1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[SOLVED] Install problems??

Discussion in 'Virus & Other Malware Removal' started by stocker340, Jan 16, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. stocker340

    stocker340 Thread Starter

    Joined:
    Oct 7, 2002
    Messages:
    176
    Hello Guys

    I have this problem with a Win 98 Gateway Machine
    When I try to install or run any kind of software from the cd-rom it starts running and installing or playing then after about 45 seconds it just dissapears off the screen and leaves you with the desktop.
    What could this be?
    I scan disked it with no errors
    defragged it
    Still the same result?
    Is this a registry error?
    When running systemworks from the cd with windoctor the first thing in the top window says error and it just continues and then dissapears off the screen?
    If I uncheck the registry integrity check with systemworks it runs all the way through.
    The first check it does syays
    Registry Integrity ERROR!
    Any help on this one??

    Thxs

    Dale Rethke
     
  2. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    Hey there Dale!

    Go to the link I posted at the bottom and download then run the startup list program.. Then copy and paste the generated text back here in a post so we can look at it.

    Click here
     
  3. stocker340

    stocker340 Thread Starter

    Joined:
    Oct 7, 2002
    Messages:
    176
    Hi I tried it and thamks to this sad computer it is a zip file and i cant open it and the internet connection is pathetic to download winzip.
    any ideas??
     
  4. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    Just a minute and I will see if I can find an exe
     
  5. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    Here is an older version,, try this one. Startlog.com is the name.Click here

    I have to go to work,,I'll look at it later today, or someone else will. Have a good day.
     
  6. stocker340

    stocker340 Thread Starter

    Joined:
    Oct 7, 2002
    Messages:
    176
    ---------- C:\WINDOWS\desktop\StartUp.Log

    Start-Ups checked at 01-17-2003 6:51:03.96a
    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log for Windows 95/98 - Freeware by rmbox
    __________________________________________________________________________
    __________________________________________________________________________

    Comments:

    This is a log of all the programs on your computer that
    are starting automatically every time you start Windows.
    Using this log can be a quick way to spot trojans.

    StartUp Log (version 1.58) - Release Date 11/9/2002

    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log Index

    1. HKLM Run
    2. HKCU Run
    3. HKLM RunOnce
    4. HKCU RunOnce
    5. HKLM RunServices
    6. HKLM RunServicesOnce
    7. WIN.INI file
    8. SYSTEM.INI file
    9. AUTOEXEC.BAT file
    10. StartUp folder
    11. All Users StartUp
    12. Misc. StartUp Configurations

    __________________________________________________________________________
    __________________________________________________________________________

    The following is a list of your current Start-Ups
    __________________________________________________________________________
    __________________________________________________________________________

    1. HKLM Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"
    "EnsoniqMixer"="starter.exe"
    "LoadQM"="loadqm.exe"
    "Winksuf"="C:\\WINDOWS\\SYSTEM\\Winksuf.exe"


    ==========================================================================
    __________________________________________________________________________

    2. HKCU Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]


    ==========================================================================
    __________________________________________________________________________

    3. HKLM RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    4. HKCU RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    5. HKLM RunServices - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


    ==========================================================================
    __________________________________________________________________________

    6. HKLM RunServicesOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


    ==========================================================================
    __________________________________________________________________________

    7. WIN.INI File - (c:\windows\win.ini)

    Your win.ini run/load lines should look like run= and load= exclusively.
    There should be nothing to the right of the equal signs.


    These are the run and load lines in your WIN.INI file

    run=

    load=

    ==========================================================================
    __________________________________________________________________________

    8. SYSTEM.INI File - (c:\windows\system.ini)

    Your system.ini shell line should look like shell=Explorer.exe exclusively.
    You should only see Explorer.exe following the equal sign.


    This is the shell line in your SYSTEM.INI file

    shell=Explorer.exe

    ==========================================================================
    __________________________________________________________________________

    9. AUTOEXEC.BAT File - (c:\autoexec.bat)

    (Some trojans have been known to start from this file)


    These are your program startups and set paths in your autoexec.bat file

    SET BLASTER=A220 I7 D1 T2
    SET SNDSCAPE=C:\WINDOWS
    SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
    @ECHO OFF

    REM [Header]
    @ECHO OFF











    REM [CD-ROM Drive]

    REM [Miscellaneous]

    REM [Display]


    ==========================================================================
    __________________________________________________________________________

    10. StartUp Folder - (c:\windows\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your StartUp folder

    *(No start-ups found)*

    ==========================================================================
    __________________________________________________________________________

    11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your All Users StartUp folder


    *(No start-ups found)*

    ==========================================================================
    __________________________________________________________________________

    12. Miscellaneous StartUp Configurations

    -============================-
    Registry StartUp Directories
    -============================-

    Should show the Start Menu StartUp and All Users StartUp directories

    .....................................................................

    [1] HKCU - Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    "Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [2] HKCU - User Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


    .....................................................................

    [3] HKLM - Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

    "Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [4] HKLM - User Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


    .....................................................................

    -=======================-
    Registry Shell Spawning
    -=======================-

    Open Commands for Executable File Types

    @="\"%1\" %*"
    (.exe file - RegPath = HKCR\exefile\shell\open\command)

    @="\"%1\" %*"
    (.com file - RegPath = HKCR\comfile\shell\open\command)

    @="\"%1\" /S"
    (.scr file - RegPath = HKCR\scrfile\shell\open\command)

    @="\"%1\" %*"
    (.bat file - RegPath = HKCR\batfile\shell\open\command)

    @="\"%1\" %*"
    (.pif file - RegPath = HKCR\piffile\shell\open\command)

    @="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
    (.hta file - RegPath = HKCR\htafile\shell\open\command)

    -=========================-
    HKLM RunOnceEx - Registry
    -=========================-


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


    -=========================-
    HKU (.Default) Run - Registry
    -=========================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]


    -==============================-
    HKU (.Default) RunOnce - Registry
    -==============================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    -================================-
    StubPaths - Registry (Partial Listing)
    -================================-

    (Please see the StubPath.txt on your desktop for complete listing)

    HKLM\Software\Microsoft\Active Setup\Installed Components


    "OldStubPath"="c:\\windows\\SYSTEM\\ie4uinit.exe"
    "RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
    "StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L"
    "RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
    "StubPath"=""
    "StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"

    -=================-
    DOSSTART.BAT File - (c:\windows\dosstart.bat)
    -=================-

    REM DOS MOUSE DRIVER ADDED BY MICROSOFT INTELLIPOINT MOUSE SETUP
    LH C:\PROGRA~1\MICROS~7\MOUSE\mouse.exe
    @echo off

    REM Notes:
    REM DOSSTART.BAT is run whenenver you choose "Restart the computer
    REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
    REM you to load programs that you might not want loaded in Windows,
    REM (because they have functional equivalents) but that you do
    REM want loaded under MS-DOS. The two primary candidates for
    REM this are MSCDEX and a real mode driver for the mouse you ship
    REM with your system. Commands that you want present in both Windows
    REM and MS-DOS should be placed in the Autoexec.bat in the
    REM \Image directory of your reference server. Please note that for
    REM MSCDEX you will need to load the corresponding real-mode CD
    REM driver in Config.sys. This driver won't be used by Windows 98
    REM but will be available prior to and after Windows 98 exits.
    REM
    REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
    REM before Windows loads and access the CD-ROM. All you have to do
    REM is press F8 and then run DOSSTART to load MSCDEX and your real
    REM mode mouse driver (no need to remember the command line parameters
    REM for these two files.
    REM
    REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
    REM - The string following the /D: statement must explicitly match
    REM the string in CONFIG.SYS following your CD-ROM device driver.

    REM MSCDEX.EXE /D:OEMCD001 /l:d


    C:\SBPCI\APINIT.COM


    -=================-
    WININIT.BAK File - (c:\windows\wininit.bak)
    (name) (type) (size)(modified)(time)
    wininit bak 0 01-17-03 5:13a
    -=================-


    -=================-
    WININIT.INI File - (c:\windows\wininit.ini)
    (name) (type) (size)(modified)(time)
    wininit ini 0 01-17-03 6:25a
    -=================-

    -=====================-
    Screen Saver Settings (Possible system.ini start-up)
    -=====================-


    ==========================================================================
    __________________________________________________________________________

    - Supplemental Environment Information -

    TMP=c:\windows\TEMP
    TEMP=C:\windows\TEMP
    winbootdir=C:\WINDOWS
    PATH=C:\WINDOWS;c:\windows;c:\windows\COMMAND
    COMSPEC=C:\WINDOWS\COMMAND.COM
    CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
    windir=C:\WINDOWS

    File - c:\windows\Wininit.ini
    File - c:\windows\Wininit.bak

    ==========================================================================
    __________________________________________________________________________

    - End -
     
  7. pvc9

    pvc9

    Joined:
    Jul 7, 2002
    Messages:
    6,427
    "Winksuf"="C:\\WINDOWS\\SYSTEM\\Winksuf.exe"

    Your computer is infected with the Klez virus. :rolleyes:

    Download the removal tool and follow the instructions at this link ,

    http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

    Also uncheck Loadqm from startup -

    Start->Run->msconfig [enter]

    Click on the Startup tab and uncheck the loadqm entry, click on Apply, then Ok.

    BTW, re-check the ScanRegistry entry in msconfig. Its very important/useful as it takes backups of the registry each time Windows starts, which can be used later incase of any problems with the OS.

    You can also try an online antivirus scan at House Call Online Scan
     
  8. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    If all goes well it would be a good idea to download winzip and the other startup program I posted first and run it. Paste it back here so we can look at it. It will show much more than the older exe you downloaded. Either way let us know how it turns out.


    Click here
     
  9. stocker340

    stocker340 Thread Starter

    Joined:
    Oct 7, 2002
    Messages:
    176
    I would like to thank you guy's for your help.
    That was the problem!
    I should have thought of that problem myself.
    Amazing the knowledge that you all have around here.
    I really appreciate this site and it's members.

    Thxs again Bandit429 and pvc9
     
  10. pvc9

    pvc9

    Joined:
    Jul 7, 2002
    Messages:
    6,427
    [tsg=yourewelcome][/tsg]

    :cool:
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/113647

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice