What Is This 'scary' Program??????

Hello everyone---I REALLY NEED HELP WITH THIS ASAP!! I was doing a search on my PC yesterday, and I found A 'SCARY' PROGRAM that I know I didn't download! It has a "setup ", a DAT file and a BIN file. The name of this "mystery program" is;

"Bummer! Household Attack ", (without the quotes)

I have absolutely NO IDEA where this download came from, but as soon as I saw it, I IMMEDIATELY scanned all 3 parts of it for virus, and they all came back "no virus found "; however, I am afraid to open it in the event that it's a Trojan, worm or some other evil program.

I also did a Google search, and there were no entries for it.

I went to Lockergnome forums, and no one knew what it was, and most of those who responded recommended deleting it from my Registry, (which, as an easily scared newbie, I am afraid to do!)

If anyone knows what this "thing" is, please let me know!! Is it safe to open to find out what it is, (since I DID NOT download it!)

Finally, can anyone recommend a site that I can go to so that I can check out just what this scary-sounding program is?

Thanks in advance for ANY help!

Gratefully, Spookie

 

Hello Spookie,

Read this thread and take some or all of the advice that Mike & I specified http://www.windowsbbs.com/showthread.php?s=&postid=100214#post100214

Even if this isn't a Browser hijack, using SSD and AAW and asking on the two security forums will get you an answer.

Regards - Charles

 

Spookie

I will try to help you tonight.

Mike

 

Spookie

In answer to your PM!

I had to search your other posts to find you have XP, is that correct? XP home or Pro?

OK the first thing to do is to look in Add/Remove programs and if there uninstall it.

After it is removed, or if it is not in Add/Remove then do a disk search for it and delete all it finds.

Like this:
Start-Search-files or folders-Search for files or folders named

Then type
Bummer*.*

Then type
Househo*.*

Unless you have something else named Bummer or Household something or other then delete all it finds.

Next

Go here: http://www.hoverdesk.net/freeware.htm

Download RegSeeker. It is zipped so create a new folder in c:\Program Files call it RegSeeker. Move the zip to that location and unzip it.

Then run the program, but do not clean the registry, but select Find in registry and type in

first
Bummer

then
household

Again unless you have something named like this then delete them all.

Next get HiJackThis: http://www.tomcoyote.org/hjt/

This program is stand-alone does not need installing. It is ready to run. Put it in a folder in C:\Program files called HiJackThis.

Then run it. Click Scan (do not Fix), at the bottom of the screen click the Save log. It will want to save the log, name it hijackthis, click OK. You will now have the log on the screen, copy it and paste it back in a message to us.

Next

Still in HiJackThis, Click Config, then Misc tools, then Generate a Startup List. When this list is on screen copy it and paste it back to us in another separate post.

With the info from the 2 lists above we can advise you specifically from there.

Also please tell us the results of the disk search and RegSeeker search.

Mike

 

WOW, MIKE!!! You must have been working on this all day! Thank you for all of the time you spent on this, and I'm especially grateful that you gave very detailed instructions---I'm too new at this stuff to function without them!
In answer to your question, I run XP-Home, SP-1
I checked in Add/Remove, and it's not there, as I was VERY careful to only right-click on it---I didn't want to run the risk of opening it and possibly exposing my PC to a Trojan, worm or virus.Which brings me to my questions;
I do have TrendMicro, (I use their PC-Cillin 2003 AV/Firewall), investigating the program, and I also e-mailed Patrick Kolla, (creator of Spybot S&D), because the "Bummer..." program was "created" on the same date as when I deleted a troublesome copy of SpyBot, (it had bugs in it that weren't able to be fixed), and went to CNET download site and installed a "fresh" copy. "Goretsky" from Lockergnome Forums thinks that it's a possibility that the "Bummer..." program was actually caught by Spybot, but since SB wasn't working correctly, the "Bummer.." was left on my PC when I deleted it. It's a mystery why the new copy of SpyBot hasn't caught it, though.
I don't want to remove "Bummer.." until I hear from TrendMicro and SpyBot in case they want the files, so I'll download RegSeeker and HiJackThis and get everything ready to follow your instructions.
By doing any of these procedures, am I going to be opening the "mystery files ", and if so, will my AV program protect my PC? I know it's probably a dumb question, but when TrendMicro wanted me to upload the files to their website, I had a gut feeling that I would be opening them---was I right, or just a paranoid novice? Since I didn't know how to "upload ", I didn't do it; so far, all they need is the information that I gave you.
Thank you SO MUCH for the directions! I'm going to download the programs now, and as soon as I get the "all clear" from TrendMicro and SpyBot, I'll follow your directions and I'll send you the results---WISH ME LUCK---I'm gonna need it! Oh, BTW; is the stuff I'm going to do known as "Editing the Registry "? If it is, don't tell me till I'm done---otherwise I'll be too nervous to do it!
Thanks again, Mike for everything; I REALLY appreciate having someone as knowledgeable as you guiding me through this.
Gratefully, Spookie

 

Spookie

If you want to fiddlyfart around with this that is up to you.

Maybe, that some of those folks will get back to you.

Lately I am having a hard time just visiting the BBS. I just don't have much time.

Put it on a floppy for them, or burn to a CD if to large for a floppy. Then clean it from your computer.

But Ok, for the time being get me the 2 things I asked for from HiJackThis. These do not clean anything, but they do provide me with information.

Mike

 

"Scary" results from "HiJackThis "

Hi Mike and Friends! Well, this is my very first attempt at the "copy & paste" move, so I hope that I do it right!

As you requested, Mike, I ran "HiJackThis ", and in the interest of finding out if the "Bummer! Household Attack" (without quotes) is a Trojan, worm or virus, and to see if anyone else on the boards knows ANYTHING about these 3 invaders, I'm pasting the results----I hope---so here goes----Logfile of HijackThis v1.95.0
Scan saved at 11:38:26 PM, on 7/16/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm2f.exe
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by AT&T WorldNet Service
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe "
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe "
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe "
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe "
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: BJ Status Monitor Canon BJC-2100.lnk = C:\Documents and Settings\Owner\cnmss2f.exe
O4 - Startup: DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {94418D7F-29BF-460F-8614-DEFB34871FA4} - https://secure3.trueswitch.com/att/TrueConfig.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

HOORAY!!!!, I DID IT!!!! Thanks for the GREAT instructions, Mike!

Now, hopefully someone will find out what's going on with the "bummer" program! Thanks again. Spookie

 

Spookie

That list though a disaster as far as performance does not have a sign of any gremlins.

Did you forget the other thing I asked for:

"Still in HiJackThis, Click Config, then Misc tools, then Generate a Startup List. When this list is on screen copy it and paste it back to us in another separate post. "

Mike

 

Here's the "startup list" you wanted

sniff sniff--Hi Mike; I'm a bit sad that my other list is a disaster as far as performance goes; is that why my PC, (which is ONLY 8 mos. old) runs as slow as molasses? How do I "un-disasterize" my performance?

Oh, here's the Startup List that you wanted. It's probably a disaster, too!! StartupList report, 7/18/2003, 1:35:51 AM
StartupList version: 1.52
Started from : C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PccPfw.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm2f.exe
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
BJ Status Monitor Canon BJC-2100.lnk = C:\Documents and Settings\Owner\cnmss2f.exe
DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MoneyStartUp10.0 = "C:\Program Files\Microsoft Money\System\Activation.exe "
AdaptecDirectCD = C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
nwiz = nwiz.exe /install
pccguide.exe = "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe "
PCCClient.exe = "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe "
Pop3trap.exe = "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe "
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CursorXP = C:\Program Files\CursorXP\CursorXP.exe
MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe "
Mozilla Quick Launch = "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
Weather = C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\AMERIC~2.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
CCHelper - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll - {0CF0B8EE-6596-11D5-A98E-0003470BB48E}
(no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Disk Cleanup.job
Low Battery Alarm Program.job
System Diagnostic.job

--------------------------------------------------

Enumerating Download Program Files:

[SysProWmi Class]
InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx
CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB

[sys Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitStop.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

[MiniBugTransporterX Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll
CODEBASE = http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

[DiskHealth Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\diskhealth.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/diskhealth.cab

[AV Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PAV.dll
CODEBASE = http://www.pcpitstop.com/antivirus/PCPAV.CAB

[{94418D7F-29BF-460F-8614-DEFB34871FA4}]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TrueConfig.dll
CODEBASE = https://secure3.trueswitch.com/att/TrueConfig.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\OUTC.DLL
CODEBASE = http://dgl.microsoft.com/downloads/outc.cab

[DiskHealth2 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7,905 bytes
Report generated in 0.266 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Any tips on how to optimize my performance would be GREATLY appreciated---I figured that I probably had programs running in the background that I don't need, and I'm sure lots of other junk, but I have always followed Chris' words of wisdom; "If you don't know what you're doing, Grab a Geek before you start messing around with your registry "----those words are burned in my gray matter!

Hope the list above is the one you need!

Thanks again

Spookie

 

Ok Spookie

You do not have any indication of any kind of spy/adware or other problems.

The startup list was basically the same as the other but I wanted to see it, in case it showed something more.

I am sure the computer is slow.

It is time for bed now. I have been off today and also tomorrow and I will post some cleanup and tweaks for you to get the speed and stability back tomorrow.

Besides the speed and what you thought about this Bummer, do you have any other issues I should know about?

Good night.

Mike ZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzz

 

Just delete "Bummer!', and optimizing PC

Thanks SO MUCH for all the time you put in to diagnose my PC problem, Mike.

I just need to know if it's safe to just delete the 3 "Bummer!" files, and after you've gotten a good night's sleep and feel strong enough to put up with me again, I sure would value your opinion on what I can safely "tweak" or whatever to optimize my system.

Don't bother doing any more work now---you've earned some time away from a goof like me!

Sleep well, and when you have time, just let me know what needs to be done.

Thanks again for EVERYTHING---I feel so much better now; especially since I don't have to ***** around with the Registry----YET!!!!

Good night, Friend, and "Thank You "

Gratefully,
Spookie

 

Hi Spookie

YES, delete the Bummer, household thing.

You asked, so don’t be surprised at the steps!

Ok here is the advice on cleaning startups and tweaking for speed and stability. We will get to the specifics in your startups that I mentioned later below.

This ought to keep you busy and out of trouble for a while.

Do not be intimidated by the steps, it is not as bad as it looks; just do one step at a time. So remember 1 step at a time.

If you will do these exactly as I direct and in the same order, it will be well worth the time. As your computer should be faster and more stable than ever before. In addition to the learning experience. After this you will have almost all tools needed to clean, repair and tweak your computer for maximum stability and performance.

If this is too much for you then pick and choose. If you decide to pick and chose then any of these will help, but I advise all.

Print this so you will have it handy.

You said you already have SpyBot so make sure it is up to date by downloading the newest update. Also max out the config by doing the following:
click settings-scan priority and select "Time Critical (blocks everything else) ". Then slide to the bottom of this page and under Expert settings check "Show expert buttons in.... "

Then Settings-filesets and check the bottom three items also so that all on this page are checked.

After you run SpyBot twice then runthe Immunize!
_____________________________________________
Download and install these programs, just install do not run yet. They should be downloaded into an install folder (So make a C:\Install) and save and run from there. You can download them all 1 at a time and save them. Then install them all 1 at a time.

Startup control
http://www.mlin.net/StartupCPL.shtml

This gives simple and full control of what starts at boot up. After install there will be a Startup icon in control panel. Why this over Msconfig? Msconfig only allows unchecking/disabling of items. Startup Control panel allows deleting items or moving from startup to run as a service etc.

DISK TEMP AND MRU(PRIVACY TRACKS) Cleanup

Dclean http://www.xs4all.nl/~mp2004/

I think Dclean is the smallest, fastest most thorough temp cleaner there is. When you run it the first time put a check in all boxes.

MRU BLASTER http://www.wilderssecurity.net/mrublaster.html

Cleans the registry of all tracks in MRUBlaster go to settings plugins and select both Cookie Blaster and IE Temp file cleaner, check the "Enable automatic" that is directly over the "Save settings and run now" then hit the Save settings and run now ".

Spider: http://www.fsm.nl/ward/

Spider gets the infamous index.dat files, plus a few other things. Click scan then click clean, but when it asks for what to clean, check all drives and everything else.

XpAntiSpy http://www.webattack.com/get/xpantispy.shtml

There are many settings in XpAntiSpy but the ones you would use for privacy are:

Heck I usually do them all EXCEPT "Enable fast Shutdown and Task-Scheduler service.

I also set it to Clear Pagefile on shutdown for cleaning but after reboot I always turn this back off and only clean it when I want. Some leave it on all the time.

Registry and System cleaners

RegCleaner http://www.vtoy.fi/jv16/shtml/regcleaner.shtml
Look in first 2 cols for programs you thought you uninstalled or removed, these are the dregs left by the uninstaller. Also tag and remove any that you are POSITIVE are not supposed to be on your computer. After removing these go to the top Tools-Registry Cleanup-Do them all. Delete all it finds.

EasyClean1.7 http://gswi.com/downloads.htm
Run only unnecessary files and registry clean delete all it finds. If you have XP or ME in the "Unnecessary Files" type the word HELP in the skip box. Do not do Duplicate files!

Rescrub http://www.majorgeeks.com/download.php?det=2048
NOTE: W2K and XP only!

Select Rescrub finds problems and remove all it finds.


Now that all of the above are installed and ready to run, reboot and while booting up tap the F8 key repeatedly until you get the bootup menu. Choose "Safe modeâ€.

After it boots it will look very basic with large grainy Icons. This is normal for Safe mode.

Now do the following:

Configure CleanMgr to max settings
Go to Start-Run and type

cleanmgr /sageset:1
The above need only be ran once (these settings will be remembered as the default until another sageset is ran).

It will present a menu select all except compress, then

Go to Start-Run and type

cleanmgr /sagerun:1
As long as /sageset above has been ran on this computer from now on the /sagerun is the only thing that needs to run.

Next go to Control panel and find "Startup Control Panelâ€.

Click it open go thru each tab and uncheck the following items from you disaster list (some of the below are repeated so that you will not miss any, if they contain any of the below uncheck that item):

WkUFind.exe
WorksFUD
qttask.exe
OSA.EXE
NvCplDaemon
MiniBug
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MoneyStartUp10.0 = "C:\Program Files\Microsoft Money\System\Activation.exe "
QuickTime Task = "C:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

After you finish StartUp control panel, while still in the Control panel go to Add/Remove and uninstall WeatherBug (it is the biggest slowdown you have). And is on the Spy/Adware list.

Now you are finally ready to do the real cleanups. The instructions for these are listed with the download instructions above. Follow the instructions. If any program asks to reboot, say no we will do all this in 1 reboot.

1. Dclean
2. MruBlaster
3. Spider (say no when it asks to reboot)
4. XpAntiSpy
5. Easyclean
6. RegCleaner
7. RegScrubXP
8. SpyBot

Now reboot.

Your move!

Mike