# Run Time error - please help



## RD001 (Feb 1, 2005)

I am finally able to generate hijack log (presented below). I have Gateway PC, 1.3 processor, 640 ram with ME. I seem to have a memory leak or bug. When I boot up, I almost immediately get following message: "Runtime error - Program C\Windows\Explorer.exe" and/or "Microsoft Visual C++ Runtime Error (Library)". It all started when my 12 yr old was on my PC 5 days ago, and ever since, I have run scan disk, defrag, Spysweeper, S&D, Adaware, Stopzilla, etc. to try to resolve issue(s). I tried to use "Go Back", but cannot go much further than 3 days back. I do not know what has happened. I am at my wit's end. Ready to throw in the towel. I have disabled all non-essential items according to "sysorglist\startup". I need your help. Thank you so much. RD.

Logfile of HijackThis v1.99.1
Scan saved at 11:31:52 PM, on 07/04/05
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\FPPDIS2A.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\SYSTEM\fppdis2a.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0a\aoltray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe


----------



## telecom69 (Oct 12, 2001)

As its quite complicated I suggest you read through this forum,all of it, and I think you might find an answer here to your problem http://malektips.com/ubb/Forum1/HTML/000138-2.html


----------



## RD001 (Feb 1, 2005)

Thank you Telecom69. I will follow your advice and hopefully I will be able to resolve. I thought it might be a quick fix, but I guess not so easy. My thanks to Flavalle also. I tried some of your suggestions too. RD


----------



## flavallee (May 12, 2002)

RD001:

Go into the MSCONFIG "Startup" tab and uncheck:

*oemrun.exe

PCHSchd.exe

mstask.exe

Webshots Tray.exe

qbupdate.exe*

While you're there, place a checkmark in:

*ScanRegistry*
(Note: This one and *SystemTray* and *StateMgr* should always be checked and enabled)

Once you're done, click Apply - OK, then reboot.

(Note: The smaller you keep the startup list, the better. Some are required to run in the background though, so be careful which ones you uncheck and disable)

---------------------------------------------------------------

Go into Add/Remove Programs in the Control Panel and uninstall *Webshots*.

Go into Display in the Control Panel, go into the Screensaver tab, change it to "None", then click Apply - OK.

(Note: Don't use screensavers because some of them are problematic and memory-hungry. Don't download them from the Internet because most of them place spyware in your computer)

----------------------------------------------------------------

A 12-year old can wreak havoc with a computer, especially if he/she goes on the Internet and does who-knows-what.

----------------------------------------------------------------


----------



## RD001 (Feb 1, 2005)

Flavalee, you are indeed a "distinquished member". I do believe my issue is resolved. I haven't followed up on advice from Telecom69, but I did do as you say, with two exceptions: (1) I left Webshots on because I like it and have used it for years, without problems, and (2) I uncheked Stopzilla, but will turn it back on and see what happens. If still ok, I will leave StopZilla on. Thank you so much. It all looks fine. I will be remitting a donation in your name. Thanks again. RD


----------



## flavallee (May 12, 2002)

I'm glad to hear my advice helped you out.  

P.S. My daughter also likes using Webshots, but she has her own computer.


----------



## RD001 (Feb 1, 2005)

Flavalee and Telecom69, I just made a nice donation on your behalf. You helped to resolve my issue(s). Thank you. I appreciated it so much. I was going crazy. I can see that you and all the other memebers of the group are wonderful and do your best at helping others. I am so grateful. Thanks again. RD.


----------



## MFDnNC (Sep 7, 2004)

Sorry to butt in but these need to be fixed

Fix these with HJT

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder

O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/...erInstaller.exe

DL http://www.downloads.subratam.org/KillBox.zip

START  RUN  type in %temp% OK - Edit  Select all  File  Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log

It appears you have some items disable in msconfig  would you like to enable then and psot a new log

*Please give feedback on what worked/didnt work and the current status of your system*


----------



## RD001 (Feb 1, 2005)

Hi MFDnSC, I will re-run new hi jack log and post. Current staus is that I disabled almost all programs (or items) in start up. I did not however disable Webshots. I like that and have used it for years without incident. I did however have to remove Stopzilla program as that is what continued to trigger the "run time"error", among other things.


----------



## RD001 (Feb 1, 2005)

MFDnSC,

Here is my new logfile. Unable to delete temp files DF77EA.TMP and DF8579.TMP. Downloaded "downloads.subratam.org/Killbox.zip", but it is a Dos program and not sure what to do. Get error message in trying to download "errornuker.com/products/...erInstaller.exe". Not a valid internet address? Please let me know what you see/ and or suggest. Thanks so much.

Logfile of HijackThis v1.99.1
Scan saved at 10:27:53 PM, on 07/10/05
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\FPPDIS2A.EXE
C:\PROGRAM FILES\COMMON FILES\RRQR\RRQRM.EXE
C:\WINDOWS\SYSTEM\MSWDIR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\SYSTEM\MSWDIR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\ATX\2004\ATXBKPSCHEDULER04.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\SYSTEM\fppdis2a.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [Backup Scheduler] C:\Program Files\Common Files\Atx\ATXBKPScheduler.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [RRQR] C:\PROGRAM FILES\COMMON FILES\RRQR\RRQRM.EXE
O4 - HKCU\..\Run: [MSWDIR] C:\WINDOWS\SYSTEM\MSWDIR.exe
O4 - HKCU\..\RunOnce: [MSWDIR] C:\WINDOWS\SYSTEM\MSWDIR.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0a\aoltray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe


----------



## RD001 (Feb 1, 2005)

Here is revised hijack log. I forgot to clean out bin and then reboot. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:00:35 PM, on 07/10/05
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\FPPDIS2A.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\ATX\ATXBKPSCHEDULER.EXE
C:\PROGRAM FILES\COMMON FILES\RRQR\RRQRM.EXE
C:\WINDOWS\SYSTEM\MSWDIR.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\SYSTEM\MSWDIR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\RRQR\RRQRA.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\SYSTEM\fppdis2a.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [Backup Scheduler] C:\Program Files\Common Files\Atx\ATXBKPScheduler.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [RRQR] C:\PROGRAM FILES\COMMON FILES\RRQR\RRQRM.EXE
O4 - HKCU\..\Run: [MSWDIR] C:\WINDOWS\SYSTEM\MSWDIR.exe
O4 - HKCU\..\RunOnce: [MSWDIR] C:\WINDOWS\SYSTEM\MSWDIR.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0a\aoltray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe


----------



## flavallee (May 12, 2002)

Run another scan and fix this entry:

*R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank*

----------------------------------------------------------------

I'm suspicious about these entries, but a Google search turns up nothing:

*O4 - HKCU\..\Run: [RRQR] C:\PROGRAM FILES\COMMON FILES\RRQR\RRQRM.EXE

O4 - HKCU\..\Run: [MSWDIR] C:\WINDOWS\SYSTEM\MSWDIR.exe

O4 - HKCU\..\RunOnce: [MSWDIR] C:\WINDOWS\SYSTEM\MSWDIR.exe*

Let's see if MFCnSC or Telecomm69 can advise what they are.

DON'T do anything with them yet.

----------------------------------------------------------------


----------



## MFDnNC (Sep 7, 2004)

One other one flav

Fix these with HJT

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKCU\..\Run: [RRQR] C:\PROGRAM FILES\COMMON FILES\RRQR\RRQRM.EXE

O4 - HKCU\..\Run: [MSWDIR] C:\WINDOWS\SYSTEM\MSWDIR.exe

O4 - HKCU\..\RunOnce: [MSWDIR] C:\WINDOWS\SYSTEM\MSWDIR.exe

DL http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM\MSWDIR.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. 
Make sure that "Show hidden files and folders" is checked. 
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these folders

C:\PROGRAM FILES\COMMON FILES\RRQR

START  RUN  type in %temp% OK - Edit  Select all  File  Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot

Run ActiveScan online virus scan

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

*Please give feedback on what worked/didnt work and the current status of your system*


----------



## flavallee (May 12, 2002)

I'm glad to know my suspicions were correct.


----------



## MFDnNC (Sep 7, 2004)

flavallee said:


> I'm glad to know my suspicions were correct.


Suspicions - nah you aren't giviong yourself the credit you deserve


----------



## flavallee (May 12, 2002)

Thanks for the compliment. :up: 

I've probably learned more in these forums in the past 2+ years than I've learned anywhere else.


----------



## MFDnNC (Sep 7, 2004)

flavallee said:


> I've probably learned more in these forums in the past 2+ years than I've learned anywhere else.


I would second that motion


----------



## RD001 (Feb 1, 2005)

When you say run another scan and fix entry with HJT, (such as R1, O2, O3, etc.) how do I fix? Do I use kiilbox.exe to do this? I downloaded killbox.exe and will attempt to do as instructed. However, unable to download Panda active scan. I get error message the Active X is not installed or not allowed to run on PC. I believe I have it, so how do I enable it? Thanks so much for your continued help. RD.


----------



## MFDnNC (Sep 7, 2004)

To fix an entry - Run HJT - scan only - click in the box next to the entry - close IE - at the bottom of the HJT screen click fix checked.

Activex is in tool options security custom


----------



## RD001 (Feb 1, 2005)

I fixed all entries with HJT. I also rebooted in safe mode (had to hold down Cntrl key, versus F8) and used Killbox.exe to delete C:\WINDOWS|SYSTEM|MSWDIR.exe. However, unable to download Pandascan due to following error message "your current security settings prohibit running Active X controls on this page" and yet I have enabled all controls through Internet security options tools. Here is current hijack log now.

Logfile of HijackThis v1.99.1
Scan saved at 1:25:22 AM, on 07/12/05
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\FPPDIS2A.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\ATX\ATXBKPSCHEDULER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\PROGRAM FILES\NAVISEARCH\BIN\NLS.EXE
C:\PROGRAM FILES\CASHBACK\BIN\CASHBACK.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {C961A667-71F0-4B0C-A48D-9D666EB300DF} - C:\WINDOWS\SYSTEM\JHBG.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\SYSTEM\NVMS.DLL
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\SYSTEM\fppdis2a.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [Backup Scheduler] C:\Program Files\Common Files\Atx\ATXBKPScheduler.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0a\aoltray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
O18 - Filter: text/html - {A1A6B5B7-B913-4C7E-94A7-54CD68BCDA51} - C:\WINDOWS\SYSTEM\JHBG.DLL
O18 - Filter: text/plain - {A1A6B5B7-B913-4C7E-94A7-54CD68BCDA51} - C:\WINDOWS\SYSTEM\JHBG.DLL


----------



## flavallee (May 12, 2002)

RD001:

Click Start - Search - Files And Folders, select the C: drive to look in, then delete EVERYTHING that appears under:

**.TMP

C:\TEMP\*.*

C:\WINDOWS\TEMP\*.**

If a message appears about a program not working if you delete these files, ignore the message. It's ALL junk, so get rid of it.

----------------------------------------------------------------

You've got some new entries in your log that I didn't see earlier. Run another scan, then select and fix:

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank*

----------------------------------------------------------------

I still don't see *ScanRegistry* in the startup list. Go into the MSCONFIG "Startup" tab and make sure it has a checkmark next to it.

----------------------------------------------------------------

Reboot, then post a new log here.

----------------------------------------------------------------


----------



## MFDnNC (Sep 7, 2004)

Flav this procedure needs to be run for the se/dll problem (9x version)

Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWShredder.exe

Download http://www.derbilk.de/SpSeHjfix109.zip to the desktop and then
right click a blank part of desktop & select new folder, call it spfix 
unzip the file into that folder

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Now run the Shredder - Hit The FIX button!

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.


----------



## flavallee (May 12, 2002)

MFDnSC:

Thanks for the assist.

My next suggestion was going to have *AboutBuster 5.0* installed and run in safe mode.


----------



## RD001 (Feb 1, 2005)

Flavallee, I deleted all temp files etc. I also deleted the RI and RO entries, but they reappear almost as soon as I delete them. They will not go away. I am now getting lots of pops up from BargainBuddy, BullsEye Network, CashBack and E2Give. I ran Noadware, Spy Bot S&D. registry cleaner, but doesn't help. They come right back. Also, unable to find "ScanRegistry" in my startup list. It is not there? In the meantime, I will try the other suggestions, from other members. Thanks. RD


----------



## MFDnNC (Sep 7, 2004)

Please run the fix that I posted and then post a new log


----------



## flavallee (May 12, 2002)

Please follow the advice that MFDnSC gave you and don't just rely on my advice. He's got more experience and knowledge than I do and will likely help you out better than I can.


----------



## MFDnNC (Sep 7, 2004)

flavallee said:


> Please follow the advice that MFDnSC gave you and don't just rely on my advice. He's got more experience and knowledge than I do and will likely help you out better than I can.


Not more, just different!


----------



## RD001 (Feb 1, 2005)

Just want to let you know that I am making good progress. I will follow up with a HJT log. I have to get on to another PC in order to send it to you. That is another issue for another time. I utitlized many of your suggestions and followed most of the steps to a "T". I kept getting "Runtime 13 error, type mismatch" in trying to launch SpSeHjfix109, so I gave up on that one. And Pandascan said I did not have ActiveX enabled, so I gave up (it is enabled). I notice my PC is faster, and no more pops ups. Gone. It is great. I used Spyblaster, Mozilla, Shredder, Registry Cleaner, AboutBuster 5.0, NoAdaware, KillBill (box?) and some others. Booted and rebotted in safe mode many times. Cleaned out all temp files. Things look and feel great. And I have to say that my knowldege of PC's went from almost nothing to much more than nothing these last few days, thanks to good people like you. I am so very appreciative. RD


----------



## RD001 (Feb 1, 2005)

Me again. I was never able to put a checkmark next to "ScanRegistry" in MSCONFIG, startup tab, but it simply does not exist in the start up group. Is there a way to recover, or reinstall, the file? Or is it even necessary? As I said, my PC seems to run GREAT just the same. Thanks.


----------



## flavallee (May 12, 2002)

Yes, there is a way to place ScanRegistry back in the MSCONFIG list, but I don't recall the steps. Someone else will need to help you.

The purpose of ScanRegistry is to allow Windows to save copies of the registry. Fortunately, Windows ME has the System Restore feature, which is what the *StateMgr* entry is.


----------



## RD001 (Feb 1, 2005)

Yes, that woudl be good if I could put in back in to start up list. I fooled around with it, and manually performed a scan, but not able to restore to start up list.


----------



## flavallee (May 12, 2002)

You might consider starting a new post and asking how to restore the ScanRegistry entry in the MSCONFIG "Startup" list with Windows ME. It has something to do with the scanregw.exe file, but I don't remember the steps.


----------



## flavallee (May 12, 2002)

Disregard what I just said. I believe I found the steps to do it. Give me a few minutes to write it down to where you can understand it.


----------



## flavallee (May 12, 2002)

Click Start - Run, type in *REGEDIT*, then click OK. This will open the registry editor window.

Click the + in HKEY_LOCAL_MACHINE - Software - Microsoft - Windows - CurrentVersion, then click directly on Run.

Right-click an empty area within the right pane, then click New - StringValue.

Type in *ScanRegistry* (exactly as you see it here), then press Enter.

Right-click directly on this new entry, then click Modify.

Type in *C:\WINDOWS\scanregw.exe /autorun* (exactly as you see it here and with a space before the slash), then click OK.

Close the registry editor, then reboot.

*ScanRegistry* should now be listed in the MSCONFIG "Startup" tab list. :up:


----------



## MFDnNC (Sep 7, 2004)

http://www.microsoft.com/downloads/...61-7A9C-43E7-9117-F673077FFB3C&displaylang=en

This should fix the error you got with se.dll fix


----------



## RD001 (Feb 1, 2005)

You guys are great! I have Scan Regisrty back in start up list. Will next fix error with se.dll fix. I am so grateful. Here is current HJL.

Logfile of HijackThis v1.99.1
Scan saved at 12:53:50 PM, on 07/13/05
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\FPPDIS2A.EXE
C:\PROGRAM FILES\COMMON FILES\ATX\ATXBKPSCHEDULER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firefox/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\SYSTEM\fppdis2a.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [Backup Scheduler] C:\Program Files\Common Files\Atx\ATXBKPScheduler.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\Windows\Scanregw.exe /Autorun
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0a\aoltray.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe


----------



## MFDnNC (Sep 7, 2004)

It must have gotten far enough to fix the se.dll issue - log looks fine


----------



## RD001 (Feb 1, 2005)

Fantastic. You guys are great. MY PC is running at warp speed. The performance level is 92% when I first boot up. I have applied some of your suggestions and fixes to my other computers. I have three PC's. All stand alone. I do no like networking. I think just another level of problems. I feel so much more confident knowing you guys are available. I shall be making another donation. Your time and efforts are invaluable. Thanks. RD


----------



## MFDnNC (Sep 7, 2004)

RD001 said:


> Fantastic. You guys are great. MY PC is running at warp speed. The performance level is 92% when I first boot up. I have applied some of your suggestions and fixes to my other computers. I have three PC's. All stand alone. I do no like networking. I think just another level of problems. I feel so much more confident knowing you guys are available. I shall be making another donation. Your time and efforts are invaluable. Thanks. RD


Welcome _ Mark it solved via thread tools


----------



## flavallee (May 12, 2002)

RD001:

I've got 3 computers too and don't have them networked together. Each desktop setup has its own printer and scanner. All 3 are connected to high-speed cable via a hub.

---------------------------------------------------------------

The correct command should have been */autorun* with a small "a", but it's working with */Autorun*, so you can leave it alone. 

---------------------------------------------------------------


----------

