# Solved: unable to find wininet.dll (windows98)



## Steveo76 (Jul 19, 2005)

After I boot up my windows 98 a message comes up saying "wininet.dll not found". I downloaded the file from dll-files.com and I copy and paste the file into my windows/system folder. My internet explorer and programs using the internet work after I do this. The problem is that I need to copy and paste the file every time I restart the computer. 

I was told to click Start, Run and type "regsvr32 wininet.dll", but an error message comes up saying 
"wininet.dll was located but the DllRegisterServer entry point was not found. DllRegisterServer may not be exported, or a corrupt version of wininet.dll may be in memory. Consider using PView to detect and remove it". 

**For now I just keep copying and pasting wininet.dll into the system folder but I'd like to find out how to keep it there. Any suggestions appreciated. Thanks.

-Steve


----------



## Rollin' Rog (Dec 9, 2000)

There is a hijack going around that deletes the wininet.dll. Post a HijackThis Scanlog and if it appears you have it, I'll move the thread to the Security forum

Download and install HijackThis using the "self extractor". Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe


----------



## Steveo76 (Jul 19, 2005)

Here's my HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 12:25:00 AM, on 8/2/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_3_0.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_3_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ICSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\RunServices: [1A:Stardock TrayMonitor] "C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.2.block2.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab


----------



## Rollin' Rog (Dec 9, 2000)

Nothing amiss in the Scanlog.

Do a complete file search for wininet.dll and see if there are any in directories other than the "system" folder -- for example c:\windows\ or c:\windows\system32

And what is the version of wininet.dll you are installing?

Right click on it and select Properties > Version

Also do a complete search for this file and let me know if you find it:

oleadm32.dll


----------



## Steveo76 (Jul 19, 2005)

I had a copy of wininet.dll in My Documents folder. This is the one I copy and paste into the windows system folder. The version of the file is "6.00.2600.0000". Its description is "Internet Extensions for Win32". Also, there are no signs of oleadm32.dll on my hard drive.


----------



## Rollin' Rog (Dec 9, 2000)

Here is a canned fix for the smitfraud infection, provided by one of our Security experts (flrman1) usually associated with the wininet.dll hijack. It should cover all the bases if this is the source of the problem. You may not find some of the details applicable (Control Panel > Display), but a check should be made anyway.

I have also included a zipped copy of wininet.dll from my Win98 system which is a later version than the one you are using. Try unzipping and copying that to c:\windows\system and see if it holds up after running the drill below.

* *Click here* to download smitRem.exe. 
Save the file to your desktop. 
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop. 
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

* Go *here* to download CCleaner.
Install CCleaner
Launch CCleaner and look in the left column and click on the "Options" button. 
Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours". 
Click OK
Do not run CCleaner yet. You will run it later in safe mode.

* Go *here* and download Ad-Aware SE.

Install the program and launch it.
First in the main window look in the bottom right corner and click on *Check for updates now*
Click *Connect* and download the latest reference files.
Do not run Adaware yet. Just download the updates and have it ready to run later in safe mode.

* *Click here* for info on how to boot to safe mode if you don't already know how.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Open the *smitRem* folder, then double click the *RunThis.bat* file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

* Now launch Adaware:

From main window click *Start* then under *Select a scan Mode* tick *Perform full system scan*.
Next deselect *Search for negligible risk entries*.
Now to scan just click the *Next* button.
When the scan is finished mark everything for removal and get rid of it.
Right-click the window and choose *select all* from the drop down menu and click *Next*

* Start Ccleaner and click *Run Cleaner*

* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Control Panel > Display. Click on the "Web" tab. Under "View my Active desktop as a web page" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. 
Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.

* Restart back into Windows normally now.

* Run ActiveScan online virus scan *here*

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

*Post a new HiJackThis log along with the results from ActiveScan*


----------



## Steveo76 (Jul 19, 2005)

I followed all the steps but wininet.dll still seems to be missing at startup...

There was an error with the ActiveScan but here is my latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:21:08 AM, on 8/6/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_3_0.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_3_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ICSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\RunServices: [1A:Stardock TrayMonitor] "C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [SSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.2.block2.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab


----------



## Elvandil (Aug 1, 2003)

After pasting the file the next time, go to its properties and make it Read Only. Maybe that will keep it around while you clean up.


----------



## Rollin' Rog (Dec 9, 2000)

Are you using the new one I uploaded?

Let's try this: copy the file to the system folder as you have been doing. Then right click on it and set the properties to hidden, and read only.

Now reboot in SAFE MODE. Is the file still there? If so Reboot to normal mode. Still there?

... Lol, just saw Elvandil's post at the same minute 

ps: if you set it to "hidden" you will have to have "show all files" enabled in Folder Options > View yourself to see it.


----------



## Elvandil (Aug 1, 2003)

Geniuses just think alike.


----------



## Rollin' Rog (Dec 9, 2000)

No claim to "genius" here -- it's the synchronicity that amazes me


----------



## Elvandil (Aug 1, 2003)

Rollin' Rog said:


> No claim to "genius" here -- it's the synchronicity that amazes me


"Synchronicity" as in Jung? Been a while since I mulled those concepts. I didn't say I *knew* any geniuses .


----------



## Steveo76 (Jul 19, 2005)

After copying the wininet.dll file to the system folder and changing the properties to read only and hidden, the file only remains on my computer for one restart. When the computer is restarted again, the file is gone.

I notice a suspicious file in the system folder named wininit.ini. The properties tell me that the file was created and modified on July 19th, 2 days after my computer became infected. When the file is opened in notepad it says:

[rename]
C:\autoexec.bat=C:\autoexec.pav
C:\WINDOWS\SYSTEM\WININET.DLL=c:\windows\TEMP\pav3153.TMP

It seems like this is connected to the problem... any ideas??


----------



## Rollin' Rog (Dec 9, 2000)

Ah, very interesting. That was created by Panda Antivirus.

The thing is -- the wininit.ini file should renamed to wininit.bak once it's done its thing -- it is used to do things on startup that cannot be done from Windows.

Delete the file after pasting a new copy of wininit.dll to the system folder.

Reboot and see if things hold up now.


----------



## Steveo76 (Jul 19, 2005)

Deleted wininit.ini but wininet.dll still vanishes after rebooting! Looks like I'll just unzip a new copy of wininet.dll on every startup...


----------



## Rollin' Rog (Dec 9, 2000)

Is a new wininit.ini being created?

HijackThis has another option for viewing startups called the Startuplist.

Click Misc Tools. Put a check in "list also minor sections" then click "Generate Startuplist".

Copy/paste that here.

It will show the autoexec.bat file and a couple of other possible locations that could be involved.

By the way you may be able to use the autoexec.bat file to automatically copy a new wininit.dll to c:\windows\system -- that is if the deletion does not take place after it runs. You could also run a .bat file from a shortcut in the Startup folder to do the same thing.


----------



## Steveo76 (Jul 19, 2005)

Here's the startuplist:

StartupList report, 8/13/05, 11:18:16 PM
StartupList version: 1.52.2
Started from : C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
Disknag = C:\DELL\DISKNAG.EXE
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
vptray = C:\PROGRA~1\NORTON~1\vptray.exe
POINTER = point32.exe
ICSDCLT = c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

1A:Stardock TrayMonitor = "C:\PROGRAM FILES\COMMON FILES\STARDOCK\TRAYSERVER.EXE"
rtvscn95 = C:\PROGRA~1\NORTON~1\rtvscn95.exe
defwatch = C:\PROGRA~1\NORTON~1\defwatch.exe
winmodem = WINMODEM.101\wmexe.exe
SSDPSRV = c:\windows\SYSTEM\ssdpsrv.exe
SchedulingAgent = mstask.exe

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = c:\windows\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exeadvpack.dll

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET BLASTER=A240 I5 D1 T4
SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1
C:\WINDOWS\asp4dos.com
SET PATH=C:\WINDOWS\SYSTEM;%PATH%
attrib -s -h -r C:\WINDOWS\SYSTEM\WININET.DLL
del C:\WINDOWS\SYSTEM\WININET.DLL

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=c:\windows\setver.exe
[COMMON]
DEVICE=C:\DELL\RTC.CLK +R

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

LH C:\PROGRA~1\MSHARD~1\MOUSE\MOUSE.EXE
LH ASP4DOS.COM
SET BLASTER=A240 I5 D1 T4

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_3_0.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[CoDetectDigitalRiver Class]
InProcServer32 = C:\WINDOWS\SYSTEM\DETECT~1.OCX
CODEBASE = http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.2.block2.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_3_0.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab

[IMViewerControl Class]
InProcServer32 = C:\WINDOWS\SYSTEM\CIMVIEW.DLL
CODEBASE = http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab

[InstallShield International Setup Player]
InProcServer32 = c:\WINDOWS\DOWNLO~1\ISETUP.DLL
CODEBASE = http://www.installengine.com/engine/isetup.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38271.7370601852

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGH.OCX
CODEBASE = http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\DOWNLOAD.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoftware.com/activescan/as5free/asinst.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 7,431 bytes
Report generated in 0.278 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Rollin' Rog (Dec 9, 2000)

Well, lookeee here:

attrib -s -h -r C:\WINDOWS\SYSTEM\WININET.DLL
del C:\WINDOWS\SYSTEM\WININET.DLL

This is in your autoexec.bat file.

Run *sysedit*

and just delete both those lines in autoexec.bat.


----------



## Steveo76 (Jul 19, 2005)

Everything is working fine now. Thanks!


----------



## Rollin' Rog (Dec 9, 2000)

Great! I'll mark the thread "Solved" then, but be advised this option is also available to you in the Thread Tools menu when appropriate.

You're most welcome for the help.


----------

