2006 Registry/Desktop

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

medallion

Thread Starter
Joined
Jun 28, 2001
Messages
103
How this happened, I'm not sure, but Registry is not
updating itself for months now, with 4 cabs showing on
scanreg 6-16-06, 6-14-06, etc. Also, every folder on desktop
reads ' created on 6-16-06. Has anyone ever seen anything
similar or corrected such weirdness? Another thing, memory
use is much more than should be, for example each IE window
drains 4mb, not 2mb as on other machines.

I got hit by CoolWebSearch last nov, but wiped it off a few
days later. If I remember, that's when this started.

Any cure, any theory or is it time to reformat ?
- M
 
Joined
Feb 23, 2003
Messages
16,274
First please get Spybot S&D to clear out most of the spyware.

Short tutorial and download link here:
http://tomcoyote.org/SPYBOT/

Fix everything SpybotSD labels in red.

Then after reboot:
Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
 
Joined
Feb 16, 2002
Messages
540
Hi Medallion,
In addition to Mobo's good advice,
Check on 2 things:

Go to,
Start / Run / msinfo32
When Microsoft System Information opens click on 'Tools',
then click 'Registry Checker', let it check the registry,

Then you'll receive one of 2 possible questions,
"would you like to backup the registry?"
or
"The system registry has already been backed up today, would you like to back it up again?"

either way, back it up again,
but if you get the second question, the registry was backed up that day, it will backup every time windows boots for the day,

Then go check 'sysbackup' for those cabs, Rb000.cab, etc, like you have already done, do you see the new date?

-------------
Has your scanreg.ini been edited somehow?

Go to start / programs / ms dos prompt
type this command and hit enter:

edit scanreg.ini

The BLUE dos edit screen opens,
Read carefully,

Look at the top 2 lines about registry backup & optimize,

In the first line make sure it says,
BACKUP=1

For the second line,
OPTIMIZE=1,

If one or both are set to 0,
change it to 1,

Use your arrow keys to move the cursor, backspace to delete, type in new number,

Press the F1 key and will show you the help commands for moving around,

Check those and post back,

:)
 

medallion

Thread Starter
Joined
Jun 28, 2001
Messages
103
You guys are amazing........

Logfile of HijackThis v1.97.7
Scan saved at 10:03:42 PM, on 4/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\TURBONOTE\TBNOTE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.folklore.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.avatarsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startingpage.com/html/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nosearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -

I'm going to msinfo32 now
I can view last 4 cabs there, without going through F8 - scanreg ?
This I gotta see :)
- M
 
Joined
Feb 16, 2002
Messages
540
Hi Medallion,
Hope you didn't misunderstand part of my post. You can use 'msinfo32' to run 'registry checker', that will in turn fix your registry and create a new backup, but there is no link in msinfo to 'see' those backup cabs,

You can see them however without using 'scanreg' by opening windows explorer and going to C:\windows\sysbackup, the cabs begin with RB001.cab, etc,

Your Hijack log is fine, no spyware/trojan hijackers/virus's,

Check > system.ini for that backup/optimize=1 entry,

:)
 
Joined
Apr 2, 2002
Messages
5,945
If I understand your post correctly, your Registry (if nothing else) thinks it's in 2006. Perhaps this could be a side effect of an infection but it's hard to see what is gained from changing dates.

This may be a stupid idea but, does anyone else have access to your computer?

I ask because I once got very worrying messages from my AV program about definitions being out of date etc. It turned out that one of my children had advanced the date by one or two years to check what day of the week some event fell on and then didn't turn it back afterwards!
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
39,424
Silly question here but have you checked your BIOS and/or Windows settings for the date?

Also I'm curious is to see if you know what these programs are (if you know them that is)

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
 
Joined
Feb 16, 2002
Messages
540
Tidus4Yuna thanks for that question~!

Medallion,
Reboot your computer, tap your F2 key after the 'ram' loads to boot into BIOS, use your arrow keys to swing over to 'Main' , check that date. Change to todays date if incorrect,

Both of those Hijack entries are safe they relate to his modem, Pctptt.exe

Turbo Note (tbnote.exe) is actually a cool little program for 'sticky notes' on your screen, so it's safe,

:)
 

Couriant

James
Moderator
Joined
Mar 26, 2002
Messages
39,424
Cool where can I get TUrbo Note (if it's free that is ;) )
 

medallion

Thread Starter
Joined
Jun 28, 2001
Messages
103
No, no one but me has ever used this pc. I did go into bios and check date
a few days ago, but its correct. I also ran spybot a few days earlier, cleared out
everything it found, but still the 'hung' registry backups. The edit scanreg.ini showed
a 1 for both items, so it at least thinks all is well. Turbo Note and PrestoNotes
are outstanding freeware, but the best is Desknotes, which I bought for 19.95, but
has come down to 5.00 :) I'm looking for a program at snapfiles. now, freeware, which will allow me, I think, to back up registry. Does anyone know a good, Free
trojan scan/fix?? I have Gladiator, but its not the most user friendly antivirus program. I'm still curious about the 4% per browser memory drain (its 2%
on every other pc). Trojans in the boiler room? How about that area on C
that even God can't get into? Virus there?
 

medallion

Thread Starter
Joined
Jun 28, 2001
Messages
103
Possible Clue. There is no sysbackup in Windows. Not in Windows Explorer and not via run or find, no sysbackup. Wonder where it went ........

- M
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top