1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] run time error 216 at 0000A3D1

Discussion in 'Virus & Other Malware Removal' started by whitewolftoo, Mar 23, 2002.

Thread Status:
Not open for further replies.
Advertisement
  1. whitewolftoo

    whitewolftoo Thread Starter

    Joined:
    Jan 19, 2002
    Messages:
    14
    Can anyone tell me what "run time error 216 at 0000A3D1" means and how to stop it from causing a popup window on my computer all the time? Thanks, Mike.
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  3. whitewolftoo

    whitewolftoo Thread Starter

    Joined:
    Jan 19, 2002
    Messages:
    14
    I hope you wanted me to post the results here, I wasen't real sure, but here it is.

    ---------- C:\WINDOWS\desktop\StartUp.Log

    Start-Ups checked at 03-23-2002 11:38:09.36a
    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log for Windows 95/98 - Freeware by rmbox ____________________________________________________

    Comments:

    This is a log of all the programs on your computer that
    are starting automatically every time you start Windows.
    Using this log can be a quick way to spot trojans.

    StartUp Log (version 1.56) - Release Date 3/11/2002

    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log Index

    1. HKLM Run
    2. HKCU Run
    3. HKLM RunOnce
    4. HKCU RunOnce
    5. HKLM RunServices
    6. HKLM RunServicesOnce
    7. WIN.INI file
    8. SYSTEM.INI file
    9. AUTOEXEC.BAT file
    10. StartUp folder
    11. All Users StartUp
    12. Misc. StartUp Configurations

    __________________________________________________________________________
    __________________________________________________________________________

    The following is a list of your current Start-Ups
    __________________________________________________________________________
    __________________________________________________________________________

    1. HKLM Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
    "SystemTray"="SysTray.Exe"
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "Glide"="C:\\Glide\\glidew32.exe"
    "CirqueGesture"="C:\\Program Files\\Touchpad\\Gesture.exe"
    "AdaptecDirectCD"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
    "StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"
    "NAV Agent"="C:\\PROGRA~1\\NORTON~1\\NORTON~1\\NAVAPW32.EXE"
    "VortexTray"="C:\\WINDOWS\\au10setp.exe 3"
    "AUXXTRAY"="au10setp.exe 3"
    "QuickTime Task"="C:\\WINDOWS\\SYSTEM\\QTTASK.EXE"
    "DownloadWare"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"
    "TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"


    ==========================================================================
    __________________________________________________________________________

    2. HKCU Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Weather"="C:\\PROGRAM FILES\\AWS\\WEATHERBUG\\WEATHER.EXE 1"


    ==========================================================================
    __________________________________________________________________________

    3. HKLM RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    4. HKCU RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    5. HKLM RunServices - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "ScriptBlocking"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Script Blocking\\SBServ.exe\" -reg"
    "SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe \"Norton SystemWorks\""
    "SchedulingAgent"="mstask.exe"


    ==========================================================================
    __________________________________________________________________________

    6. HKLM RunServicesOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


    ==========================================================================
    __________________________________________________________________________

    7. WIN.INI File - (c:\windows\win.ini)

    Your win.ini run/load lines should look like run= and load= exclusively.
    There should be nothing to the right of the equal signs.


    These are the run and load lines in your WIN.INI file



    ==========================================================================
    __________________________________________________________________________

    8. SYSTEM.INI File - (c:\windows\system.ini)

    Your system.ini shell line should look like shell=Explorer.exe exclusively.
    You should only see Explorer.exe following the equal sign.


    This is the shell line in your SYSTEM.INI file

    shell=Explorer.exe

    ==========================================================================
    __________________________________________________________________________

    9. AUTOEXEC.BAT File - (c:\autoexec.bat)

    (Some trojans have been known to start from this file)


    These are your program startups and set paths in your autoexec.bat file

    SET BLASTER = A220 I5 D3 T4
    LH C:\WINDOWS\AU10DOS.COM

    ==========================================================================
    __________________________________________________________________________

    10. StartUp Folder - (c:\windows\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your StartUp folder

    C:\WINDOWS\Start Menu\Programs\StartUp\Watch.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\hs97.lnk

    ==========================================================================
    __________________________________________________________________________

    11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your All Users StartUp folder


    *(No start-ups found)*

    ==========================================================================
    __________________________________________________________________________

    12. Miscellaneous StartUp Configurations

    -============================-
    Registry StartUp Directories
    -============================-

    Should show the Start Menu StartUp and All Users StartUp directories

    .....................................................................

    [1] HKCU - Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    "Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [2] HKCU - User Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


    .....................................................................

    [3] HKLM - Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

    "Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [4] HKLM - User Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


    .....................................................................

    -=======================-
    Registry Shell Spawning
    -=======================-

    Open Commands for Executable File Types

    @="\"%1\" %*"
    (.exe file - RegPath = HKCR\exefile\shell\open\command)

    @="\"%1\" %*"
    (.com file - RegPath = HKCR\comfile\shell\open\command)

    @="\"%1\" /S"
    (.scr file - RegPath = HKCR\scrfile\shell\open\command)

    @="\"%1\" %*"
    (.bat file - RegPath = HKCR\batfile\shell\open\command)

    @="\"%1\" %*"
    (.pif file - RegPath = HKCR\piffile\shell\open\command)

    @="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
    (.hta file - RegPath = HKCR\htafile\shell\open\command)

    -=========================-
    HKLM RunOnceEx - Registry
    -=========================-


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


    -=========================-
    HKU (.Default) Run - Registry
    -=========================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
    "Weather"="C:\\PROGRAM FILES\\AWS\\WEATHERBUG\\WEATHER.EXE 1"


    -==============================-
    HKU (.Default) RunOnce - Registry
    -==============================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    -================================-
    StubPaths - Registry (Partial Listing)
    -================================-

    (Please see the StubPath.txt on your desktop for complete listing)

    HKLM\Software\Microsoft\Active Setup\Installed Components


    "StubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
    "StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
    "StubPath"=""
    "StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
    "StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
    "StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"

    -=================-
    DOSSTART.BAT File - (c:\windows\dosstart.bat)
    -=================-

    LH AU10DOS.COM


    -=================-
    WININIT.BAK File - (c:\windows\wininit.bak)
    (name) (type) (size)(modified)(time)
    wininit bak 110 03-20-02 1:24a
    -=================-



    [Rename]
    NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
    C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SET8313.TMP-=====================-
    Screen Saver Settings (Possible system.ini start-up)
    -=====================-

    SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\KINE.SCR

    ==========================================================================
    __________________________________________________________________________

    - Supplemental Environment Information -

    TMP=C:\WINDOWS\TEMP
    TEMP=C:\WINDOWS\TEMP
    winbootdir=C:\WINDOWS
    PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    COMSPEC=C:\WINDOWS\COMMAND.COM
    BLASTER = A220 I5 D3 T4
    windir=C:\WINDOWS

    File - c:\windows\Wininit.bak
    File - c:\windows\deletefi.ini

    ==========================================================================
    __________________________________________________________________________

    - End -
     
  4. whitewolftoo

    whitewolftoo Thread Starter

    Joined:
    Jan 19, 2002
    Messages:
    14
    I have run House Call, Norton 2002, panda and Swat It. House Call found "TROJ KEYLOG32 B" and said it was non cleanable. It said it was located in "D:\ZIP FILES\keylog95.zip*KEY". I deleted this folder but it still shows up.
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I don't see any evidence of a trojan in the startups. If HouseCall is still finding it, it may be because you deleted it to the recycle bin. In any case it is not running.

    I think your runtime error is either due to Weather bug or to this piece of adware:

    "DownloadWare"="\"C:\\Program Files\\DownloadWare\\dw.exe\" /H"

    Go to start and run msconfig. Click on the "startup" tab and remove the check for that.

    You may need to do the same for weather bug to test that.

    See this link concerning "downloadware"

    Downloadware (Mediacharger / Movienetworks) - Displays lots of popup ads as you surf. Some removal instructions (may or may not work


    http://m1.aol.com/aequita/temp/remove.txt


    I don't know whether the current version of Lavasoft's Ad-aware detects and removes this, but I would install and run it anyway.


    http://www.lsfileserv.com/downloads.html

    This is the setup file you need to download and install:

    http://www.wyvernworks.com/Lavasoft/aaw.exe

    Also download this:

    http://www.wyvernworks.com/Lavasoft/reflist.zip

    Once the setup is installed, unzip and extract that to the

    C:\Program Files\Lavasoft Ad-aware

    folder to update and overwrite the previous signature file.

    Then run Ad-aware and configure it to scan all drives on which you have installed programs; memory and deep registry. Check all items it finds, click "backup" and "finish". Reboot afterwards.
     
  6. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    Check in your Startup folder and determine that these shortcuts are legit.

    C:\WINDOWS\Start Menu\Programs\StartUp\Watch.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\hs97.lnk
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    watch.lnk is probably for Iomega software, but who knows, what hs97.lnk is? Good eye!

    Do a right click on the shortcut and click properties to see where the target program is, or do a Find files for it. Right clicking on it and selecting Properties>Version will reveal any copyright info, if you are unfamiliar with it.
     
  8. whitewolftoo

    whitewolftoo Thread Starter

    Joined:
    Jan 19, 2002
    Messages:
    14
    Watch.Ink is associated with the twain files of my USB scanner. hs97.Ink is a program called Hide Screen. Both of them should be there. I haven't had time to try removing the Downloadware program yet but I think it may be my problem or at least part of it. I printed out the instructions for removing it and will try later on tonight. Thanks, Mike.
     
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Be sure to look in Add/Remove programs for it first. If it comes to a registry search and edit, be sure not to enter the ' ' as part of the keyword or you won't find anything.
     
  10. whitewolftoo

    whitewolftoo Thread Starter

    Joined:
    Jan 19, 2002
    Messages:
    14
    Boy that was a lot to digest but I tried everything you suggested. I did find Downloadware but none of the others. I followed all the instructions including the regedit stuff. I have been in there many times so I wasen't worried. I have been working on computers since 1988 and spent two years doing tech support for AOL. I downloaded Lavasoft, although I don't know what it is, and ran it also. It found the following and then gave me a box where I could check mark the items and click on exclude. It then gave me a message "Move all checked items to the ignore-list?" so iI clicked Yes. It then gave me a box that said "Remove the selected components from your system?" so i checked ok. I rebooted but the run time error 216 is still poping up.

    Started file scan
    ==================
    Doubleclick file:C:\WINDOWS\Profiles\Christy\Cookies\[email protected][1].txt
    (Ignored)
    Other file:C:\WINDOWS\Profiles\Christy\Cookies\[email protected][2].txt
    (Ignored)
    Doubleclick file:C:\WINDOWS\Profiles\Charles\Cookies\[email protected][1].txt
    (Ignored)
    Other file:C:\WINDOWS\Profiles\Charles\Cookies\[email protected][1].txt
    (Ignored)
    Cydoor file:D:\Games\pool\cd_clint.dll
    (Ignored)
    Cydoor file:D:\Games\pool\CD_Gif.dll
    (Ignored)
    Cydoor file:D:\Games\pool\cd_load.exe
    (Ignored)

    File scan result:
    Suspicious files found:7



    Scanning finished
    ==================
    Suspicious modules found:0
    Suspicious keys found :2
    Suspicious folders found:0
    Suspicious files found:7
    =========================
    Spyware components ignored:9
    Total spyware components found:0

    --------------------------------------------------------------------------------
    Here are the two key files it found:

    K Alexa software\microsoft\internet explorer\extensions\(c95fe080-8f5d-11d2-a20b-00aa003c157a

    V N Case C:\ProgramFiles\n-Case\MSBB.Exe
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You don't want to "ignore" the checked items. Just check everything Ad-aware finds, then click "backup" and "finish". Otherwise they are not going to be removed. Click the 'configure' tab and take those items of the exclude list, then run it again.

    If you can't resolve the error, try "cleanboot" troubleshooting. UNcheck everything in Msconfig>Startup except scanregistry and systray and NAV. Then re-enable selectively until the error recurs

    Did you try disabling Weatherbug -- that was high on my list of suspects?

    And this one could be it as well:

    V N Case C:\ProgramFiles\n-Case\MSBB.Exe

    but you will have to rerun adaware to remove it.
     
  12. whitewolftoo

    whitewolftoo Thread Starter

    Joined:
    Jan 19, 2002
    Messages:
    14
    Hey guy hows your evening going? Well, I think I have isolated my problem. I did what you suggested and unchecked everything in MS-Config under startup except the ones you sadi and my touch pad. So far it's not showing up so now I will just have to check each one until I find the one that is causing the problem. I had kinda decided it was a program instead of a virus just by the way it was acting. One of them probable needs to be reinstalled. As soon as I figure out which one it is I will let you know. Thanks, Mike in Texas.
     
  13. whitewolftoo

    whitewolftoo Thread Starter

    Joined:
    Jan 19, 2002
    Messages:
    14
    :D Well it took us a while but we finally found the problem. It was a program after all. It turned out to be a freeware program called "Hide Screen 97" made by someone called Church on the Rock. I had downloaded it somewhere on line about two or three months ago. It makes your screen saver start when you move your pointer to one corner of the screen. It has worked fine up until now so it probably just needed to be reinstalled. I didn't take the chance though, I just removed it. Everything seems to be working fine now. Thanks for all your help and patience. Keep up the good work. Your friend in texas, Mike. :)
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Good to hear you found the bugger -- sounds like something you can live without alright. And you're certainly welcome for the help. :)
     
  15. whitewolftoo

    whitewolftoo Thread Starter

    Joined:
    Jan 19, 2002
    Messages:
    14
    Oh, I meant to tell you guy. The WaetherBug program you were worried about is a nice free program that will show you the weather in your area or any area that you know the zip code for. It has radar, temp, wind speed and direction, wind chill factor among other features. You should check it out. I have been using it for over a year now. www.weatherbug.com Thanks again
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/73708

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice