\system32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 C:\WINDOWS\wininit.ini `[Rename] `NUL = C:\DOCUME~1\Chad\LOCALS~1\Temp\topmins1.exe C:\WINDOWS\system32\drivers\etc\hosts »Program Files C:\ntldr C:\ntdetect.com C:\io.sys C:\WINDOWS\system32\win.com C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\WINDOWS\system32\notepad.exe C:\WINDOWS\notepad.exe C:\WINDOWS\notepad.exe +C:\WINDOWS\system32\Ntrights.exe C:\Program Files\Windows Resource Kits\Tools\ntrights.exe +C:\WINDOWS\system32\regini.exe C:\Program Files\Windows Resource Kits\Tools\regini.exe +C:\WINDOWS\system32\slrundll.exe C:\WINDOWS\slrundll.exe C:\WINDOWS\slrundll.exe +C:\WINDOWS\system32\taskman.exe C:\WINDOWS\TASKMAN.EXE C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\system32\winhlp32.exe C:\WINDOWS\winhlp32.exe C:\WINDOWS\winhlp32.exe +C:\WINDOWS\_default.pif C:\WINDOWS\_default.pif +C:\WINDOWS\alcrmv.exe C:\WINDOWS\alcrmv.exe +C:\WINDOWS\alcupd.exe C:\WINDOWS\alcupd.exe +C:\WINDOWS\AolCInUn.exe C:\WINDOWS\AolCInUn.exe +C:\WINDOWS\atiadaxx.exe C:\WINDOWS\atiadaxx.exe +C:\WINDOWS\atiiprxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiiprxx.exe C:\WINDOWS\atiiprxx.exe +C:\WINDOWS\atiphexx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiphexx.exe C:\WINDOWS\atiphexx.exe +C:\WINDOWS\atiprbxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe C:\WINDOWS\atiprbxx.exe +C:\WINDOWS\atiptaxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\atiptaxx.exe +C:\WINDOWS\explorer.exe C:\WINDOWS\explorer.exe +C:\WINDOWS\explorer_original.exe C:\WINDOWS\explorer_original.exe +C:\WINDOWS\hh.exe C:\WINDOWS\hh.exe +C:\WINDOWS\ieuninst.exe C:\WINDOWS\ieuninst.exe +C:\WINDOWS\InstIt.exe C:\WINDOWS\InstIt.exe +C:\WINDOWS\IsUninst.exe C:\WINDOWS\IsUninst.exe +C:\WINDOWS\mattie54.exe C:\WINDOWS\mattie54.exe +C:\WINDOWS\mHotkey.exe C:\WINDOWS\mHotkey.exe +C:\WINDOWS\MSDEVRC.exe C:\WINDOWS\MSDEVRC.exe +C:\WINDOWS\muninst.exe C:\WINDOWS\muninst.exe +C:\WINDOWS\nzmlymw.exe C:\WINDOWS\nzmlymw.exe +C:\WINDOWS\oeuninst.exe C:\WINDOWS\oeuninst.exe +C:\WINDOWS\PATCH.EXE C:\WINDOWS\PATCH.EXE +C:\WINDOWS\regedit.exe C:\WINDOWS\regedit.exe +C:\WINDOWS\ru.exe C:\WINDOWS\ru.exe +C:\WINDOWS\runtsckl.exe C:\WINDOWS\runtsckl.exe +C:\WINDOWS\setdebug.exe C:\WINDOWS\setdebug.exe +C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\SOUNDMAN.EXE +C:\WINDOWS\tsc.exe C:\WINDOWS\tsc.exe +C:\WINDOWS\twunk_16.exe C:\WINDOWS\twunk_16.exe +C:\WINDOWS\twunk_32.exe C:\WINDOWS\twunk_32.exe +C:\WINDOWS\UnGins.exe C:\WINDOWS\UnGins.exe +C:\WINDOWS\UniFish3.exe C:\WINDOWS\UniFish3.exe +C:\WINDOWS\uninst.exe C:\WINDOWS\uninst.exe +C:\WINDOWS\UninstallFirefox.exe C:\WINDOWS\UninstallFirefox.exe +C:\WINDOWS\UnInstallX.exe C:\WINDOWS\UnInstallX.exe +C:\WINDOWS\unvise32qt.exe C:\WINDOWS\unvise32qt.exe +C:\WINDOWS\winhelp.exe C:\WINDOWS\winhelp.exe +C:\WINDOWS\wmback.exe C:\WINDOWS\wmback.exe +C:\WINDOWS\NewFolder.vbs C:\WINDOWS\NewFolder.vbs +C:\Program Files\Windows Resource Kits\Tools\tcmon.exe *C:\Program Files\Windows Resource Kits\Tools\tcmon.bat »System/Drivers »Running Processes +0=<idle> +4=<system> +380=\SystemRoot\System32\smss.exe +664=\??\C:\WINDOWS\system32\csrss.exe +688=\??\C:\WINDOWS\system32\winlogon.exe +732=C:\WINDOWS\system32\services.exe +744=C:\WINDOWS\system32\lsass.exe +888=C:\WINDOWS\system32\svchost.exe +944=C:\WINDOWS\system32\svchost.exe +980=C:\WINDOWS\System32\svchost.exe +1028=C:\WINDOWS\System32\svchost.exe +1344=C:\WINDOWS\system32\spoolsv.exe +1416=C:\Program Files\ewido\security suite\ewidoctrl.exe +1440=C:\Program Files\Network Associates\VirusScan\mcshield.exe +1472=C:\Program Files\Network Associates\VirusScan\vstskmgr.exe +1624=C:\WINDOWS\System32\svchost.exe +1684=C:\WINDOWS\system32\wdfmgr.exe +1916=C:\WINDOWS\System32\alg.exe +1408=C:\WINDOWS\Explorer.EXE +1964=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE +1976=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe +1996=C:\WINDOWS\ATIPTAXX.EXE +708=C:\Program Files\etea\rpen.exe +2844=C:\Program Files\Aim\Aim 2\aim.exe +3324=C:\Program Files\Winamp\winamp.exe +2412=C:\Program Files\Soulseek\slsk.exe +2540=C:\Program Files\Mozilla Firefox\firefox.exe +528=C:\Documents and Settings\Chad\Desktop\startdreck\StartDreck.exe »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User As for the AIM 2 program, it is actually just AIM. I have two different versions installed and I put the second in the AIM 2 folder.