...Alan
--
Alan Edwards, MS MVP W95/98 Systems
http://dts-l.org/index.html
In microsoft.public.win98.apps, <anon...@discussions.microsoft.com>
wrote:
I've been having persistent problems with spyward and hijackers, but
they've so far dodged my most dogged attempts to destroy them. I've
sought help online, posted log files (with HijackThis, but somehow the
program is no longer responsive thanks to my faulty installation
procedure).
I had what I thought to be an unrelated problem -- one of system
resources being dangerously low, and so I began to work with msconfig,
turning on whole groups of startup processes. I noticed, however, that
one box within the startup programs group kept TURNING ITSELF ON --
the P2P NETWORKING element.
So, you know those checkboxes you turn 'em all off. Well, every time I
restarted with several unchecked, it just checked itself upon reboot
(showing a grey checkmark). So I looked beyond the tab and found that
P2P networking had turned itself on.
By pasting that line into a Google groups search, I stumbled across
this discussion. I was impressed with what you told Adrian, as it
looked like what I was looking for: strange startup phenomena.
I have followed your directions and post here what's happening at
startup. Can you advise?
Your instructions, which I followed (results below)
Start-Run-msinfo32
>Click the + beside Software Environment to expand.
>Click Startup Programs
>Ctrl+A to Select All, Ctrl+C to Copy.
>Paste that information in your message.
RESULTS (THE LINE BREAKS ARE MINE, FOR CLARITY):
$EnterNet c:\progra~1\sympat~1\access~1\app\enternet.exe
-autostart All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
*StateMgr c:\windows\system\restore\statemgr.exe All
Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AdaptecDirectCD "c:\program files\adaptec\easy cd creator
5\directcd\directcd.exe" All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Advanced Tools Check c:\progra~1\norton~1\advtools\advchk.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ALUAlert c:\program files\symantec\liveupdate\alunotify.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATI Launchpad "c:\program files\ati
multimedia\main\launchpd.exe" .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AtiCwd32 aticwd32.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATIGART c:\ati\gart\atigart.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AtiPTA atiptaaa.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AtiQiPcl atiqipcl.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp "c:\program files\common files\symantec shared\ccapp.exe" All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccEvtMgr "c:\program files\common files\symantec
shared\ccevtmgr.exe" All
Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ccRegVfy "c:\program files\common files\symantec
shared\ccregvfy.exe" All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Hidserv hidserv.exe run All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ICSMGR icsmgr.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LexmarkPrinTray printray.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LexStart lexstart.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All
Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadQM loadqm.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LXSUPMON c:\windows\system\lxsupmon.exe run All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Office c:\progra~1\micros~1\office10\osa.exe -b
-l .DEFAULT Startup
Mozilla Quick Launch "c:\program files\netscape\netscape\netscp.exe"
-turbo .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NPROTECT c:\progra~1\norton~1\advtools\nprotect.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NPROTECT c:\progra~1\norton~1\advtools\nprotect.exe All
Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Omnipage c:\program files\scansoft\omnipagese\opware32.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OWNS FRAG c:\progra~1\audiob~1\ooze view.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
P2P NETWORKING c:\windows\system\p2p networking\p2p networking.exe
/autostart All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCHealth c:\windows\pchealth\support\pchschd.exe -s All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Reminder c:\program files\microsoft
money\system\reminder.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry c:\windows\scanregw.exe /autorun All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SchedulingAgent mstask.exe All
Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ScriptBlocking "c:\program files\common files\symantec shared\script
blocking\sbserv.exe" -reg All
Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
StillImageMonitor c:\windows\system\stimon.exe All
Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
System Update c:\windows\system\taskman.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemTray systray.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TaskMonitor c:\windows\taskmon.exe All
Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager c:\progra~1\yahoo!\messen~1\ypager.exe
-quiet .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
You obviously are not running Win98 but never mind.
Line breaks are a good idea.
I can only see three questionable items and have removed the rest from
my reply.
Did you install P2P Networking yourself? I am not too familiar with
file sharing applications like P2P, KaZaa etc. except they seem to
come loaded with scumware. Have you tried Ad-Aware to get rid of it?
System Update with taskman.exe looks like this virus:
http://www.sophos.com/virusinfo/analyses/trojautotrojb.html
or:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.X
or
http://hq.mcafeeasap.com/dispTrojan.asp?virus_k=101129
No idea what the "owns frag" using ooze view.exe is.
...Alan
--
Alan Edwards, MS MVP W95/98 Systems
http://dts-l.org/index.html
>OWNS FRAG c:\progra~1\audiob~1\ooze view.exe All
>Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>
>P2P NETWORKING c:\windows\system\p2p networking\p2p networking.exe
>/autostart All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>
It's my roommate's machine, he tells me a former roommate installed
Kazaa and he, the machine's owner, then removed all that.
I've tried Ad-Aware, indeed, and Spybot (is that what it's called?),
and both do an impressive job finding problems. But Ad Aware tyically
says something like "unable to remove so-and-so would you like
Ad-Aware to remove so-and-so on next startup?" Naturally, I click Yes.
But on startup, Ad-Aware is not running, has not run, and has not,
consequently, removed so-and-so. Thus I try again, same thing.
So what that means, is it's running in active memory or some-such.
Indeed, P2P is there in the registry with an autostart function, even
though Kazaa has been removed.
Hijack This! produces lovely registry-level logs, enabling removal at
the source. And this helped me get rid of allaboutsearching.com's
hijacker, and maybe others. But I made an error in installing it
twice, then I removed one instance of it, but the remaining instance
freezes up, trapping log results in a window I can't scroll.
I think it's probably a good time to reformat and reinstall.
Apologies for not posting in a ME group. More neglect of my
whereabouts than rudeness, I assure.
DJ
I still have P2P on startup (I know cause when I ended up hanging,
task manager showed it to be running), and it's nasty. Zestyfind or
some such hijacker is still there. But I'll ask the good folks at
Merjin if they can't help me uninstall, and then I'll try the
HijackThis route again!
Thanks again,
PS Mr Edwards: I did not have success finding taskman.exe to be a
virus. It may well be, but the Norton virusscan passed over it (and I
updated the scan).
...Alan
--
Alan Edwards, MS MVP W95/98 Systems
http://dts-l.org/index.html
In microsoft.public.win98.apps, st...@canada.com (David John) wrote:
Error starting program
A required .DLL file, MSVCP60.DLL, was not found.
When I click OK, the computer runs, but very very slowly.
What does this file do?
How is the best way to get it back?
Thanks,
Alan
It's a part of MS C runtime. You can download a copy at
http://www.dll-files.com/dllindex/dll-files.shtml?msvcp60.
But it's strange that the error occurs. Every program needing this files
should install it, as it is no part of Win98. Maybe you got some
spyware/virusses? Check with msconfig (Start->Run->msconfig tab startup)
if there are any strange programs starting.
Isaac