1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

2006 Registry/Desktop

Discussion in 'Earlier Versions of Windows' started by medallion, Apr 7, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. medallion

    medallion Thread Starter

    Joined:
    Jun 28, 2001
    Messages:
    103
    How this happened, I'm not sure, but Registry is not
    updating itself for months now, with 4 cabs showing on
    scanreg 6-16-06, 6-14-06, etc. Also, every folder on desktop
    reads ' created on 6-16-06. Has anyone ever seen anything
    similar or corrected such weirdness? Another thing, memory
    use is much more than should be, for example each IE window
    drains 4mb, not 2mb as on other machines.

    I got hit by CoolWebSearch last nov, but wiped it off a few
    days later. If I remember, that's when this started.

    Any cure, any theory or is it time to reformat ?
    - M
     
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    First please get Spybot S&D to clear out most of the spyware.

    Short tutorial and download link here:
    http://tomcoyote.org/SPYBOT/

    Fix everything SpybotSD labels in red.

    Then after reboot:
    Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
     
  3. starwaves77

    starwaves77

    Joined:
    Feb 16, 2002
    Messages:
    540
    Hi Medallion,
    In addition to Mobo's good advice,
    Check on 2 things:

    Go to,
    Start / Run / msinfo32
    When Microsoft System Information opens click on 'Tools',
    then click 'Registry Checker', let it check the registry,

    Then you'll receive one of 2 possible questions,
    "would you like to backup the registry?"
    or
    "The system registry has already been backed up today, would you like to back it up again?"

    either way, back it up again,
    but if you get the second question, the registry was backed up that day, it will backup every time windows boots for the day,

    Then go check 'sysbackup' for those cabs, Rb000.cab, etc, like you have already done, do you see the new date?

    -------------
    Has your scanreg.ini been edited somehow?

    Go to start / programs / ms dos prompt
    type this command and hit enter:

    edit scanreg.ini

    The BLUE dos edit screen opens,
    Read carefully,

    Look at the top 2 lines about registry backup & optimize,

    In the first line make sure it says,
    BACKUP=1

    For the second line,
    OPTIMIZE=1,

    If one or both are set to 0,
    change it to 1,

    Use your arrow keys to move the cursor, backspace to delete, type in new number,

    Press the F1 key and will show you the help commands for moving around,

    Check those and post back,

    :)
     
  4. medallion

    medallion Thread Starter

    Joined:
    Jun 28, 2001
    Messages:
    103
    You guys are amazing........

    Logfile of HijackThis v1.97.7
    Scan saved at 10:03:42 PM, on 4/7/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\TURBONOTE\TBNOTE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.folklore.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.avatarsearch.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startingpage.com/html/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.altavista.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nosearch.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -

    I'm going to msinfo32 now
    I can view last 4 cabs there, without going through F8 - scanreg ?
    This I gotta see :)
    - M
     
  5. starwaves77

    starwaves77

    Joined:
    Feb 16, 2002
    Messages:
    540
    Hi Medallion,
    Hope you didn't misunderstand part of my post. You can use 'msinfo32' to run 'registry checker', that will in turn fix your registry and create a new backup, but there is no link in msinfo to 'see' those backup cabs,

    You can see them however without using 'scanreg' by opening windows explorer and going to C:\windows\sysbackup, the cabs begin with RB001.cab, etc,

    Your Hijack log is fine, no spyware/trojan hijackers/virus's,

    Check > system.ini for that backup/optimize=1 entry,

    :)
     
  6. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,898
    If I understand your post correctly, your Registry (if nothing else) thinks it's in 2006. Perhaps this could be a side effect of an infection but it's hard to see what is gained from changing dates.

    This may be a stupid idea but, does anyone else have access to your computer?

    I ask because I once got very worrying messages from my AV program about definitions being out of date etc. It turned out that one of my children had advanced the date by one or two years to check what day of the week some event fell on and then didn't turn it back afterwards!
     
  7. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,922
    First Name:
    James
    Silly question here but have you checked your BIOS and/or Windows settings for the date?

    Also I'm curious is to see if you know what these programs are (if you know them that is)

    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
     
  8. starwaves77

    starwaves77

    Joined:
    Feb 16, 2002
    Messages:
    540
    Tidus4Yuna thanks for that question~!

    Medallion,
    Reboot your computer, tap your F2 key after the 'ram' loads to boot into BIOS, use your arrow keys to swing over to 'Main' , check that date. Change to todays date if incorrect,

    Both of those Hijack entries are safe they relate to his modem, Pctptt.exe

    Turbo Note (tbnote.exe) is actually a cool little program for 'sticky notes' on your screen, so it's safe,

    :)
     
  9. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,922
    First Name:
    James
    Cool where can I get TUrbo Note (if it's free that is ;) )
     
  10. starwaves77

    starwaves77

    Joined:
    Feb 16, 2002
    Messages:
    540
  11. medallion

    medallion Thread Starter

    Joined:
    Jun 28, 2001
    Messages:
    103
    No, no one but me has ever used this pc. I did go into bios and check date
    a few days ago, but its correct. I also ran spybot a few days earlier, cleared out
    everything it found, but still the 'hung' registry backups. The edit scanreg.ini showed
    a 1 for both items, so it at least thinks all is well. Turbo Note and PrestoNotes
    are outstanding freeware, but the best is Desknotes, which I bought for 19.95, but
    has come down to 5.00 :) I'm looking for a program at snapfiles. now, freeware, which will allow me, I think, to back up registry. Does anyone know a good, Free
    trojan scan/fix?? I have Gladiator, but its not the most user friendly antivirus program. I'm still curious about the 4% per browser memory drain (its 2%
    on every other pc). Trojans in the boiler room? How about that area on C
    that even God can't get into? Virus there?
     
  12. medallion

    medallion Thread Starter

    Joined:
    Jun 28, 2001
    Messages:
    103
    Possible Clue. There is no sysbackup in Windows. Not in Windows Explorer and not via run or find, no sysbackup. Wonder where it went ........

    - M
     
  13. starwaves77

    starwaves77

    Joined:
    Feb 16, 2002
    Messages:
    540
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/218185

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice