Looking for the knight to kill the specific911 dragon again!!!

[MicroBell]

Please visit this website - http://virusscan.jotti.org/
Submit these file(s) for a comprehensive scan & then post the results back here

C:\WINDOWS\SYSTEM\aswBoot.exe

Pretty sure it's a "avast4" file..but I need to make sure it's not infected.

[stretched]

did as you requested said status ok....when I right click on it and select properties:

avast! start-up scanner
version: 4, 6, 665, 0
Copyright (c) 2005 ALWIL Software

[MicroBell]

Please open msconfig and let me know if you find any suspious entrys.

[stretched]

Here is the list under startup
Spyware Doctor
internat.exe
SystemTray
ScanRegistry
TaskMonitor
LoadPowerProfile
Disc Detector
ATIGART
AtiPTA
ADUserMon
Iomega Drive Icons
Deskup
SMSERIAL (sm56hlpr.exe)
zSPGuard
SMC
LoadQM
Zone Labs Client
avast! Web Scanner
SchedulingAgent
ADService
winmodem
TrueVector
avast!
THGuard
TrueVector
GetRight Monitor


under Autoexec.bat it has these items (?)

mode con codepage prepare=((720) C:\WINDOWS\COMMAND\ega4.cpi)

and also:
set tvdumpflags=10

that is present a number of times

then:

SET PATH=C:\WINDOWS\SYSTEM\WBEM;%PATH%

[MicroBell]

Grrrrrrrrrr..clean. Let's look deeper as we must be missing something...

Download WinPFInd http://www.bleepingcomputer.com/file...r/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Download Track qoo http://www.geekstogo.com/downloads/Trackqoo.zip
Save it somewhere you will remember like the Desktop. Unzip the Track qoo.vbs inside to your desktop. DO NOT run it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.!


Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found.

1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Please post those results in your next post!

REBOOT to normal mode.

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

So I need the following tool logs..

WinPFind.txt log
Track qoo.vbs log

[stretched]

Leaving until Sunday I'll do that then, and thanx for the help so far

[stretched]

Ok I'm back. these .vbs files can not be opened on my computer due to specfic911.

Any program that tries to open another program will only open an IE window. And I do not know what is the deal with these .vbs files, is there some program I can put in Task Scheduler that runs .vbs files? If I can do that, I can run the program, and open the Track qoo file, but otherwise, when I put in in Task Scheduler, and select it afterwards and rightclick "run" it just opens and IE window. Again, I can not run anything unless I can assign it to Task Scheduler, then after that assignment, click on it right-click "run" that is the only way anything works, and if it is run from some other program, then I have to be able to run that program and browse to find it, then it will work.

Since the other one is a .exe I can do what is stated above, so it was successful. I copied the material it presented and here is what it had:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.1998
Internet Explorer Version: 6.0.2600.0000

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
aspack 23/05/04 12:41:50 م 1225837 C:\SaheehAlbokhari-1.exe
aspack 18/10/03 11:33:48 ص 972553 C:\AlkaolAlmofid-1.exe
aspack 10/05/04 09:39:58 م 1388736 C:\AlkaolAlmofid-2.exe
aspack 23/05/04 12:46:32 م 830648 C:\MinhajAsunah.exe
aspack 23/05/04 12:43:24 م 556339 C:\OmdatAlahkam.exe
aspack 23/05/04 12:42:42 م 1848019 C:\SaheehAlbokhari-2.exe
aspack 29/08/04 11:25:38 ص 497403 C:\AlakeddahAlwasteeah.exe
aspack 09/09/04 04:30:56 م 482348 C:\KashfAlshobhat.exe
aspack 18/01/05 11:01:50 م 778268 C:\AhkamAlodhiahWaAlthakah.exe
aspack 17/06/05 09:31:00 م 475276 C:\Alajromiah.exe
aspack 17/06/05 09:32:18 م 519438 C:\AlfiatIbnMalik.exe
UPX! 15/09/05 10:41:22 ص 73 C:\win.txt
PEC2 15/09/05 10:41:22 ص 73 C:\win.txt
UPX! 15/09/05 10:42:08 ص 36 C:\windows.txt

Checking %ProgramFilesDir% folder...
UPX! 16/02/05 1116 ص 218112 C:\Program Files\HijackThis.exe
UPX! 27/08/05 03:17:42 م 9525920 C:\Program Files\setupeng.exe
UPX! 10/12/99 12:00:00 م 10240 C:\Program Files\psapi.dll
UPX! 05/08/04 06:43:54 م 52224 C:\Program Files\StartDreck.exe
UPX! 12/01/96 348672 C:\Program Files\vb40032.dll
UPX! 12/01/96 11776 C:\Program Files\vb4de32.dll

Checking %WinDir% folder...
UPX! 03/05/05 11:44:44 ص 25157 C:\WINDOWS\RMAgentOutput.dll

Checking %System% folder...
PEC2 26/10/04 05:38:24 م 716800 C:\WINDOWS\SYSTEM\DivX.dll
PECompact2 26/10/04 05:38:24 م 716800 C:\WINDOWS\SYSTEM\DivX.dll
UPX! 09/07/05 04:03:06 ص 433152 C:\WINDOWS\SYSTEM\aswBoot.exe

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
22/09/05 01:18:14 م RH 905248 C:\WINDOWS\USER.DAT
22/09/05 01:18:14 م RH 5439520 C:\WINDOWS\SYSTEM.DAT
16/09/05 04:00:34 ص H 10146 C:\WINDOWS\ttfCache
22/09/05 01:14:46 م H 916055 C:\WINDOWS\ShellIconCache
16/09/05 03:41:34 ص H 54156 C:\WINDOWS\QTFont.qfn
25/08/05 09:13:56 ص H 21026 C:\WINDOWS\SYSTEM\FFASTLOG.TXT
20/09/05 08:51:56 ص H 1584 C:\WINDOWS\SYSTEM\vsconfig.xml
19/09/05 08:40:44 ص H 4212 C:\WINDOWS\SYSTEM\zllictbl.dat
28/08/05 11:29:12 م H 54 C:\WINDOWS\Desktop\~$g file today.reg
22/09/05 01:17:58 م H 54 C:\WINDOWS\Desktop\~$ch message.doc
20/09/05 01:11:36 ص HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
20/09/05 01:11:36 ص HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
20/09/05 08:51:44 ص HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\KXAN8X6R\desktop.ini
20/09/05 08:51:44 ص HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\CZ9N6F2O\desktop.ini
20/09/05 08:51:44 ص HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4R6569QV\desktop.ini
20/09/05 08:51:44 ص HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4DARWTMJ\desktop.ini
22/09/05 01:16:28 م H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
13/05/97 23552 C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation 16/09/98 08:01:00 م 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 16/09/98 08:01:00 م 221776 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 17/08/01 294912 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 16/09/98 08:01:00 م 62976 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 16/09/98 08:01:00 م 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation 16/09/98 08:01:00 م 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 16/09/98 08:01:00 م 93264 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 16/09/98 08:01:00 م 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 16/09/98 08:01:00 م 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 16/09/98 08:01:00 م 44720 C:\WINDOWS\SYSTEM\POWERCFG.CPL
16/09/98 08:01:00 م 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 16/09/98 08:01:00 م 385232 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 16/09/98 08:01:00 م 58368 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 09/09/99 10:00:00 ص 374032 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 16/09/98 08:01:00 م 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 16/09/98 08:01:00 م 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 12/01/99 7952 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Creative Technology Ltd. 24/08/00 01:56:00 ص 228352 C:\WINDOWS\SYSTEM\CTDetect.cpl
Iomega Corporation 24/09/02 04:44:10 م 151552 C:\WINDOWS\SYSTEM\ADPanel.cpl
Apple Computer, Inc. 23/09/04 06:57:40 م 323072 C:\WINDOWS\SYSTEM\QuickTime.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
04/04/05 01:46:44 ص 401 C:\WINDOWS\Start Menu\Programs\StartUp\GetRight Monitor.lnk

Checking files in %USERPROFILE%\Application Data folder...
19/09/05 04:12:26 م 14470 C:\WINDOWS\Application Data\dw.log
21/08/05 04:19:04 ص 4704 C:\WINDOWS\Application Data\mpauth.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\PROGRAM FILES\WINRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\CONTMENU.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\PROGRAM FILES\WINRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\CONTMENU.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\PROGRAM FILES\WINRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.0\CONTMENU.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
internat.exe internat.exe
SystemTray SysTray.ExE
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Disc Detector C:\Program Files\Creative\ShareDLL\CtNotify.exe
ATIGART c:\ati\gart\atigart.exe
AtiPTA Atiptaxx.exe
ADUserMon C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
Iomega Drive Icons C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
Deskup C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
SMSERIAL sm56hlpr.exe
zSPGuard c:\program files\pjw\spguard\spguard.exe /s /r
SMC C:\SMC\SMC.exe
LoadQM loadqm.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
avast! Web Scanner C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
SchedulingAgent mstinit.exe /firstlogon
THGuard C:\Program Files\TrojanHunter 4.0\THGuard.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
ADService C:\Program Files\Iomega\AutoDisk\ADService.exe
winmodem WINMODEM.101\wmexe.exe
TrueVector C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
avast! C:\Program Files\Alwil Software\Avast4\ashServ.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Spyware Doctor "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
NoActiveDesktop
NoSaveSettings
ClearRecentDocsOnExit
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} =


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 22/09/05 01:30:04 م

[MicroBell]

Any clue what these files are??

aspack 23/05/04 12:41:50 م 1225837 C:\SaheehAlbokhari-1.exe
aspack 18/10/03 11:33:48 ص 972553 C:\AlkaolAlmofid-1.exe
aspack 10/05/04 09:39:58 م 1388736 C:\AlkaolAlmofid-2.exe
aspack 23/05/04 12:46:32 م 830648 C:\MinhajAsunah.exe
aspack 23/05/04 12:43:24 م 556339 C:\OmdatAlahkam.exe
aspack 23/05/04 12:42:42 م 1848019 C:\SaheehAlbokhari-2.exe
aspack 29/08/04 11:25:38 ص 497403 C:\AlakeddahAlwasteeah.exe
aspack 09/09/04 04:30:56 م 482348 C:\KashfAlshobhat.exe
aspack 18/01/05 11:01:50 م 778268 C:\AhkamAlodhiahWaAlthakah.exe
aspack 17/06/05 09:31:00 م 475276 C:\Alajromiah.exe
aspack 17/06/05 09:32:18 م 519438 C:\AlfiatIbnMalik.exe

I think they are in arabic language. Can you translate?

[stretched]

yes, sorry should have told you, those are downloaded books, the text of which were loaded in some program for each book, which presents the contents here and the page here, etc., all of those that say aspack.

the question about translating, that is what I do for a living....and this is the computer....sorry about the delay- they should be harmless, as all or almost all were in there before specific911

[MicroBell]

Well..these logs are also clean of the hijacker. You have to be missing something in your registry search. Try searching again under every user account you have using the following keywords and see what they turn up...

specfic911
specfic
911

There has to be a referance to this site in there somewere. Also check your hosts file for any entry. C:\Windows\hosts I think on Win98.

[stretched]

alright found some stuff with regseeker, could not figure out how to remove it there, it wanted to open regedit which will not work etc., so I ran regedit under the task scheduler and found two specific folders:specificpop and specific something else, anyway i deleted the folders, and I did it under both (all as far as I know) users, I did some restarting too, and double checked under both users and did not get a hit on "specific" nor "specific911" while for "911" I got this:

AdvancedDataFactory/Clsid (Default) “{9381D8F5-0288-11d0-9501-00AA00B911A5}”

It had one of those little symbols before it which I could not duplicate here...

after rebooting when removing the specific file the startup was odd, like it was changing something, but the IE window is still opening at least once and that happens right before everything starts appearing on my bottom right task bar, the IE window opens first, then that stuff appears after I close the IE window. And clicking on anything on the desktop still opens IE window.

Also check your hosts file for any entry. C:\Windows\hosts I think on Win98.

I do not know how or what is that, I searched under C:\Windows and there is no "hosts", I did start\find "hosts" and got "hosts.sam" and "Lmhosts.sam" but I'm afraid to click on those....

[stretched]

AFTER POSTING HERE, I tried to run regseeker again searching for "specific" and got these, which I deleted in regseeker after figuring out how(!?!!)

HKEY_CURRENT_USER
(Folder)Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap\Domains\specific911.biz
HKEY_CURRENT_USER
(Folder)Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap\Domains\specific911.com
HKEY_CURRENT_USER
(Folder)Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap\Domains\specific911.net
HKEY_CURRENT_USER
(Folder)Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap\Domains\specific911.org
HKEY_CURRENT_USER
(Folder)Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap\Domains\specificclick.net
HKEY_CURRENT_USER
(Folder)Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P \History\specificpop.com
HKEY_CURRENT_USER
(Folder)Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P \History \specificclick.net

I had to type those, so if there is a repeat that is why, anyway, and sure enough it was found AFTER deleting it from regseeker, in regedit. so I deleted the files, so they are coming back after going on line at the least, and I guess I am not really deleting them???

[MicroBell]

Download my attachment to this thread called Fixzone.txt to your desktop. Right click the file and rename it to Fixzone.reg. Then double click on that file and allow it to merge into the registry. Reboot your PC..and see if those entrys come back.

[stretched]

I am very grateful for your help, but please do not forget whenever I double click on anything, it opens IE window. I downloaded the file, changed the name to.reg and assigned it to the Task Scheduler, the first of the month. Then after it shows up in the list, I right click run on it and it says: could not start.
(I did try it anyway just in case)
If I click on just about anything on the desktop or inside, it will open IE window, the only way I can open any file is by runing the source program under task scheduler. The only other exception to this is I can click on my computer and open that box, but if I double click "c" the the IE window opens, so there are a very few things that I can double click on, otherwise, the general rule is that if I try to open a file in normal fashion, IE window opens.

Sorry for having to say all that again....

[MicroBell]

Is this issue just under one user? How many accounts on the PC? Honestly..I would have backed up would I could and reinstalled..long ago...but if still want to continue...thats fine. Since your getting IE windows..while opening other programs it's likely your file associations are all screwed up. Can you even run regedit?

[stretched]

I think there are two users, but I am not positive, I did load all the software on it when I got it, and it was a gift, I think it was erased in the beginning, that is what I remember.

I do not have some of my original software, (kids are destructive) and so I can not do the "do over" routine.

I can run regedit, under the task scheduler trick....

[MicroBell]

Can you enter the registry and manually delete these entrys in BOLD.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\Zonemap\Domains\specific911.biz

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\Zonemap\Domains\specific911.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\Zonemap\Domains\specific911.net

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\Zonemap\Domains\specific911.org

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\Zonemap\Domains\specificclick.net

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\P3P \History\specificpop.com

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\P3P \History\specificclick.net

Leave IE closed....reboot and check those entrys again and see if they came back. If not..open IE...then see if they came back.

[stretched]

I ran regedit and regseeker, can not find any of them under either user now, rebooted, ran IE few times, when I was killing them yesterday, seems like there gone finally after doing that, still the IE window opening after start up and when double clicking on icons on the desktop....yes I searched for "specific" in those programs and manually looked....and I have the view under control panel on show all files....

[MicroBell]

Ok..so if I understand correctly..the 911 crapo is fixed..and we are just dealing with this IE window opening in every program launched?

Lets try this....

Open a command prompt and type Scanreg.exe If it finds anything then type scanreg /fix using the run box.

I also need you to check these 2 registry keys...

HKEY_CLASSES_ROOT\exefile\shell\open\command

Post the data of the "Default" entry in the right window. It should be "%1" %*

Then check this key....

HKEY_CLASSES_ROOT\.exe

Post the data of the "Default" entry in the right window. It should be exefile

[stretched]

I did not understand what you said. And the question: "and we are just dealing with this IE window opening in every program launched?" Yes, but it I can also not open anything on the desktop at all and anything in the computer unless I assign it to the Task Scheduler and right click on in and select run, double clicking on anything other than Task Scheduler and a select few others only opens IE window.

I did not understand "open a command prompt" I think that means in dos, should I reboot in dos, or what is it that I should do?

Checking registry keys, should that be done in regedit, just see if they are there? And posting the data of the default entry, from what?

Also the start/run/ function only results in the same IE window can not run anything except through task scheduler...

Sorry