# [SOLVED] I have a feeling



## telecom69 (Oct 12, 2001)

Hi there.I have this feeling that something is stopping me downloading applications whatever from the internet,roughly 6 times lately I have tried to download things and everything works fine till the actual download should start then nothing,at first I put it down to the site being busy whatever,but now im wondering if indeed something is stopping this from happening,is it possible?anybody out there know? ....Im running windows ME by the way .....


----------



## bandit429 (Feb 12, 2002)

Do you have a firewall? Is it random or everytime?


----------



## telecom69 (Oct 12, 2001)

That was a quick reply thanks, I do not have a firewall at the moment I deleted it last week it was zone~alarm,it was not getting on very well with my kazaalite program,and yes its everytime,nothing will download,in particular I have tried spybot,and morpheus,and winzip with no joy from either .....


----------



## bandit429 (Feb 12, 2002)

Strange,, check your internet options settings,,,advanced tab and security tab,,see if you have it turned off


----------



## telecom69 (Oct 12, 2001)

It is strange,yes,almost everything is ticked in the advanced boxes including the install on demands,nothing in them has been touched,it is for all the world as if a firewall is blocking any downloading,but I dont have one anymore,I did remove zone~alarm using the add/remove facility.....


----------



## bandit429 (Feb 12, 2002)

In Msconfig is there any references to za or ctrl+alt+del whats running?


----------



## telecom69 (Oct 12, 2001)

There are no references to zone~alarm that I can see in either of those unfortunately ......


----------



## bandit429 (Feb 12, 2002)

I guess you already have tried to restore to an earlier date?

Have access to another computer?


----------



## bandit429 (Feb 12, 2002)

I think this startlog.com program will fit on a floppy,,could you run it and paste the result here so we can look at it?

http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html


----------



## telecom69 (Oct 12, 2001)

No I havent tried system restore yet,if thats what you mean?hadnt thought of that to be honest,I will try the other thing you are suggesting first but it will have to be a bit later on,as I have to go off for a while now,thanks so much for your help to date,will post back asap .......


----------



## bandit429 (Feb 12, 2002)

Ok but if you decide to restore remember time is limited as to how many days you can go back,,as days advance you lose dates to restore from


----------



## telecom69 (Oct 12, 2001)

I have done as you asked with the floppy how do I get it back to you,the results there is no normal copy/paste facility,and not done this before .....


----------



## bandit429 (Feb 12, 2002)

Copy and paste with your mouse into an open post just like you were going to type it in''or at the bottom hit the browse button and add it to a post


----------



## telecom69 (Oct 12, 2001)

---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 04/11/2002 6:21:59.03 
__________________________________________________________________________ 
__________________________________________________________________________

StartUp Log for Windows 95/98 - Freeware by rmbox 
__________________________________________________________________________ 
__________________________________________________________________________

Comments:

This is a log of all the programs on your computer that 
are starting automatically every time you start Windows. 
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.56) - Release Date 3/11/2002

__________________________________________________________________________ 
__________________________________________________________________________

StartUp Log Index

1. HKLM Run 
2. HKCU Run 
3. HKLM RunOnce 
4. HKCU RunOnce 
5. HKLM RunServices 
6. HKLM RunServicesOnce 
7. WIN.INI file 
8. SYSTEM.INI file 
9. AUTOEXEC.BAT file 
10. StartUp folder 
11. All Users StartUp 
12. Misc. StartUp Configurations

__________________________________________________________________________ 
__________________________________________________________________________

The following is a list of your current Start-Ups 
__________________________________________________________________________ 
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"LoadQM"="loadqm.exe"
"AVG_CC"="C:\\PROGRAM FILES\\GRISOFT\\AVG6\\avgcc32.exe /startup"
"Uninstall0001"="\"C:\\Program Files\\Common Files\\Totem Shared\\Uninstall0001\\upd.exe\" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl"
"freesurfer"="C:\\PROGRAM FILES\\FREE SURFER\\fs20.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

========================================================================== 
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath] 
"StartUp"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Display Controls"="RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY"

========================================================================== 
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

========================================================================== 
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath] 
"StartUp"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

========================================================================== 
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"SchedulingAgent"="mstask.exe"
"*StateMgr"="C:\\WINDOWS\\System\\Restore\\StateMgr.exe"
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"
"Avgserv9.exe"="C:\\PROGRA~1\\GRISOFT\\AVG6\\Avgserv9.exe"

========================================================================== 
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

========================================================================== 
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively. 
There should be nothing to the right of the equal signs.

These are the run and load lines in your WIN.INI file

run=

load=

========================================================================== 
__________________________________________________________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively. 
You should only see Explorer.exe following the equal sign.

This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

========================================================================== 
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)

These are your program startups and set paths in your autoexec.bat file

SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

========================================================================== 
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.

These are the shortcuts located in your StartUp folder

C:\WINDOWS\Start Menu\Programs\StartUp\InControl Desktop Manager.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\IEXPLORE.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\blueyonder connection manager.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Creative Element Power Tools Startup.lnk

========================================================================== 
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.

These are the shortcuts located in your All Users StartUp folder

*(No start-ups found)*

========================================================================== 
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================- 
Registry StartUp Directories 
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders

.....................................................................

-=======================- 
Registry Shell Spawning 
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================- 
HKLM RunOnceEx - Registry 
-=========================-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]

-=========================- 
HKU (.Default) Run - Registry 
-=========================-

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Display Controls"="RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY"

-==============================- 
HKU (.Default) RunOnce - Registry 
-==============================-

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]

-================================- 
StubPaths - Registry (Partial Listing) 
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components

"StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
"StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
"StubPath"=""
"StubPath"=""
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"
"StubPath"="C:\\WINDOWS\\SYSTEM\\ie4uinit.exe"
"Stubpath"="C:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"

-=================- 
WINSTART.BAT File - (c:\windows\winstart.bat) 
-=================-

@C:\WINDOWS\tmpcpyis.bat

-=================- 
WININIT.BAK File - (c:\windows\wininit.bak) 
(name) (type) (size)(modified)(time) 
wininit bak 148 03/11/02 21:31
-=================-

[rename]
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
[Rename]
NUL=C:\WINDOWS\NEWDOT~1.DLL

-=================- 
WININIT.INI File - (c:\wininit.ini) 
(name) (type) (size)(modified)(time) 
wininit ini 36 31/07/02 17:01
-=================-

[Rename]
NUL=Feurio_Uninstall.exe
-=====================- 
Screen Saver Settings (Possible system.ini start-up) 
-=====================-

========================================================================== 
__________________________________________________________________________

- Supplemental Environment Information -

CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
COMSPEC=C:\WINDOWS\COMMAND.COM
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
windir=C:\WINDOWS

File - c:\Wininit.ini 
File - c:\windows\Wininit.bak 
File - c:\windows\deletefi.ini

========================================================================== 
__________________________________________________________________________

- End -


----------



## telecom69 (Oct 12, 2001)

There you go then,getyour teeth into that lot,lol,will have to check back later for your reply tho .....thanks so much for your help so far ....Bob


----------



## bandit429 (Feb 12, 2002)

Well right away I see newdotnet and whats virtuagirl? But I'm gonna have to work on it tomorrow its a long startup and I want to be careful newdotnet can be a nasty problem,,restoring to an earlier date is not going to help,,isomeone with a fresh mind may come along to help but right now I'm too tired..going through this startup is going to require a fresh mind..No worries though we will get it.

Your Welcome


----------



## telecom69 (Oct 12, 2001)

Ok bandit,I really do thank you for your help so far,and that virtualgirl,lol, its a screensaver thing that one of the grandchildren downloaded,if I can find it I will delete it no problem,will wait for your reply,have a good day/night ...... 
virtualgirl is otherwise known as Lara Croft I think,this is just an image of here,she is something to do with games ......


----------



## AbvAvgUser (Oct 3, 2002)

VirtualGirl.com is not a game. Its a site providing porn links.

Anyway, have you tried usinga download manager like GetRight or Download Accelerator? Instead of these download mangers catching the links from your browser, put the URL directly into them. So that they will takeover your downlaoding.

For example, in Getright, go to File > Enter New URL and enter the URL of the file you wish to download.


----------



## telecom69 (Oct 12, 2001)

Since I used the a drive to send you the start up copy,every time I boot up now it accesses my floppy drive,how can I stop this happening?....


----------



## telecom69 (Oct 12, 2001)

Thanks for the suggestions abvavguser,if all else fails I will give that a try,there must be 2 virtualgirls then lol, the one on here was simply a cartoon image of the game~girl Lara Croft,if I could find it I would send it to you ....... Apart from that I couldnt download them anyway till this problem is fixed ......


----------



## bandit429 (Feb 12, 2002)

Did you remove the floppy diskette?


----------



## bandit429 (Feb 12, 2002)

I went to the virtua girl site,,not really a cosher site in my opinion I can't say that this installation would be causing you trouble but the nature of the site would suggest that it would. this is what I recommend. restart tapping f4 or f8 chose to start in the safe mode, go to add\remove programs and uninstall newdotnet .uninstall the popupstopper uninstall Kazaa or morpheus if you have them. If you could live without Lara Croft I would do that to.

Go to the site below and download and run adaware 5.83 and use it to remove all the spyware on that computer it will fit on a floppy. When you run it be sure all the boxes in the left window are checked and when you get to the backup button be sure to create a backup.

http://www.winsite.com/bin/Info?5000000038314

post back the results please


----------



## telecom69 (Oct 12, 2001)

Ok then heres the situation,yes I removed the floppy,but it tries to access floppy drive on boot up every time,I have uninstalled newdot and pop up stopper,I run adaware every day without fail,so no spyware,but since this is the thread problem I tried to download adaware,but couldnt of course,it was ok right up until the actual download then it stopped,I am a bit wary about deleting kazaalite,which I use daily in case I cannot download it again,there is no sign of this virtua girl or whatever anywhere,if you can tell me where to look,I will definitely delete it .....thanks again


----------



## telecom69 (Oct 12, 2001)

I found this on my desktop too,what should I do with this?....

---------- StubPath.txt

========================================================= 
StartUp Log Full StubPath List - 04/11/2002 6:22:03.04 
=========================================================

Comments:

The application referenced by a StubPath entry is only run once 
when Windows is started. 
At that time a corresponding entry is automatically placed in the 
HKCU\...Active Setup\Installed Components section of the registry. 
This added entry tells Windows to ignore that particular StubPath 
in all future start-ups. 
Removing the added HKCU entry will make the StubPath active again. 
A New User logging into Windows can also activate it.

This StubPath list is separate from StartUp.Log due to the large 
number of registry StubPaths that are found on some computers.

-=====================- 
Stub Paths - Registry 
-=====================-

[1] HKLM\Software\Microsoft\Active Setup\Installed Components 
[2] These are "all" of the StubPath start-ups in your registry:

[3]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\\WINDOWS\\INF\\setupc.inf"
[4]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\\WINDOWS\\INF\\applets.inf"
[5]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\\WINDOWS\\INF\\applets1.inf"
[6]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection FontsPerUser 64 C:\\WINDOWS\\INF\\fonts.inf"
[7]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\\WINDOWS\\INF\\ICS.inf"
[8]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\\WINDOWS\\INF\\icw97.inf"
[9]"StubPath"="regsvr32.exe /s /n /i:U shell32.dll"
[10]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\\WINDOWS\\INF\\moviemk.inf"
[11]"StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
[12]"StubPath"="RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf"
[13]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\\WINDOWS\\INF\\msinfo.inf"
[14]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\\WINDOWS\\INF\\msinfo.inf"
[15]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\\WINDOWS\\INF\\motown.inf"
[16]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\\WINDOWS\\INF\\motown.inf"
[17]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Base 64 C:\\WINDOWS\\INF\\msmail.inf"
[18]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\\WINDOWS\\INF\\sampler.inf"
[19]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection ShellPerUser 64 C:\\WINDOWS\\INF\\shell.inf"
[20]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\\WINDOWS\\INF\\shell2.inf"
[21]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\\WINDOWS\\INF\\subase.inf"
[22]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\\WINDOWS\\INF\\subase.inf"
[23]"StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
[24]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection TapiPerUser 64 C:\\WINDOWS\\INF\\tapi.inf"
[25]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\\WINDOWS\\INF\\wordpad.inf"
[26]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\\WINDOWS\\INF\\appletpp.inf"
[27]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\\WINDOWS\\INF\\mmopt.inf"
[28]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\\WINDOWS\\INF\\mmopt.inf"
[29]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection OlsPerUser 64 C:\\WINDOWS\\INF\\ols.inf"
[30]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\\WINDOWS\\INF\\ols.inf"
[31]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\\WINDOWS\\INF\\pchealth.inf"
[32]"StubPath"=""
[33]"StubPath"=""
[34]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\wmp.inf,PerUserStub"
[35]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\\WINDOWS\\INF\\applets.inf"
[36]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\\WINDOWS\\INF\\applets.inf"
[37]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\\WINDOWS\\INF\\enable.inf"
[38]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\\WINDOWS\\INF\\games.inf"
[39]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\\WINDOWS\\INF\\games.inf"
[40]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\\WINDOWS\\INF\\games.inf"
[41]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\msmsgs.inf,BLC.Remove.PerUser"
[42]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\\WINDOWS\\INF\\motown.inf"
[43]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\\WINDOWS\\INF\\motown.inf"
[44]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\\WINDOWS\\INF\\motown.inf"
[45]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\\WINDOWS\\INF\\rna.inf"
[46]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\\WINDOWS\\INF\\appletpp.inf"
[47]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.W95"
[48]"StubPath"="rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}"
[49]"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
[50]"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
[51]"StubPath"="rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}"
[52]"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
[53]"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
[54]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection OlsAolPerUserRemove 64 C:\\WINDOWS\\INF\\ols.inf"
[55]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection OlsAttPerUserRemove 64 C:\\WINDOWS\\INF\\ols.inf"
[56]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection OlsProdigyPerUserRemove 64 C:\\WINDOWS\\INF\\ols.inf"
[57]"StubPath"="rundll.exe C:\\WINDOWS\\SYSTEM\\setupx.dll,InstallHinfSection OlsEarthlinkPerUserRemove 64 C:\\WINDOWS\\INF\\ols.inf"
[58]"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"
[59]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\wpie5x86.inf,PerUserStub"
[60]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\CChat25.inf,PerUserRemove"
[61]"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\fpxpress.inf,PerUserstub"
[62]"StubPath"="C:\\WINDOWS\\SYSTEM\\ie4uinit.exe"
[63]"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[64]"Stubpath"="C:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"

----------------------------------------------------------------

(End)


----------



## ~Candy~ (Jan 27, 2001)

Delete it.


----------



## telecom69 (Oct 12, 2001)

Thanks Candy lol...


----------



## bandit429 (Feb 12, 2002)

Kazalite is ok,,but newdotnet is spyware that adaware does not target,,It was not my idea to have you try to remove newdotnet with adaware,,I wanted that done by you from add/remove programs,

My idea was that I was trying to help you regain enough control on your computer to download and run spybot which does target newdotnet but the program will not fit on a floppy
go to start,,, run,,type in msconfig and click the startup tab.
There you can disable virtuagirl.. But before you restart change your screensaver or background then restart,, we'll work on the other things later,,its back to work for me


----------



## telecom69 (Oct 12, 2001)

Ok then update,I did remove newdotnet with add/remove progs like you wanted,I went into msconfig and there was no sign of that vitua girl in there,so obviously I couldnt delete it,and I have no screensaver or background .....


----------



## ~Candy~ (Jan 27, 2001)

How about start menu, programs, startup folder


----------



## telecom69 (Oct 12, 2001)

Nope not in any of them either lol....


----------



## ~Candy~ (Jan 27, 2001)

Can you post a revised startup log then


----------



## Jedi_Master (Mar 13, 2002)

Just a suggestion...

Can you click on Start - Run - type in regedit - OK, and navigate to this key...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

And delete this entry...

LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl


----------



## Mosaic1 (Aug 17, 2001)

I like Startup Log very much. But there is a program which shows us much more information. And in this case, I have to say I would really like you to dwonload it and run it please. Paste the results into a post here. The program is StartupList and you can get it here:

http://www.spywareinfo.com/files/startuplist.zip

Also, you say everything is OK until the Download is supposed to start. I am not sure what that means. What does your screen look like when you try to download? Try this in the event you have this common problem. Go to Start>Run and type regedit. Press enter.

Navigate to :*
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Plugins\extension*

Right click on extension and choose delete from the popup menu. If the key doesn't exist, then that's not a problem. It may not be there.

For the floppy seeking, empty your recent Documents History on the Start Menu. See if that helps. Also, have a look at System Properties>Performance>FIle System>Floppy Disk Tab

Is the Box labeled Search for new Floppy disk drives each time your computer starts selected? If it is, uncheck it.


----------



## Mosaic1 (Aug 17, 2001)

I haven't been spending much time in the registry lately but this looks like one entry:

"Uninstall0001"="\"C:\\Program Files\\Common Files\\Totem Shared\\Uninstall0001\\upd.exe\" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl" 

An uninstall Routine running from this Registry Key?


----------



## telecom69 (Oct 12, 2001)

Here you go Candy as asked for.....

---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 05/11/2002 5:31:50.10 
__________________________________________________________________________ 
__________________________________________________________________________

StartUp Log for Windows 95/98 - Freeware by rmbox 
__________________________________________________________________________ 
__________________________________________________________________________

Comments:

This is a log of all the programs on your computer that 
are starting automatically every time you start Windows. 
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.56) - Release Date 3/11/2002

__________________________________________________________________________ 
__________________________________________________________________________

StartUp Log Index

1. HKLM Run 
2. HKCU Run 
3. HKLM RunOnce 
4. HKCU RunOnce 
5. HKLM RunServices 
6. HKLM RunServicesOnce 
7. WIN.INI file 
8. SYSTEM.INI file 
9. AUTOEXEC.BAT file 
10. StartUp folder 
11. All Users StartUp 
12. Misc. StartUp Configurations

__________________________________________________________________________ 
__________________________________________________________________________

The following is a list of your current Start-Ups 
__________________________________________________________________________ 
__________________________________________________________________________

1. HKLM Run - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"LoadQM"="loadqm.exe"
"AVG_CC"="C:\\PROGRAM FILES\\GRISOFT\\AVG6\\avgcc32.exe /startup"
"Uninstall0001"="\"C:\\Program Files\\Common Files\\Totem Shared\\Uninstall0001\\upd.exe\" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl"
"freesurfer"="C:\\PROGRAM FILES\\FREE SURFER\\fs20.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

========================================================================== 
__________________________________________________________________________

2. HKCU Run - Registry

[RegPath] 
"StartUp"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Display Controls"="RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY"

========================================================================== 
__________________________________________________________________________

3. HKLM RunOnce - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

========================================================================== 
__________________________________________________________________________

4. HKCU RunOnce - Registry

[RegPath] 
"StartUp"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

========================================================================== 
__________________________________________________________________________

5. HKLM RunServices - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"SchedulingAgent"="mstask.exe"
"*StateMgr"="C:\\WINDOWS\\System\\Restore\\StateMgr.exe"
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"
"Avgserv9.exe"="C:\\PROGRA~1\\GRISOFT\\AVG6\\Avgserv9.exe"

========================================================================== 
__________________________________________________________________________

6. HKLM RunServicesOnce - Registry

[RegPath] 
"StartUp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

========================================================================== 
__________________________________________________________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively. 
There should be nothing to the right of the equal signs.

These are the run and load lines in your WIN.INI file

run=

load=

========================================================================== 
__________________________________________________________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively. 
You should only see Explorer.exe following the equal sign.

This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

========================================================================== 
__________________________________________________________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)

These are your program startups and set paths in your autoexec.bat file

SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

========================================================================== 
__________________________________________________________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.

These are the shortcuts located in your StartUp folder

C:\WINDOWS\Start Menu\Programs\StartUp\InControl Desktop Manager.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\IEXPLORE.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\blueyonder connection manager.lnk
C:\WINDOWS\Start Menu\Programs\StartUp\Creative Element Power Tools Startup.lnk

========================================================================== 
__________________________________________________________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.

These are the shortcuts located in your All Users StartUp folder

*(No start-ups found)*

========================================================================== 
__________________________________________________________________________

12. Miscellaneous StartUp Configurations

-============================- 
Registry StartUp Directories 
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.....................................................................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.....................................................................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

.....................................................................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.....................................................................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders

.....................................................................

-=======================- 
Registry Shell Spawning 
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================- 
HKLM RunOnceEx - Registry 
-=========================-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]

-=========================- 
HKU (.Default) Run - Registry 
-=========================-

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Display Controls"="RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY"

-==============================- 
HKU (.Default) RunOnce - Registry 
-==============================-

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]

-================================- 
StubPaths - Registry (Partial Listing) 
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components

"StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
"StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
"StubPath"=""
"StubPath"=""
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"
"StubPath"="C:\\WINDOWS\\SYSTEM\\ie4uinit.exe"
"Stubpath"="C:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP"

-=================- 
WINSTART.BAT File - (c:\windows\winstart.bat) 
-=================-

@C:\WINDOWS\tmpcpyis.bat

-=================- 
WININIT.BAK File - (c:\windows\wininit.bak) 
(name) (type) (size)(modified)(time) 
wininit bak 102 04/11/02 14:49
-=================-

[rename]
NUL=C:\WINDOWS\UNVISE32.EXE
NUL=C:\WINDOWS\UNVISE32.EXE
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

-=================- 
WININIT.INI File - (c:\wininit.ini) 
(name) (type) (size)(modified)(time) 
wininit ini 36 31/07/02 17:01
-=================-

[Rename]
NUL=Feurio_Uninstall.exe
-=====================- 
Screen Saver Settings (Possible system.ini start-up) 
-=====================-

========================================================================== 
__________________________________________________________________________

- Supplemental Environment Information -

CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
COMSPEC=C:\WINDOWS\COMMAND.COM
PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
winbootdir=C:\WINDOWS
windir=C:\WINDOWS

File - c:\Wininit.ini 
File - c:\windows\Wininit.bak 
File - c:\windows\deletefi.ini

========================================================================== 
__________________________________________________________________________

- End -


----------



## telecom69 (Oct 12, 2001)

Hi Jedi Master that wasnt shown under any of the run options Im afraid .....but thanks anyway


----------



## telecom69 (Oct 12, 2001)

Thanks to Mosaic1 for your input.I tried to download the prog you suggested but all I got when I clicked on to it was just a white screen and nothing else,you asked what does the screen look like when I try to download?well it goes thro all the motions but it just never gets to the point where it says you are downloading from...whatever it just wont go any further and thats on everything I try to download,just as if something is blocking them,its very strange indeed,I have come across this before with the odd site,but never with every one I try.I suppose now I have tried to download at least 10 items with no success,EXCEPT.....last night,just for the hell of it,I tried to download Zone Alarm once again,and surprise surprise,it started to do that,but since I didnt want it I cancelled,I thought at first everything had gone right,but no,nothing else will download,so there you have it.......The extension key you mentioned was not there by the way ....thanks for helping


----------



## telecom69 (Oct 12, 2001)

Jedi Master,I can find this one,is this the one you mean?......Uninstall0001"="\"C:\\Program Files\\Common Files\\Totem Shared\\Uninstall0001\\upd.exe\" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl"


----------



## bandit429 (Feb 12, 2002)

I think you might have missed the part where Mosaic1 requested the startup list program,its a different startup program ,I did'nt ask you to do that because I did'nt think it would fit on a floppy,,,the .zip will. The information is more detailed and will better help to determine exactly whats next. I apologize for the inconvenience of doing this again. It was my mistake.

http://www.spywareinfo.com/files/startuplist.zip


----------



## bandit429 (Feb 12, 2002)

Mosaic1 mentioned that one but wanted better information I believe was the request


----------



## telecom69 (Oct 12, 2001)

Hi there bandit,thanks for returning,its ok no problems,I cant do as Mosaic1 wants anyway,because if I click onto the site she gave me,all I get is a white screen,it doesnt go to any site or anything .......


----------



## telecom69 (Oct 12, 2001)

The site Mosaic1 gave me no longer exists it seems...thia is what I came up with by typing it in ......
The requested URL was not found on this server. Please try our links section or search for what you were looking for.

If you got here by clicking a link to something at spywareinfo.net, please inform the webmaster of the site that sent you here that the newsletter archives are now at http://www.spywareinfo.com/newsletter/. Just substitute http://www.spywareinfo.net/archives/ with http://www.spywareinfo.com/newsletter/archives/

If you are looking for the Pacman's Portal startups list mirror, they have been moved to the following URLs:

http://www.spywareinfo.com/startup_content.htm
http://www.spywareinfo.com/startup_pages/startup_full.htm
http://www.spywareinfo.com/startup_pages/Updates/updates.htm

If you find the page you wanted in our links section and the site you came from had the wrong URL, or the page isn't even listed in our links sections, please contact the webmaster of that site about the error. If you find the page in our links section, but it still doesn't work, contact us about it.

So which one do you want me to use? ......


----------



## telecom69 (Oct 12, 2001)

Thanks too,to Mosaic1 for sorting this one.......Is the Box labeled Search for new Floppy disk drives each time your computer starts selected? If it is, uncheck it.
it was and I did,lol, hoping its sorted that now


----------



## bandit429 (Feb 12, 2002)

The link is good,,you will have to do it from a computer that downloads ok though,,download directley to a floppy and carry it to the problem computer then run it.

The link does not go to a site where you will look for a download,,its a link directly to the down load and it will start as soon as the connection is complete

http://www.spywareinfo.com/files/startuplist.zip


----------



## ~Candy~ (Jan 27, 2001)

> _Originally posted by telecom69:_
> *Jedi Master,I can find this one,is this the one you mean?......Uninstall0001"="\"C:\\Program Files\\Common Files\\Totem Shared\\Uninstall0001\\upd.exe\" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl" *


Yes, that is the listing Jedi was referring to, that's the one that has to go........


----------



## telecom69 (Oct 12, 2001)

> _Originally posted by AcaCandy:_
> *Yes, that is the listing Jedi was referring to, that's the one that has to go........ *


I have finally deleted that virtuagirl now,but I cannot do as you ask bandit unfortunately, I have no access to another computer ....sorry


----------



## Mosaic1 (Aug 17, 2001)

Are you able to retrieve attachments from emails? If so, I will email you Startup List and also HijackThis and you can run those utilities. If you will Private Message me to give me you email address, I'll do that.


----------



## Mosaic1 (Aug 17, 2001)

I am looking at this again and I see nothiong to indicate you have tried a total removal of the Temporary Internet Folder. If there is aproblem with it, possibly the index.dat is read only, you may not be able to download anything.

If you have a Win ME bootdisk, put it in the drive and reboot. Choose minimal boot when offered.

At the prompt type these lines and press enter after each:
C: 
cd windows
deltree tempor~1
You will be asked if you are sure you want to delete Temp Int and all its subfiles. answer yes. Be sure it is Temp Int you are deleting.
If nothing happens, then temp int is not there, It is here instead.

Type this next
cd locals~1
deltree tempor~1


Remove the Floppy from the drive and restart the computer.


----------



## telecom69 (Oct 12, 2001)

Hi there,Ive done as you asked and sent you a private message withthe necessary,not sure what you mean by the temporary internet folder? is this the one that houses all the temporary internet files or not? never done very much in dos at all ....... By the way its 10pm here now so there will be some delay before next message


----------



## Mosaic1 (Aug 17, 2001)

Late in the UK. Dinner time here. I have to sign off in a few minutes myself. 
I sent you a small zip file. Yes. Temporary Internet Files.

I am now downloading the newest Spybot version. It will take a while. I will then email it to you.

In your PM you mentioned Zone Alarm. I wonder if it is the problem. You said you reinstalled it. Maybe an uninstall followed up by a manual cleanup might help. 


One other idea would be to install a Download Manager and see if that works. Let me know. I will see about getting one to you in the email.


----------



## Mosaic1 (Aug 17, 2001)

The new version of Spybot was over the 2 MB limit. The email would not go through. Sorry.


----------



## Mosaic1 (Aug 17, 2001)

I decided to go over to the Zone Alarm site and search for manual uninstall and clean up directions. I found them. If you feel ZA is blocking your ability to download, see if this helps.
http://www.zonelabs.com/store/content/support/znalmInstall98FAQ.jsp


----------



## bandit429 (Feb 12, 2002)

> DISCLAMER OF ACTIVITY
> Since VirtuaGirl(tm) has both a client (software) and server (network) component, www.virtuagirl.com - controlled servers do communicate with your computer on a regular basis. We use technology that automatically delivers software applications, automatic updates to these applications, and other information to your computer without requiring any action on your part so that they will be ready and waiting for you when you need them. No personal information is sent, only what information you provide and anonymous uninstall activity.
> 
> where do you see that
> in the startup?


----------



## bandit429 (Feb 12, 2002)

Everybody,,I don't usually have things like this in my computer,,i only did this to help and I'm removing it soon so hurry up with the questions if you have any.


----------



## telecom69 (Oct 12, 2001)

Hi Mo and thanks I got it as you see,......
StartupList report, 06/11/2002, 03:40:47
Detected: Windows ME (Win9x 4.90.3000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\MY DOCUMENTS\WINZIP\WINZIP32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MY DOCUMENTS\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
IEXPLORE.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
blueyonder connection manager.lnk = ?
Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
LoadQM = loadqm.exe
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components

[{89820200-ECBD-11cf-8B85-00AA005B4395}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[>PerUser_MSN_Clean]
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs]
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:

[rename]
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

@C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------
End of report, 6,731 bytes
Report generated in 0.199 seconds

StartupList version: 1.30.0
Started from: C:\MY DOCUMENTS\STARTUPLIST.EXE

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## telecom69 (Oct 12, 2001)

If you are asking about th vituagirl details I found them in the registry,courtesy of a Jedi_Master suggestion a bit earlier in the thread,and deleted it from there .......


----------



## telecom69 (Oct 12, 2001)

Thanks for all your help Mo,I am going to try the manual uninstall a bit later in the day,its just 5am at the moment lol, thanks for trying the email with spybot too,Im certainly willing to try a download manager too,Ill try anything you suggest,what am I supposed to do with the hi~jack application,it works fine from what I can see,but there was no way I could see, that I could send what it showed, back to you.....


----------



## telecom69 (Oct 12, 2001)

Hi again,Ive just had a look thro the manual uninstall of zone alarm,and its a pretty daunting task lol, I will leave that till the very last option I think,since Im by no means sure that the problem is being caused by that yet,......


----------



## telecom69 (Oct 12, 2001)

I just had another try to download and this is what I got .....
Not Found
The requested URL /~su1669/spybotsd.zip was not found on this server.


--------------------------------------------------------------------------------

Apache/1.3.26 Server at studserver.uni-dortmund.de Port 80


----------



## bandit429 (Feb 12, 2002)

http://support.microsoft.com/default.aspx?scid=kb;en-us;q178084&id=kb;en-us;q178084

WIN32 Network Service 
Interface Process. MPREXE.exe 
enables the computer to have 
multiple clients/protocols for 
networks. There are some 
problems with it sometimes 
though - Note 
- why some people have it listed 
in start-up programs I don't know 
but I was asked to include it here. 
It automatically runs in the 
background. NOTE : sometimes 
it will appear in start-ups if you 
have a virus


----------



## Mosaic1 (Aug 17, 2001)

Hijack this will give us more information. Open it and choose Scan. Then hit the Save Log button. Copy and paste the results into a post here, please.

It can be used to remove things too. But you have to be careful about what you remove. 

Let me find you a Download Manager and email it to you. 

I don't think mprexe is a problem. 
Here's what I see in your startups. 

I would remove LOADQM.EXE That is a possible privacy issue and is not needed.

I see you have two instances of Windows Explorer running. Have you applied a Tweak to have the desktop run in Separate process? 



Stimon.exe You need this running in order to use a Scanner. But you don't need it to run at startup. You can create a shortcut to it. Start it when you need the scanner.
--------------------------------

Not very much going on. Have you checked your Internet Connection settings with your ISP? Are you using Broadband? 
Or running a proxy server?


----------



## telecom69 (Oct 12, 2001)

Logfile of HijackThis v1.71.0
Scan saved at 14:58:34, on 06/11/2002
Platform: Windows 9x 4.90.3000

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.searchgateway.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by blueyonder
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL (file missing)
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRAM FILES\GO!ZILLA\GOIEHLP.DLL
O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: AOL Instant Messenger (TM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.blueyonder.co.u


----------



## telecom69 (Oct 12, 2001)

Hi and good day Mo, I wasnt aware of two instances of windows explore running,how can I stop one,my internet connections are ok,and I dont have broadband at the moment,and also no proxy,I was just about to post the log when I got your message .........


----------



## Mosaic1 (Aug 17, 2001)

The reason I asked is because I see blue Yonder. That is an ISP in the UK. Or it is a proxy server. Did you install this on purpose?
It looks like you need to remove it if it is not your ISP. You don't want it there, It is a proxy server. It is in your startups. You have been hijacked. 
I see a few more things in HijackThis too. Your search page and IEreset have been changed.... You really need to be able to use Spybot. 

Here's what I have done. I opened the Spybot Zip file and removed some of the extras. The Language packs etc. I trimmed it down to under the size limit. I am sending it to you now. It will take a few minutes. I have a slow connection. 
Unzip it and install. Read the help file. Run it. Then do another Hijack this and post again. Let's see what's left.

Do another StartupList too.


----------



## telecom69 (Oct 12, 2001)

Yes blueyonder,and thats how its spelt, is my ISP,its part of telewest communications,who are my cable suppliers too ....


----------



## Jest8 (Jun 29, 1999)

Just a quick question... 

Have you deleted your TEMP files? If you have a large amount of files in that folder, it could be causing the download problem.

Never hurts to ask


----------



## Mosaic1 (Aug 17, 2001)

I am still in the process of sending you Spybot. My connection has slowed to a crawl. It will be a few minutes. I hope it goes through this time. It is about 1.8 MB. I hope you have room in your hotmail account to hold it. Have a look and clean all the spam out of your inbox so it will hold it please. I also found a Download manager. It is spyware free and recommended by Spyware Info. I'll send that in a while.


----------



## Mosaic1 (Aug 17, 2001)

Darn it. The Spybot upload still won't go through. The message is too large again. Let me see if I can trim it down again. 

And did you deltree the Temporary Internet Folder as mentioned last night?

EDIT: Trying to send it again.


----------



## telecom69 (Oct 12, 2001)

Hi  ,i got your emails Mo,thanks for trying so hard,but I have some good news at last,have finally found a site that is allowing me to download spybot,its called webattack.com,Im in the final stages at the moment off the download,and will let you know shortly how its going ........


----------



## Mosaic1 (Aug 17, 2001)

You are able to download? Great news. Let us know how it goes. 

Mo


----------



## telecom69 (Oct 12, 2001)

Well only from this site Mo,tried 4 others with no luck before this,but at least we are downloading lol, in fact its just finished,so yes I got it, and will do as you said earlier,and get b
ack to you soon ....watch this space.... 
and yes temporary internet folder empty.....


----------



## telecom69 (Oct 12, 2001)

Well Mo or do you prefer Katie?,I ran it and it came up with...99 problems....71 were seconds whatever they are and 61 were pre ticked in red,its astounding to think that much spyware can be on your computer,so whats next do I get rid of all the red ones?....there will be a delay before next post,have to go out for a while,thanks so much,see you later..  Incidentally ther were quite a few in green but unticked ......


----------



## Mosaic1 (Aug 17, 2001)

The red are the ones which should be deleted. The others are suggestions. Have a look at the list and you'll see. some of the suggestions are lists kept in the registry of recently used files. Deleting them is good, but not 100% needed. It's your choice. 

On the forums I use Mo usually. After, see if any of the Downloads which didn't work before, will now start.


----------



## Jest8 (Jun 29, 1999)

not the temporary internet files.... the *TEMP* folder (normally located at c:\windows\temp).
Some downloads are initially sent to that folder before being put in the location that you chose, so if the folder is stuffed, there may be an issue with that.


----------



## telecom69 (Oct 12, 2001)

Hi Mo,I cannot get the computer to boot up with the boot disk I have,it just starts up as normal,is this folder you want deleting the same as in c:\windows\temp ? if so can I not do it from there?....


----------



## telecom69 (Oct 12, 2001)

StartupList report, 07/11/2002, 03:10:15
Detected: Windows ME (Win9x 4.90.3000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\MY DOCUMENTS\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
IEXPLORE.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
blueyonder connection manager.lnk = ?
Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
LoadQM = loadqm.exe
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components

[{89820200-ECBD-11cf-8B85-00AA005B4395}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[>PerUser_MSN_Clean]
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs]
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:

[rename]
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

@C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------
End of report, 6,669 bytes
Report generated in 0.272 seconds

StartupList version: 1.30.0
Started from: C:\MY DOCUMENTS\STARTUPLIST.EXE

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## telecom69 (Oct 12, 2001)

Logfile of HijackThis v1.71.0
Scan saved at 03:20:18, on 07/11/2002
Platform: Windows 9x 4.90.3000

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.searchgateway.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by blueyonder
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL (file missing)
O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: AOL Instant Messenger (TM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.blueyonder.co.u


----------



## Mosaic1 (Aug 17, 2001)

If the bootdisk is not working, it may be an issue of setting the boot sequence in the BIOS. You have to set the Floppy to boot before the Hard Drive.

The Startup List and Hijack this look the same as before. Did you run them again?


----------



## telecom69 (Oct 12, 2001)

Yes they were run first thing this morning about an hour ago,I will run them again now,just to make sure.......


----------



## telecom69 (Oct 12, 2001)

StartupList report, 07/11/2002, 04:20:14
Detected: Windows ME (Win9x 4.90.3000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\MY DOCUMENTS\STARTUPLIST.EXE
C:\WINDOWS\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
IEXPLORE.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
blueyonder connection manager.lnk = ?
Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
LoadQM = loadqm.exe
AVG_CC = C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
Avgserv9.exe = C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components

[{89820200-ECBD-11cf-8B85-00AA005B4395}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[>PerUser_MSN_Clean]
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs]
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:

[rename]
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

@C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------
End of report, 6,693 bytes
Report generated in 0.063 seconds

StartupList version: 1.30.0
Started from: C:\MY DOCUMENTS\STARTUPLIST.EXE

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## telecom69 (Oct 12, 2001)

Logfile of HijackThis v1.71.0
Scan saved at 04:22:00, on 07/11/2002
Platform: Windows 9x 4.90.3000

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.searchgateway.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by blueyonder
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL (file missing)
O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O9 - Extra button: AOL Instant Messenger (TM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.blueyonder.co.u


----------



## telecom69 (Oct 12, 2001)

There you go then Mo,both the above have just been done in the last 5 minutes,Im not too sure about doing anything in the bios,a brief description would be appreciated if you have time .......


----------



## Mosaic1 (Aug 17, 2001)

Here's a link with directions on how to enter the BIOS. Be careful in there. Only make the one change.

http://www.computerhope.com/help/cmos.htm
When you get there, you want to change the boot sequence so the Floppy boots first. Save the changes and exit.

Then reboot with the floppy in the drive.
------------------------------------
Regarding your Hijack This:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.sureseeker.com/search.htm

Sureseeker.com is a hijacker

I would remove this one too. 
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBARIE.DLL (file missing)

Remove this one too. 
2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)

O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html 
Do you have Go!Zilla installed?

Using Hijack this, you select everything you do not want removed and click the add to ignore list. What will be left are the items you want to remove. Then click the Fix Checked Button to remove those items you have opted to remove.


----------



## bandit429 (Feb 12, 2002)

One more idea, do you have a dsl modem? If yes

go to your control panel,,internet options,,advanced tab and check " use passive ftp" if it don't work uncheck it.


----------



## telecom69 (Oct 12, 2001)

Hi Mo,I have had a look in the bios and I have to admit to being a little wary about working in there unless I really have to,are these files not the same as in...c:\windows\temp ? can I not delete them from there perhaps instead......


----------



## ~Candy~ (Jan 27, 2001)

TC, changing the bios is no big deal, actually you should have the floppy boot first in any event....just change the order from c: first, to a: first, then save changes coming out........trust me, the computer isn't going to blow up


----------



## telecom69 (Oct 12, 2001)

Right then,I have conquered my fear,lol, but am having troubles in there,it doesnt want to know about that tilde thing,is it supposed to be a dash,space or what?because all it keeps coming up with is invalid directory,ot too many parameters,the tilde Im on about in M
osaics message is beween tempor and 1,and locals and one.........


Candy,I take it that its ok to leave the settings as they are now regarding the floppy being first in order?


----------



## ~Candy~ (Jan 27, 2001)

The boot order with the floppy first should be fine.......just be sure you don't leave a floppy in the drive, otherwise it'll cry foul and ask you to remove it............irritating if you've gone to fill your coffee and expect a desktop when you walk back in 

What are you trying to delete (without me scrolling back thru and trying to figure it out)  I think, if you're talking about the symbol, look at the key right beside number 1 on your main keyboard.


----------



## telecom69 (Oct 12, 2001)

am looking at this again and I see nothiong to indicate you have tried a total removal of the Temporary Internet Folder.....this is what Mo wants me to do .....is that not the same folder thats in c:\windows\temp?


----------



## telecom69 (Oct 12, 2001)

This was Mo's message she sent .......


If you have a Win ME bootdisk, put it in the drive and reboot. Choose minimal boot when offered. 

At the prompt type these lines and press enter after each: 
C: 
cd windows 
deltree tempor~1 
You will be asked if you are sure you want to delete Temp Int and all its subfiles. answer yes. Be sure it is Temp Int you are deleting. 
If nothing happens, then temp int is not there, It is here instead. 

Type this next 
cd locals~1 
deltree tempor~1 


Remove the Floppy from the drive and restart the computer.


----------



## ~Candy~ (Jan 27, 2001)

> _Originally posted by telecom69:_
> *and yes temporary internet folder empty..... *


It appears you did complete that, no?


----------



## ~Candy~ (Jan 27, 2001)

Have a look in windows explorer first so that you know where they are for sure, mine are in windows\temporary internet files\.

And did you find that symbol key?


----------



## telecom69 (Oct 12, 2001)

I deleted the temporary internet files,which apparantly are different to the temporary internet folder,the temp internet files I can delete via tools and internet options,but I think the ones Mo wants deleting are in c:\windows\temp which is a different thing altogether,Im just not sure ...... the symbol is a tilde I think and its above the hash on my computer,but it wont enter as a tilde in the bios .....


----------



## ~Candy~ (Jan 27, 2001)

In the bios? or in dos? 

I think you may be confusing the two....it should be available in dos ~ (you have to use the shift key with it though).


----------



## telecom69 (Oct 12, 2001)

Did mean dos of course lol, brain a little scrambled ,yes I did use the shift key but it wouldnt go in ..........


----------



## ~Candy~ (Jan 27, 2001)

That's strange, will that key work from a dos prompt from within windows? I'm not sure if that can be deleted from there or not.......(where's Mo  )


----------



## telecom69 (Oct 12, 2001)

Its ok Candy,its usually another 4 or 5 hours yet before she get on here,so I will wait,thanks for your help so far anyway and of course watch this spacelol ....


----------



## Mosaic1 (Aug 17, 2001)

In pure DOS you have to use Short File names. That's where the Tilde ~ comes in. 

I wanted you to remove the entire Temporary Internet Folder in the event the index.dat was causing a problem.

Someone else suggested removing Windows/Temp 

Removing all the files while running is not the same as deltreeing the entire folder.


----------



## telecom69 (Oct 12, 2001)

Ok then Mo so we are agreed its a tilde,when I enter the cd windows one,it comes back with bad command or file name.....
when I enter cd locals~1 it says invalid directory ....


----------



## Mosaic1 (Aug 17, 2001)

Your DOS is not working right. I don't know why. Open a command prompt within windows and try cd locals~1

or cd\ Press enter 

Is it still doing that? Bad Command or file name? 

Have a look to see if you have the C:\windows\command folder
and what is in it. 

At this point, I want to see about getting you a download Manager. I went over to SpywareInfo and downloaded one of the recommended and spyware free utilities. I am going to email it to you.

Your original problem was with downloads. After you ran Spybot did you go back and see if your downloading situation has improved?

Give me a few minutes. I am going to send you the utility.

In the meantime, try this.
Go to Windows Explorer and find Temporary Internet. It will be either in C:\windows or in C:\windows\Local Settings
It has a subfolder named Content.IE5

See if you can delete that folder. If it allows you to delete it, you will have to reboot immediately to avoid repeated Windows Crashes. A new folder containing a new index.dat will be created when Windows reboots.

Don't install the Download Manager until you see if this has all helped. Test things out.
If you still have a Download problem, install the Download Manager I am sending and see if it does the trick for you.


----------



## telecom69 (Oct 12, 2001)

There are about 46 objects in the command folder Mo, is there anything specific that you want to know about?.....


----------



## Mosaic1 (Aug 17, 2001)

No. Actually. I was kind of hoping it was empty. I don't know why you cannot get a command going. 
At the prompt, if you type C:
and press enter to change drives, I am not sure where to go next. 
Did you get the Download Manager? Maybe installing and seeing if it solves the Downloading trouble is an idea.


----------



## telecom69 (Oct 12, 2001)

I really have no idea at all about DOS Mo,so how do I get the command prompt you are asking about?and I have found the IE5 folder,and it will allow me to delete,but is saying if I do windows may not work correctly,so Im asking for your confirmation first .....


----------



## telecom69 (Oct 12, 2001)

I did actually come across a deltree folder during all this searching so took a look inside it and it said,parameters missing,so maybe thats why the dos is not working?....


----------



## telecom69 (Oct 12, 2001)

Yes I did get the download manager Mo,and thanks so much for all your help with that,I will try that next I think and let you know ....


----------



## Mosaic1 (Aug 17, 2001)

If you went into C:\windows\command and double clicked on deltree.exe you would get a parameters missing error. Tomorrow I will ask one of the Moderators here who runs Win ME to have a look. 

Maybe he'll have some ideas on this.


----------



## telecom69 (Oct 12, 2001)

Hi Mo,Ive had no more takers as it were,so have decided to call it a day on this one,I have managed to download a couple of things by selecting sites,and the download manager you sent me works just fine as well,so for the amount of downloading I do,I will be ok now,I want to thank you for all your time and effort that you put into this,and Im impressed by your knowledge of computers  Thanks also to bandit429 who was in from the beginning,and of course to AcaCandy who always comes up with invaluable help.Thank you and good luck to you all  ....Bob


----------



## Mosaic1 (Aug 17, 2001)

Bob,
I'm sorry to hear we couldn't do more. So long as you are able to Download what you need, that's good, though.

About the Command prompt. I did ask one of the Moderators about it. He asked me to doublecheck that you used an ME bootdisk and chose minimal. Otherwise you would not have been in true DOS.


Mo


----------



## telecom69 (Oct 12, 2001)

Hi Mo, Yes I did use the proper boot up disk and did choose minimal so guess it will remain a mystery all my typing was as you said too unless there was supposed to be a space somwhere I missed,anyway Mo thanks once more for all your help,dont suppose it will be long before Im back again


----------



## telecom69 (Oct 12, 2001)

Hi Mo,just to let you know that everything is ok now and that download manager is better than the real thing lol,so Im sticking with that,take care ...Bob


----------

