Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

One messed up system - PBurrier


  • Please log in to reply
9 replies to this topic

#1 pburrier

pburrier

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 14 May 2005 - 12:49 AM

KNOW THAT THERE ARE MANY MANY ITEMS I SEE ON MY HJT LOG UNDER 016 THAT I DON'T EVEN KNOW WHY EVERY GAME YAHOO HAS IS LOADED UP. I WOULD LOVE TO GET RID OF SOME OF THAT STUFF AND OTHER ITEMS AS IN STARTUP LST BELOW AS WELL SAYS SOMETHING ABOUT REGISTRY FAILURE ??? IT SOUNDS DRASTIC.

OH WELL... I had just realized the above after having read the logs and I don't know anything. What does that mean? oh well... please read on... sorry it is so much.

patty


* ORIGINAL NOTE:

Hi My Goto Guys... I can never sing enough praises about bleeping but you are so good that I have to come back for more. Or actually the case is, I did as instructed to fix my system from my previous visits. I looked at my startup in msconfig on my Windows 98SE. OMG... there is so much stuff in there and I have very little checked. How can I clean this up and get my computer to with the problems...

Quick recap of latest posts in a nut shell.

HAD MANY SPYWARE AND ADWARE ON SYSTEM

WAS DIRECTED TO RUN SEVERAL AND INSTALL ON MY SYSTEM. (I DO NOT KNOW IF I DID WRONG BY INSTALLING THEM... AS THEY MAYBE CONFLICTING WITH MY SUBSCRIPTION WEBROOTS SPYSWEEPER AND SUBSCRIPTION AVG 7.0.)

I CAN ACCEPT YOU TELLING ME THAT I HAVE DONE YET ANOTHER "ID 10 T" ERROR. THE SYSTEM CHECKS OUT ON MY SUBSCRIPTION PROGRAMS, CLEANED A COUPLE OF ADWARE ON ADAWARE PROGRAM... HAVE THE SPYBLASTER AND SPYGUARD INSTALLED AS WELL AS HAVE RAN SYMANTEC SYSTEM CHECK SEVERAL TIMES, PANDA SCAN SEVERAL TIMES AND TREND MICRO AGAIN = SEVERAL TIMES. I DO NOT KNOW IF HAVE CREATED MY OWN PROBLEM BUT MY COMPUTER AND I ARE HARDLY ON SPEAKING TERMS AS OF LATE BECAUSE IT IS NOT FUN TO MANUVER. I HOPE SOMETHING CAN BE DISCOVERED AND REMEDIED.

I APPRECIATE YOUR ASSISTANCE AND HAVE RAN AND INCLUDED A STARTUP LIST AS WELL AS A CURRENT HJT JUST FOR LAUGHS...

StartupList report, 05/14/2005, 12:37:04 AM
StartupList version: 1.52.2
Started from : C:\MY DOCUMENTS\PATTY'S STUFF\HJT\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\PATTY'S STUFF\HJT\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
AVG7_CC = C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
AVG7_AMSVR = C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
KB891711 = c:\windows\SYSTEM\KB891711\KB891711.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = c:\windows\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf

[FontsPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf

[{5A8D6EE0-3E18-11D0-821E-444553540000}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36

[PerUser_ICW_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

[>PerUser_MSN_Clean] *
StubPath = c:\windows\msnmgsr1.exe

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf

[MotownMPlayPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\mplay98.inf

[PerUser_Base] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf

[ShellPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf

[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\webfdr16.inf,PerUserStub.Install,1

[PerUserOldLinks] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 c:\windows\INF\ols.inf

[PerUser_Paint_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis_remove 64 c:\windows\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf

[PerUser_dxxspace_Links] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf

[PerUser_MSBackup_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis_remove 64 c:\windows\INF\applets1.inf

[PerUser_CVT_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\windows\INF\applets1.inf

[PerUser_Enable_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis_remove 64 c:\windows\INF\enable.inf

[MotownRecPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf

[PerUser_RNA_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_RNA_remove 64 c:\windows\INF\rna.inf

[PerUser_Wingames_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf

[PerUser_Sysmon_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis_remove 64 c:\windows\INF\appletpp.inf

[PerUser_Sysmeter_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Rem_Inis 64 c:\windows\INF\appletpp.inf

[PerUser_netwatch_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Rem_Inis 64 c:\windows\INF\appletpp.inf

[PerUser_CharMap_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Rem_Inis 64 c:\windows\INF\appletpp.inf

[PerUser_Onlinelnks_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis_remove 64 c:\windows\INF\appletpp.inf

[PerUser_Dialer_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis_remove 64 c:\windows\INF\appletpp.inf

[PerUser_ClipBrd_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis_remove 64 c:\windows\INF\clip.inf

[MmoptMusicaPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf

[MmoptJunglePerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf

[MmoptRobotzPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf

[MmoptUtopiaPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[OlsAolPerUser]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUserRemove 64 c:\windows\INF\ols.inf

[OlsAttPerUser]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUserRemove 64 c:\windows\INF\ols.inf

[OlsCompuservePerUser]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUserRemove 64 c:\windows\INF\ols.inf

[OlsProdigyPerUser]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUserRemove 64 c:\windows\INF\ols.inf

[Shell3PerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf

[Theme_Windows_PerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf

[Theme_MoreWindows_PerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[PerUser_Preptool] *
StubPath = rundll.exe Setupx.dll,InstallHinfSection Install 64 C:\WINDOWS\INF\RUNLAST.INF

[Chl99] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chl99.inf,InstallUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[PerUser_DCC_Inis]
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis_remove 64 c:\windows\INF\rna.inf

[NetservrPerUser] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection NetservrPerUser 64 c:\windows\INF\netservr.inf

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exeadvpack.dll

[PerUser_Winpopup_Inis] *
StubPath = rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Winpopup_Inis_remove 64 c:\windows\INF\winpopup.inf

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\SYSTEM\Rundll32.exe c:\WINDOWS\SYSTEM\mscories.dll,Install

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}.Restore]
StubPath = rundll32.exe advpack.dll,UserUnInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv mfpdaemon

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 14/5/2005, 0:15:52)

[rename]
NUL=c:\WINDOWS\TEMP\_TINDEL.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\GRISOFT\AVG7\BOOTUP.EXE
C:\PROGRA~1\WILDFI~1\GOBACK\GB_PROG.EXE /i C:2000
SET BLASTER=A220 I7 D1 H5 P330 T6
SET CTSYN=C:\WINDOWS
C:\PROGRA~1\CREATIVE\SBLIVE\DOSDRV\SBEINIT.COM
REM [Header]
ECHO OFF
REM [CD-ROM Drive]
REM [Miscellaneous]
REM [Display]
Set tvdumpflags=10
Set tvdumpflags=10
Set tvdumpflags=10

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
REM [Header]
REM == PISETUP Begin Delete ==
REM == PISETUP End Delete ==
REM [CD-ROM Drive]
REM [Miscellaneous]
REM [Display]

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

C:\PROGRA~1\CREATIVE\SBLIVE\DOSDRV\SBEINIT.COM
echo off
REM Notes:
REM DOSSTART.BAT is run whenenver you choose "Restart the computer
REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
REM you to load programs that you might not want loaded in Windows,
REM (because they have functional equivalents) but that you do
REM want loaded under MS-DOS. The two primary candidates for
REM this are MSCDEX and a real mode driver for the mouse you ship
REM with your system. Commands that you want present in both Windows
REM and MS-DOS should be placed in the Autoexec.bat in the
REM \Image directory of your reference server. Please note that for
REM MSCDEX you will need to load the corresponding real-mode CD
REM driver in Config.sys. This driver won't be used by Windows 95
REM but will be available prior to and after Windows 95 exits.
REM
REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
REM before Windows loads and access the CD-ROM. All you have to do
REM is press F8 and then run DOSSTART to load MSCDEX and your real
REM mode mouse driver (no need to remember the command line parameters
REM for these two files.
REM
REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
REM - The string following the /D: statement must explicitly match
REM the string in CONFIG.SYS following your CD-ROM device driver.
REM MSCDEX.EXE /D:OEMCD001 /l:d
REM MOUSE.EXE
LH C:\PROGRA~1\MICROS~2\MOUSE\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Unable to retrieve file info on regedit.exe!

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_0.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
SpywareGuard Download Protection - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Disk Defragmenter.job
Disk Cleanup.job
ScanDisk.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://c:\windows\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://c:\windows\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://c:\windows\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[Dialpad Java Applet]
CODEBASE = http://dialpad.com/applet/src/vscp.cab
OSD = C:\WINDOWS\Downloaded Program Files\Dialpad.osd

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

[{32564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmv8ax.cab

[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsc...55/mcinsctl.cab

[Yahoo! Pyramids]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pyramids.osd

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R1044/V...en/actsetup.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab

[Yahoo! Freecell Solitaire]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
CODEBASE = http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Freecell Solitaire.osd

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7899.6887847222

[Yahoo! Go]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/gt1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Go.osd

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Tornado 21]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Tornado 21.osd

[Yahoo! Dice]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/dct2_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Dice.osd

[Yahoo! GoStop]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/gst1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! GoStop.osd

[Yahoo! Klondike Solitaire]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Klondike Solitaire.osd

[Yahoo! MahJong Solitaire]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! MahJong Solitaire.osd

[JT's Blocks]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/blt1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\JT's Blocks.osd

[Yahoo! Towers 2.0]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Towers 2.0.osd

[Yahoo! Word Racer]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/wt0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Word Racer.osd

[Yahoo! Literati]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/tt3_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Literati.osd

[Video Poker]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Video Poker.osd

[Yahoo! Cribbage]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/it1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Cribbage.osd

[Yahoo! Graffiti]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/grt5_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Graffiti.osd

[Yahoo! Spelldown]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Spelldown.osd

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\OPUC.DLL
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc2.cab

[Yahoo! Euchre]
InProcServer32 = C:\WINDOWS\OPUC.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/et1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Euchre.osd

[Yahoo! Bingo]
InProcServer32 = C:\WINDOWS\OPUC.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/xt0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Bingo.osd

[Yahoo! Dots]
InProcServer32 = C:\WINDOWS\OPUC.DLL
CODEBASE = http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Dots.osd

[Yahoo! Photos Easy Upload Tool Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YDROPPER.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cab

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SYMADATA.DLL
CODEBASE = http://www.symantec.com/techsupp/activedata/SymAData.dll

[MiniBugTransporterX Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MINIBUGTRANSPORTER.DLL
CODEBASE = http://download.weatherbug.com/minibug/tri...Transporter.cab?

[{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]

[{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]

[TNPLDownloader Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TNPLDO~1.OCX
CODEBASE = https://dtwx2.accuweather.com/tnpl_awda/cli...LDownloader.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://support.gateway.com/support/profiler/PCPitStop.CAB

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

[Anonymizer Anti-Spyware Scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\WEBAAS.DLL
CODEBASE = http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: c:\windows\SYSTEM\rnr20.dll
Protocol #1: c:\windows\SYSTEM\mswsosp.dll
Protocol #2: c:\windows\SYSTEM\mswsosp.dll
Protocol #3: c:\windows\SYSTEM\mswsosp.dll
Protocol #4: c:\windows\SYSTEM\mswsosp.dll
Protocol #5: c:\windows\SYSTEM\msafd.dll
Protocol #6: c:\windows\SYSTEM\msafd.dll
Protocol #7: c:\windows\SYSTEM\msafd.dll
Protocol #8: c:\windows\SYSTEM\rsvpsp.dll
Protocol #9: c:\windows\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating Win9x VxD services:

VNETSUP: vnetsup.vxd
NDIS: ndis.vxd,ndis2sup.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
NTKern: *NTKERN
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
IOS: *IOS
MTRR: *mtrr
SPOOLER: *SPOOLER
UDF: *UDF
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VRTWD: c:\windows\SYSTEM\vrtwd.386
VFIXD: c:\windows\SYSTEM\vfixd.vxd
VNETBIOS: vnetbios.vxd
VREDIR: vredir.vxd
DFS: dfs.vxd
ASPIENUM: ASPIENUM.VXD
jsmux: jsmux.vxd
jsdbg: jsdbg.vxd
jsmem1: jsmem1.vxd
NWLink: nwlink.vxd
VSERVER: vserver.vxd
NWNBLINK: nwnblink.vxd
NDISWAN: ndiswan.vxd
WANATM: (no file)
VSDATA95: vsdata95.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 33,951 bytes
Report generated in 0.443 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

AND MY HJT LOG...

Logfile of HijackThis v1.99.1
Scan saved at 12:40:10 AM, on 05/14/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\PATTY'S STUFF\HJT\HIJACKTHIS.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.netscape.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.netscape.com
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com\\"); (C:\Program Files\Netscape\Users\jims_secret_file\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_0.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: Dialpad Java Applet - http://dialpad.com/applet/src/vscp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...55/mcinsctl.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/clients/y/gst1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/cli...LDownloader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab

Until I hear from you all, please know I have the upmost confidence you will see the errors of my ways or tell me how to find them and have me click my heels 3 times and perform some keystrokes etc... so until that time... I am not going to do another thing to it.

just another forever in debt patron,

patty

Edited by pburrier, 14 May 2005 - 01:17 AM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:55 PM

Posted 14 May 2005 - 11:44 AM

Hello pburrier. After reviewing your log I see no signs of viruses or malware at this time. Your log is squeaky clean.

If you want, you can clean all of the 016 entires. They are simply controls that have been downloaded for various games etc. that yo have played on yahoo or scans that you have run. They will return the next time that you visit those sites. That is normal.

What specifically are the problems that you are encountering? There is nothing out of the ordinary that should be causing any issues that I can see.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 pburrier

pburrier
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 14 May 2005 - 12:35 PM

Well OT... just where do I start. After your wonderous fix when I did have spyware/malware on the system; I then proceeded to download and install Firefox as directed by Bleeping tutorial. I have two notebooks that I have created from all the knowledge this site has provided me...and I am armed and dangerous - lol.

Once Firefox was installed and all changes showing Firefox as my new browser... when I would get online in Yahoo (for instance) and attempt to register or play in a tournament my system would through up a window that said something like "Firefox now closing... " and wahlah i was back to my desktop. This happened several times.

I did make sure that Firefox was set up as my default and it was pretty consistent in its routine on shutting down on me. So I uninstalled and removed any extra stuff regarding Firefox and seeming have an easier time navigating on IE but again it is as though my system has it's own agenda versus mine.

It is irksomely slow, I must reboot several times a session until I get frustrated and quit. I have been dilegent about running the variety of scans for both virus and spyware weekly and my subscription services run daily.

When I look under my computer at the performance tab... it is usually running below 50% or less and it has just never ran appropriately for a few months now. I have cleaned off, removed, unistalled etc... old files, programs etc that I don't use or need. I have turned virtually everything off startup but my essentials and quite frankly don't know what else to do.

I was hoping you would see something. How about making something up lol...
No really... it has just acted as though I have a conflict or something going on. Sometimes I have to reboot to print, sometimes I have to reboot for no reason what so ever.

Old Timer... oh wise one... I wish I could tell you more. As I mentioned I am back to IE, all Windows and programs are updateds as much as possible for Win 98SE. I thank you for your assistance in looking things over and i will get rid of several 016 items that i do not ever use and leave the others.

Until I hear from you again... graciously I await for further instructions.

pburrier

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:55 PM

Posted 14 May 2005 - 12:42 PM

Hi pburrier. Very strange. Since there is nothing that is showing visibly, let's look for something that might be hiding.

Download PFind.zip and unzip the contents to its own permanent folder.

Important! Reboot in SAFE MODE !!

Start in Safe Mode Using the F8 method:
  • Restart the computer in Safe Mode.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the pfind.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.

Post the contents of C:\pfind.txt back here and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 pburrier

pburrier
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 14 May 2005 - 09:21 PM

okay Odie, I mean OT... lol

you must have the patience of job... i did as requested... download Pfind.zip open in it's own folder. ran Pfind.bat.... it was very quick and short and doesn't look good to me. All the same here is what it read:

Checking the \Start Menu\programs\Startup\ folder

Bad command or file name
Bad command or file name
Checking the \Application Data folder

Bad command or file name
Bad command or file name
Checking the \Start Menu\programs\Startup\ folder

Bad command or file name
Bad command or file name
Checking the \Application Data fikder

Bad command or file name
Bad command or file name
Checking the Windows folder for system and hidden files within the last 60 days

Bad command or file name
Bad command or file name
Bad command or file name
Cannot find file 'notepad' (or one of its components). Check
to ensure the path and filename are correct and that all required
libraries are available.

***********************

I am afraid to know what it all means but i promise that this is definitely been challenging. Thanks for your brilliance.

I would like to see if I can ever understand this enough to start helping on the site but right now I do not know what I am looking at sometimes. But I see things in my startup that list the same item over and over - why is that? Can I not clean this kinda stuff up.

How many Snickers and Cokes does it take to have you assist me in trying to optimize what i have on here. I just wanna play, email, surf, maintain a small business accounting and inventory and protect all customer history files in case I go back to sales or not.

I do understand that when you look over my listing it may not be that you see anything other than what your eyes are looking for i.e. malware/bad juju stuff... so OT please feel free to direct me to another forum if that is what I should do. I have posted in general chat but that is not the same as the what you and other administrators address.

I really try to be self sufficient to try to fix these items as you go... keeping records and printing tutorials all the way so I may understand better. Your experience and knowledge have always been helpful and on the mark.

I promise I am not a drinker but just to say... I love you all and the brilliant service you provide is top notch. May I win the lottery so I can give back to you all in this lifetime.

Until later OT...

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:55 PM

Posted 15 May 2005 - 12:07 AM

Hi pburrier. Well isn't that strange. It appears that some of the files may be missing. Can you check the folder that you unzipped the pfind-new.zip file to and verify that the following files are in it:pfind.bat
regentries.bat
locate.com
ah.exe
grep.exe
reg.exe
strings.exe
UNIX2DOS.EXE
patterns.txt

If any of the files are missing then unzip the pfind-new.zip file again and verify that all of the files are there. Reboot into DOS and run the scan again.

As for your log, it really is quite clean. The only files that are for startup are the items listed as 04 items and there are very few of those. that is good. If the items that you are talking about that are listed multiple times are the 016 items then you don't have to worry about those items. They are downloaded programs (very small) for the various sites you have visited. There are a number of them for Yahoo games (a gamer huh?). If you want, you can delete all of those safely and they will be downloaded again the next time that you play one of those games or perform a scan or whatever. These items do not load when Windows start and are only used when you perform that particular activity on that particular site.

Post back the new log from the pfind scan and I will look at it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 pburrier

pburrier
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 15 May 2005 - 02:07 PM

Okay OT... well when I boot up in Win98SE it doesn't do anything on the f8 button and doesn't show any advanced screen but I started up in safe mode the way I have always done it. I chose option 3... SAFE MODE.... not SAFE MODE with command prompts or any of the other choices.

It tells me in a window that i am entering SAFE MODE and then i am brought to my desktop with big icons. I go into windows explorer and open my files i save PFind.bat and the other files as noted in last email. (They were already there to begin with when i looked...)

When I double click on Pfind.bat it opens a message saying that MS DOS may corrupt some of my video settings or something like that do i wish to continue ???

I have said yes. It quickly gives me a small DOS window and what I had sent you earlier is what is on there again. So when i save the file this time, I pressed to save as all files. This time I saved it under PFind515(date).bat

here is the listing....

IF NOT ERRORLEVEL 1 SET SYSTEM=%WINDIR%\SYSTEM32


echo Files found with this application may be legitimate. >> %SystemDrive%\pfind.txt
echo Only remove files that you know are malware related. >> %SystemDrive%\pfind.txt

:pfiles
echo.
echo.
echo Please be patient while we search your computer.
echo This may take a while.
echo.
echo.
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

echo Checking the %SystemDrive% folder
echo Checking the %SystemDrive% folder>> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo.

"%CurDir%\strings" -a "%SystemDrive%\*.*" | "%CurDir%\grep" -f "%CurDir%\patterns.txt" >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

echo Checking the %ProgramFiles% folder
echo Checking the %ProgramFiles% folder>> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo.

"%CurDir%\strings" -a "%ProgramFiles%\*.*" | "%CurDir%\grep" -f "%CurDir%\patterns.txt" >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

echo.
echo.
echo Checking the %WinDir% folder
echo Checking the %WinDir% folder>> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo.

"%CurDir%\strings" -a "%WinDir%\*.*" | "%CurDir%\grep" -f "%CurDir%\patterns.txt" >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

echo Checking the %System% folder
echo Checking the %System% folder>> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo.

"%CurDir%\strings" -a "%System%\*.*" | "%CurDir%\grep" -f "%CurDir%\patterns.txt" >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt


echo Checking all directories under the %System%\drivers folder
echo Checking all directories under the %System%\drivers folder>> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo.

"%CurDir%\strings" -s "%System%\Drivers\*.*" | "%CurDir%\grep" -f "%CurDir%\patterns.txt" >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

echo Checking the %ALLUSERSPROFILE%\Start Menu\programs\Startup\ folder
echo.
echo Checking the %ALLUSERSPROFILE%\Start Menu\programs\Startup\ folder >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

"%CurDir%\strings" -a "%ALLUSERSPROFILE%\Start Menu\programs\Startup\*.*" | "%CurDir%\grep" -f "%CurDir%\patterns.txt" >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

echo Checking the %AllUsersprofile%\Application Data folder
echo.
echo Checking the %AllUsersprofile%\Application Data folder >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

"%CurDir%\strings" -a "%ALLUSERSPROFILE%\Application Data\*.*" | "%CurDir%\grep" -f "%CurDir%\patterns.txt" >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

echo Checking the %Userprofile%\Start Menu\programs\Startup\ folder
echo.
echo Checking the %Userprofile%\Start Menu\programs\Startup\ folder >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

"%CurDir%\strings" -a "%USERPROFILE%\Start Menu\*.*" | "%CurDir%\grep" -f "%CurDir%\patterns.txt" >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

echo Checking the %Userprofile%\Application Data fikder
echo.
echo Checking the %Userprofile%\Application Data folder >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt >> %SystemDrive%\pfind.txt

"%CurDir%\strings" -a "%USERPROFILE%\Application Data\*.*" | "%CurDir%\grep" -f "%CurDir%\patterns.txt" >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

echo Checking the Windows folder for system and hidden files within the last 60 days
echo.
echo Checking the Windows folder for system and hidden files within the last 60 days >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt >> %SystemDrive%\pfind.txt

"%CurDir%\locate" "%WinDir%\*" /H /D- /D:T-60 >> %SystemDrive%\pfind.txt

echo. >> %SystemDrive%\pfind.txt
echo. >> %SystemDrive%\pfind.txt

"%CurDir%\ah.exe" "%CurDir%\regentries.bat %CurDir%"

PING 1.1.1.1 -n 1 -w 10000 >NUL

"%CurDir%\unix2dos.exe" %SystemDrive%\pfind.txt
start notepad %SystemDrive%\pfind.txt


Anyway my point of all this is that what you have printed as directions and what happens on my system do not follow exactly the same sequence. When scanning it doesn't take but a second and when the DOS window closes - it closes because I have closed it. It does not close on it's own as indicated unless it is a misintrepretaton by me (if so - I apologize.)

Here is the only PFind.txt on C: that i located...

Files found with this application may be legitimate.
Only remove files that you know are malware related.


Checking the folder



Checking the folder



Checking the C:\WINDOWS folder



Checking the C:\WINDOWS\SYSTEM folder



Checking all directories under the C:\WINDOWS\SYSTEM\drivers folder



Checking the \Start Menu\programs\Startup\ folder




Checking the \Application Data folder




Checking the \Start Menu\programs\Startup\ folder




Checking the \Application Data folder




Checking the Windows folder for system and hidden files within the last 60 days


THE SYSTEM GIVES ME KNOW MORE THAN THAT WHICH i BELIEVE IS LIKE THE SAME INFO GIVEN BEFORE JUST LESS DETAILED. OR IS THERE SOMETHING ELSE i HAVEN'T DONE THAT i NEED TO DO?

UNTIL YOU POST AGAIN, MY GRATITUDE... PBURRIER

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:55 PM

Posted 15 May 2005 - 05:10 PM

Hi pburrier. That last portion of the post was what I was looking for. It did not show any problem files.

Let's try this. Check out SFC - System File Checker and folow the directions for running the System File Checker utility. Let's see if any of the system files have become corrupt and need to be refeshed.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 pburrier

pburrier
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 17 May 2005 - 12:49 PM

Okay OT, I just typed half my reply to you and it disappeared... frustration is a way of life on this computer.

Before I ran SFC, it suggests that you make a current backup of the file registry.
On the screen for SFC is says ... "more backup info on file registry"

I went there and it goes on to describe where I can find my backup for Windows 98SE... "c:\windows\sysbkup" and are named "rb000.cab, rb001.cab etc."

When I looked under my Windows\Sysbckup file it shows some files named as such but the date on the file is 9/27/2002. I show no recent file in this directory beyond 7/9/2004 and they are not the named files as listed above.

So I am hesitant to run the SFC without knowing where if anywhere are my current system registery files. It just so happens that one of my posts on Bleeping was on 7/8/2004 for some help with something - but I don't know if that is just coincedence.

Anyway, I also scanned my computer for other *.*.CAB files but find no others listed. Do i just run it and hold my breath or what not knowing if there is a current registry file?

I ask this before I do anything else to it. I am sorry to trouble you with more of the same and am grateful for your direction.

Grateful for all your help... pburrier

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:55 PM

Posted 17 May 2005 - 06:02 PM

hi pburrier. Here is an MS article on how to backup your registry:

http://support.microsoft.com/default.aspx?...b;en-us;Q256419

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users