Startup programs question...

I read an earlier thread where a computer was showing up certain programs, due to the fact that it had a virus. I have followed the instructions from that thread to help myself. What I was not able to understand was how do you remove the program that is starting from msconfig. I have included a startup log...

Smartbutler for example is nowhere to be found, and I have unchecked it in the msconfig..is there a way to remove it for being in there (In the msconfig)?

In addition to that, here is my log file.

Thank you in advanced.

Matt

---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 01-21-2005 7:17:06.09p
__________________________________________________________________________
__________________________________________________________________________

StartUp Log for Windows 95/98 - Freeware by rmbox
__________________________________________________________________________
__________________________________________________________________________

Comments:

This is a log of all the programs on your computer that
are starting automatically every time you start Windows.
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.58) - Release Date 11/9/2002

__________________________________________________________________________
__________________________________________________________________________

StartUp Log Index

1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations

__________________________________________________________________________
__________________________________________________________________________

The following is a list of your current Start-Ups
__________________________________________________________________________
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry "= "C:\\WINDOWS\\scanregw.exe /autorun "
"SystemTray "= "SysTray.Exe "
"LoadPowerProfile "= "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "
"CriticalUpdate "= "C:\\WINDOWS\\SYSTEM\\wucrtupd.exe -startup "
"TaskMonitor "= "C:\\WINDOWS\\taskmon.exe "
"Zone Labs Client "= "\ "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\" "
"AVG7_CC "= "C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP "
"AVG7_EMC "= "C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGEMC.EXE "
"AVG7_AMSVR "= "C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE "
"LVComs "= "C:\\WINDOWS\\SYSTEM\\LVComS.exe "
"StillImageMonitor "= "C:\\WINDOWS\\SYSTEM\\STIMON.EXE "
"DXM6Patch_981116 "= "C:\\WINDOWS\\p_981116.exe /Q:A "
"Admilli Service "= "C:\\PROGRAM FILES\\ADMILLI SERVICE\\ADMILLISERV.EXE "
"Tsl "= "C:\\PROGRA~1\\COMMON~1\\TSA\\tsl.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange "= "1 "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "


==========================================================================
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartButler "= "C:\\PROGRAM FILES\\SMARTBUTLER\\SMARTBUTLER.EXE "


==========================================================================
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


==========================================================================
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LoadPowerProfile "= "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "
"TrueVector "= "C:\\WINDOWS\\SYSTEM\\ZONELABS\\VSMON.EXE -service "


==========================================================================
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


==========================================================================
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.


These are the run and load lines in your WIN.INI file

run=

load=

==========================================================================
__________________________________________________________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.


This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

==========================================================================
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)


These are your program startups and set paths in your autoexec.bat file

C:\PROGRA~1\GRISOFT\AVGFRE~1\BOOTUP.EXE
SET BLASTER=A220 I7 D1 T2
SET SNDSCAPE=C:\WINDOWS


==========================================================================
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your StartUp folder

C:\WINDOWS\Start Menu\Programs\StartUp\Picture Package VCD Maker.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Picture Package Menu.lnk

==========================================================================
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your All Users StartUp folder


*(No start-ups found)*

==========================================================================
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================-
Registry StartUp Directories
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup "= "C:\\WINDOWS\\Start Menu\\Programs\\StartUp "

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup "= "C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp "

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


.....................................................................

-=======================-
Registry Shell Spawning
-=======================-

Open Commands for Executable File Types

@= "\ "%1\" %* "
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@= "\ "%1\" %* "
(.com file - RegPath = HKCR\comfile\shell\open\command)

@= "\ "%1\" /S "
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@= "\ "%1\" %* "
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@= "\ "%1\" %* "
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@= "C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \ "%1\" %* "
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================-
HKLM RunOnceEx - Registry
-=========================-


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


-=========================-
HKU (.Default) Run - Registry
-=========================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartButler "= "C:\\PROGRAM FILES\\SMARTBUTLER\\SMARTBUTLER.EXE "


-==============================-
HKU (.Default) RunOnce - Registry
-==============================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


-================================-
StubPaths - Registry (Partial Listing)
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"OldStubPath "= "C:\\WINDOWS\\SYSTEM\\ie4uinit.exe "
"RealStubPath "= "C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE "
"StubPath "= "C:\\WINDOWS\\msnmgsr1.exe "
"StubPath "=" "
"StubPath "= "C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L "
"OldStubPath "= "\ "C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:WIN9X /user /install "
"RealStubPath "= "\ "C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install "
"OldStubPath "= "\ "C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:WIN9X /user /install "
"RealStubPath "= "\ "C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install "
"StubPath "= "C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl "
"Stubpath "= "C:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP "

-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-

C:\SBPCI\APINIT



-=================-
WININIT.BAK File - (c:\windows\wininit.bak)
(name) (type) (size)(modified)(time)
wininit bak 16 01-21-05 5:34p
-=================-

[Rename]
NUL=
-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-


==========================================================================
__________________________________________________________________________

- Supplemental Environment Information -

TMP=C:\WINDOWS\TEMP
TEMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
COMSPEC=C:\WINDOWS\COMMAND.COM
windir=C:\WINDOWS

File - c:\windows\Wininit.bak
File - c:\windows\deletefi.ini

==========================================================================
__________________________________________________________________________

- End -

 

You can use Startup Control Panel to remove the ones that are no longer valid.