Go Back   Cyber Tech Help Support Forums > Operating Systems > Older Windows Versions > Windows 98
Reload this Page Registry won't stay open (newbie to forum)
Register Blogs FAQ Calendar Search Today's Active Topics Mark Forums Read

Notices
If you are experiencing difficulties posting your question please read our FAQ, or visit our site help that has adobe flash tutorials illustrating the question/reply process.

Reply
 
Topic Tools
  #1  
Old September 26th, 2004, 04:42 PM
Whiplashdave Whiplashdave is offline
New Member
  
Join Date: Sep 2004
Posts: 6
Registry won't stay open (newbie to forum)
Hello people, my name is David. I got the old can't get the registry to stay open problems. Iv'e run Spybot, like I do once every few days and it won't fix the problem. I ran Housecall and it found and let me delete a few trojans, yet it didn't fix the registry. I know you can change the name of regedit.exe but would rather not do that yet. Here is my Hijackthis log for ya to take a look at. Housecall says that memchk.exe (memory check) is a trojan, should I delete that too ? Let me know anything else you see, but I would love to be able to get back in my registry. Im running windows 98 by the way. Yes im poor and using an old puter..lol...Thanks !!


Logfile of HijackThis v1.97.7
Scan saved at 9:37:22 AM, on 9/26/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PNPCHK.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MEMCHK.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
F1 - win.ini: run=C:\WINDOWS\PNPCHK.EXE
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Memory Check] C:\WINDOWS\MemChk.exe
O4 - HKLM\..\Run: [ONRNEABIM.EXE] C:\WINDOWS\TEMP\ONRNEABIM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...946.9933680556
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
Reply With Quote
  #2  
Old September 26th, 2004, 05:21 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
  
Join Date: Jul 2003
Location: In the uk
Age: 57
Posts: 2,759
Hi Whiplashdave and welcome to cth.

The version of hjt you are using is out of date. The latest version can be downloaded from here:

http://allsecpros.com/

or

http://www.majorgeeks.com/download3155.html

Please post your new log together with an explanation of your problem in the cyber safety forum where the hjt experts hang out.
__________________
T.ogether
E.veryone
A.chieves
M.ore

MS-MVP Windows/Shell User
MVP Program
Reply With Quote
Reply

Bookmarks

« Previous Topic | Next Topic »
Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 06:55 AM.

[ RSS ]