[rainforest123]

w 59:
In the system configuration utility, startup tab, do you know how to expand the columns, so that all of the information in the "command" column?

If not:
Put your pointer on the vertical line to the left of "command". A double headed horizontal arrow will appear. Hold down your left mouse button and move the margin about 1/2" to the left.

Now, Put your pointer on the vertical line to the right of "command". A double headed horizontal arrow will appear. Hold down your left mouse button and move the margin to the right until you can see the complete line of characters for regsvr32.

Please enter that text, exactly as appears, in your next post.

I would ask for a screen shot, but despite your best efforts and my best efforts, we have not been able to successfully determine a method that will work for you.

Thanks.

RF123

[waxer59]

I got your thread. I am sorry. I don`t understand why you are asking me to do that. I did what you said, expanded the columns. I understand that I could not get the screen shot you wanted.I couldn`t expand the screen shot so you could see it better. In the thread I sent you before the screen shot, I wrote down everything that was on the error. I guess that was not helpful. The info from msconfig, startup tab is the following:
under command it said
C:\Windows\System32\regsvr32.exe

under location it said
Software\Microsoft\Windows\Current Version\Run

I am hoping this would be helpful. If not, tell me what I could do for you. This way of communicating is hard. Thank you for staying with me.If it would be a help, I would give you my home phone#. Talking on the phone has to be better then this

[rainforest123]

w59:
Thanks for your reply.

Good job with providing the information.

I think it is time to look at a HJT log.

Go to http://thespykiller.co.uk/index.php?...pmod;dl=item10 and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

"Over 50% of malware doesn't show at all in a HJT log so asking "is my log clean?" is an impossible question to answer and all anyone can say is that there are no obvious signs of malware in a log but that doesn't mean you are not infected. We need to know what is wrong, such as: pop ups, diverts, strange messages or warnings etc."
Source: http://forums.techguy.org/malware-re...st-before.html

RF123

[waxer59]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:15 PM, on 3/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4378 bytes

QUESTION-Did some research Regsvr32, some web sites say it is a virus, only if you can`t download Windows updates. I can download updates. Other web sites say it is a part of the registry. I went into my computer>system32 files and found the folder. It said it was established when I bought my computer and it comes from Microsoft. Can you tell me what you think ,virus or just a DLL I deleted.

[chrome57]

Please correct me if I am wrong but isn't Regsvr32 a later version of Rundll, and as such is part of the .dll registration and ActiveX controls registration in the registry

[rainforest123]

w & c:
Here is Microsoft's official explanation of regsvr32 .
http://support.microsoft.com/kb/249873

I do not know the relationship, between regsvr32.exe and Rundll. Rundll / Rundll32 is still on MY XP & Vista PCs.

If you want to scan an individual file, go to http://virusscan.jotti.org . There, you can upload a single file & jotti will scan it with ~ 30 antivirus scan.

RF123

[waxer59]

I read that article, could not make any sense of it.It`s talking to computer people, which I am not.That are knowledgeable in the inner workings of a computer. So where are we?? Am I dealing with a virus or a missing DLL. I downloaded malwarebytes. Went into safe mode yesterday, ran malwarebytes, antivir and every other program I had. All results where negative.Again,DO you have any idea what I am dealing with?? When I run the virus scan from your last thread, what do you want me to put in the search engine--regsvr32 or regsvr.exe At this time I am still running the virus scan, it seems not to be working.

[Elvandil]

Unfortunately, running a registry cleaner probably did more damage. And running any "cleaners" and failing to be careful about what they remove (they should list all results and show you exactly what they plan to remove so you can evaluate whether that is a good idea) can lead to even more damage.

If possible, try restoring the backups of the registry cleaner you used.

Regsvr32 and rundll are not related in any way. One registers dll's, ocx's, and COM components with the system, and the other run executable dll's as programs.

Open Internet Options, be sure IE is closed, and press the Reset button under the Advanced tab. You will lose any customizations, but that should restore IE.

To be sure about malware, you should post an HJT log in the Malware forum and request help there. An expert will evaluate your log.

[rainforest123]

E:
Thanks.

w 59:
Start > control panel
OR
start > settings > control panel
Upper left, be sure it says "switch to category view", which means you are in "classic view", which is where I want you. It you see "switch to classic view", left click that link.

Now, you can open Internet Options while IE is closed.

Follow Elvandil's instructions.

Click on "report" for 1 of your posts and ask the moderator to move your thread to the Malware Removal forum.

RF123

[waxer59]

I got your thread. There was no option in the control panel to switch to category view. I went to alot of other web sites to find out to do that, they where no help. The only thing I found was this--right click start then click properties, then click button to classic start menu. I am getting frustrated, you have so many good ideas and I can`t get them to work. Is there any other way to get to category view or classic view

[waxer59]

I sent you a thread before, about getting to internet option without IE being open. Can I go to control panel and click on Internet options, click on advanced tab and then click the reset button

[rainforest123]

w 59:
EXCELLENT!

1. Create a restore point.

2. backup your registry
start > run
type: regedit
OK
maximize screen
upper left, left click "my computer".
File > "export"
file name: rain123
browse to C:
left click "save"
This may take 30 seconds to 5 minutes.
Do NOT use your computer while the registry is being backed up.

3. Yes, "advanced" tab
Make a note of the settings currently selected. Paper & pen, camera, screen shot. I don't think you will need to send us a screen shot.

Left click "restore advanced settings"
Accept any prompts.

left click "reset"
Accept any prompts.

"general tab" > "tabs" area "settings" button > "restore defaults"
Accept any prompts.

and "security" tab > "reset all zones to default ..."
Accept any prompts.

Left click "OK".

Restart the computer.

FYI, for possible future use.
Items in the control panel are called "applets" , in applications that are small.
Each applet is of the file type .cpl
Internet Options file name is: Inetcpl.cpl

Start > run:
type: Inetcpl.cpl
OK

Ta Dah!

Keep up the good work, waxer59.

RF123

[waxer59]

I am happy to say-WE ARE DONE. I went to run, typed in Inetcpl.cpl.That took me to internet option, then advanced tab, then hit reset button. Now I don`t have any more error message.IT`S GONE. It was touch and go there for awhile. I didn`t know if we would ever correct this problem. Thanks for sticking with me. Please take this the right way.I hope I never need your help again

[waxer59]

one last question.I just sent you a thread, saying everything was fixed. I wanted to download google tool bar and guess what pop upped.You are right the error message. So I redid the reset. Can you tell me why this happened and does this mean we didn`t solve the problem

[rainforest123]

WOOO HOOO!

Way to go, w!


I suggest you send E a private message of thanks. To do so, you would click on "Elvandil", to the right of the avatar [ 3 wheels with cogs ]; then "send private message".

Again, congratulations, w 59.

Once you are satisfied with the status:
1. Delete "rain.reg", from #27.
2. clear your system restore points by turning sys restore off; then on.
RIGHT click "my computer"
Left click "properties"
"System restore" tab
check / uncheck box as appropriated
OK
Reboot

Return to System Restore
check / uncheck box as appropriated
OK
Reboot

Now, system restore should be on.
Verify > start > programs / all programs > accessories > system tools > sys restore
create a restore point while things are in good order.

2. upper left, click on "mark solved" button.

unsubscribed


Best of success.

RF123