I recently uninstalled Nero 5.5 with it's uninstall program. Afterwards I checked the registry and of course there were values left for the program. I managed to delete most, but there is one lot that simply refuses to go. Everytime I restart after deleting the items, they have reappeared.
Can anyone please help me.?

Looks like the keys are getting re-written by something that is running during startup. Check your startups in MSCONFIG.

Cheers
Andy

Thanks Andy
Temporarily disabled the scanreg\w in startup and got the blighter deleted in registry!
Kindest regards
Christiaan

No problem, glad you got it resolved.

Cheers
Andy

Hello there, I had a similar problem with registry being changed every time I start up. I still have a question (but here is my story first, so forgive me for being too long). I will say one thing first: if you're sharing computer with someone else, please do make sure you know what they do with it (I learned my lesson the hard way, hehehe). First I had my Internet Options disabled by a change in the registry but that was fixed. Then I noticed this internet site to be a home page that I didn't set. I did go to the registry and found it in the "start page" so I changed it that way to home page of my choice. After I restarted my computer, it was back up loading up. So I started searching the net for answers and came here and you answered in this post how to disable startups. I ran the MSCONFIG and disabled couple of programs that I thought were making changes (including that scanreg mentioned above). Problem was solved.
Here is my question... I am not expert or even close to dealing with these issues so forgive me if my questions do sound stupid...Am I safe from these programs and how can I get rid of them. One of them is that scanregw.exe /autorun
then there is one that is called WebInstall and is in my WINDOWS\TEMP folder, and third one is System Boot in "file:///C:/somename.htm" I am guessing I can delete that file in TEMP folder, so I need help mostly with scanregw and this third file. I run "Find" and that "somename.htm" wasn't showing up in it, so how do I delete it? My roommate is even more illiterate than me in computers so he can't help either... Thank you very much:)

Sorry for double posting, it wouldn't let me modify it due to time...

WelL i tried finding that Webinstall program that was in my TEMP folder and it wasn't there. It still shows in my MSCONFIG window, along with the other two I mentioned above... I still have same questions about how secure my computer is and what to do, thank you:)

Well, I see another program (I also disabled it on startup), and it tells me this for it "MSPQ file C:\WINDOWS\regedit.exe /s C:\WINDOWS\SYSTEM\MSBA41A.TMP"


It is possible that it was there before and I didn't see it, so that is the fourth component I am inquiring about and whether I should get rid of them and how. Once again, I apologize for posting so much, I am just a newbie that doesn't know much (read: close to nothing) about this stuff:)

It's a well know homepage hijacker (a kind of foistware trojan)
Uncheck it in Startup, reboot, and delete MSBA41A.TMP in your Windows\System directory.

BTW, you said you unchecked Scanregw.exe in Msconfig?

You should REcheck it immediately:

When you start your computer successfully, the Windows Registry Checker tool creates a backup of system files and registry configuration information, which you can restore in case your registry gets messed up.

Come to think of it, I'd really like to see your startups. That way we don't need to react to one item at a time:

Download StartLog.com from this site: <a target="_blank" href=http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html>http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html</a>

Doubleclick it, and it will generate a text file on your desktop that will list all the applications that start in the many places when you start Windows.

We don't need to see StubPath.txt, just Startup.Log

Just go to 'Edit/select all', then copy, and paste it into your reply.

Ok, I am going to sleep now, the log post is in process of approval (I think); hopefully everything will be ok and my post is approved by the moderators, I apologize if I posted something that wasn't appropriate, that was not my intention:) thanx once again and good night:)

This happens sometimes, for some unknown reason.

If it fails to surface, or reposting it won't work either, exceptionally open a new thread posting your StartupLog.

We'll keep an eye out for it.

Ok. thanx I tried posting it again but it also said administrator had to look it over... hopefully it surfaces:) If not I will open a new thread tonight... I hope noone minds if I do that. Thank you very much Tony for trying to help, I really appreciate it:)

---------- C:\WINDOWS\desktop\StartUp.Log

Start-Ups checked at 09-02-2002 3:41:20.65a
__________________________________________________ ________________________
__________________________________________________ ________________________

StartUp Log for Windows 95/98 - Freeware by rmbox
__________________________________________________ ________________________
__________________________________________________ ________________________

Comments:

This is a log of all the programs on your computer that
are starting automatically every time you start Windows.
Using this log can be a quick way to spot trojans.

StartUp Log (version 1.56) - Release Date 3/11/2002

__________________________________________________ ________________________
__________________________________________________ ________________________

StartUp Log Index

1. HKLM Run
2. HKCU Run
3. HKLM RunOnce
4. HKCU RunOnce
5. HKLM RunServices
6. HKLM RunServicesOnce
7. WIN.INI file
8. SYSTEM.INI file
9. AUTOEXEC.BAT file
10. StartUp folder
11. All Users StartUp
12. Misc. StartUp Configurations

__________________________________________________ ________________________
__________________________________________________ ________________________

The following is a list of your current Start-Ups
__________________________________________________ ________________________
__________________________________________________ ________________________

1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TaskMonitor"="c:\\windows\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"EnsoniqMixer"="starter.exe"
"VsecomrEXE"="C:\\PROGRA~1\\PLUS!\\Viruscan\\VSECOMR.EXE"
"Vshwin32EXE"="C:\\PROGRAM FILES\\PLUS!\\VIRUSCAN\\VSHWIN32.EXE"
"internat.exe"="internat.exe"
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"Alogserv"="c:\\Program Files\\McAfee\\McAfee VirusScan\\alogserv.exe"
"CookieWall"="C:\\PROGRAM FILES\\ANALOGX\\COOKIEWALL\\COOKIE.EXE"
"CriticalUpdate"="c:\\windows\\SYSTEM\\wucrtupd.exe -startup"
"RFX_auto_upgrade"=""
"ScanRegistry"="c:\\windows\\scanregw.exe /autorun"
"QuickTime Task"="C:\\WINDOWS\\SYSTEM\\QTTASK.EXE"
"WebInstall2"="C:\\WINDOWS\\TEMP\\INS50B1.TMP /R /A"
"SystemBoot"="file:///C:/ladies.htm"


================================================== ========================
__________________________________________________ ________________________

2. HKCU Run - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"MSPQFile"="C:\\WINDOWS\\regedit.exe /s C:\\WINDOWS\\SYSTEM\\MSBA41A.TMP"


================================================== ========================
__________________________________________________ ________________________

3. HKLM RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]


================================================== ========================
__________________________________________________ ________________________

4. HKCU RunOnce - Registry

[RegPath]
"StartUp"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce]


================================================== ========================
__________________________________________________ ________________________

5. HKLM RunServices - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"SchedulingAgent"="mstask.exe"
"Vshwin32EXE"="C:\\PROGRAM FILES\\PLUS!\\VIRUSCAN\\VSHWIN32.EXE"
"McAfeeVirusScanService"="c:\\Program Files\\McAfee\\McAfee VirusScan\\AVSYNMGR.EXE"
"TrueVector"="C:\\WINDOWS\\SYSTEM\\ZONELABS\\VSMON.EXE -service"
"MiniLog"="C:\\WINDOWS\\SYSTEM\\ZONELABS\\MINILOG.EXE -service"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"


================================================== ========================
__________________________________________________ ________________________

6. HKLM RunServicesOnce - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]


================================================== ========================
__________________________________________________ ________________________

7. WIN.INI File - (c:\windows\win.ini)

Your win.ini run/load lines should look like run= and load= exclusively.
There should be nothing to the right of the equal signs.


These are the run and load lines in your WIN.INI file

run=hpfsched

load=

================================================== ========================
__________________________________________________ ________________________

8. SYSTEM.INI File - (c:\windows\system.ini)

Your system.ini shell line should look like shell=Explorer.exe exclusively.
You should only see Explorer.exe following the equal sign.


This is the shell line in your SYSTEM.INI file

shell=Explorer.exe

================================================== ========================
__________________________________________________ ________________________

9. AUTOEXEC.BAT File - (c:\autoexec.bat)

(Some trojans have been known to start from this file)


These are your program startups and set paths in your autoexec.bat file

SET BLASTER=A220 I7 D1 H7 P330 T6
SET SBPCI=C:\SBPCI
&lt;HTML&gt;&lt;HEAD&gt;&lt;TITLE&gt;Utopia&lt;/TITLE&gt;
&lt;/HEAD&gt;
&lt;BODY BACKGRO

PATH C:\PAGEMGR




C:\PROGRA~1\COMMON~1\NETWOR~1\VIRUSS~1\40~1.XX\sca n.exe c:\
@IF ERRORLEVEL 1 PAUSE


================================================== ========================
__________________________________________________ ________________________

10. StartUp Folder - (c:\windows\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your StartUp folder

C:\WINDOWS\Start Menu\Programs\StartUp\nukenabber.lnk

================================================== ========================
__________________________________________________ ________________________

11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

Shortcuts to any program will automatically start when placed here.


These are the shortcuts located in your All Users StartUp folder

C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm.lnk

================================================== ========================
__________________________________________________ ________________________

12. Miscellaneous StartUp Configurations

-============================-
Registry StartUp Directories
-============================-

Should show the Start Menu StartUp and All Users StartUp directories

.................................................. ...................

[1] HKCU - Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders

"Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

.................................................. ...................

[2] HKCU - User Shell Folders

HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell Folders


.................................................. ...................

[3] HKLM - Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\exp lorer\Shell Folders

"Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

.................................................. ...................

[4] HKLM - User Shell Folders

HKLM\Software\Microsoft\Windows\CurrentVersion\exp lorer\User Shell Folders


.................................................. ...................

-=======================-
Registry Shell Spawning
-=======================-

Open Commands for Executable File Types

@="\"%1\" %*"
(.exe file - RegPath = HKCR\exefile\shell\open\command)

@="\"%1\" %*"
(.com file - RegPath = HKCR\comfile\shell\open\command)

@="\"%1\" /S"
(.scr file - RegPath = HKCR\scrfile\shell\open\command)

@="\"%1\" %*"
(.bat file - RegPath = HKCR\batfile\shell\open\command)

@="\"%1\" %*"
(.pif file - RegPath = HKCR\piffile\shell\open\command)

@="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
(.hta file - RegPath = HKCR\htafile\shell\open\command)

-=========================-
HKLM RunOnceEx - Registry
-=========================-


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnceEx]


-=========================-
HKU (.Default) Run - Registry
-=========================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Run]
"MSPQFile"="C:\\WINDOWS\\regedit.exe /s C:\\WINDOWS\\SYSTEM\\MSBA41A.TMP"


-==============================-
HKU (.Default) RunOnce - Registry
-==============================-


[HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\RunOnce]


-================================-
StubPaths - Registry (Partial Listing)
-================================-

(Please see the StubPath.txt on your desktop for complete listing)

HKLM\Software\Microsoft\Active Setup\Installed Components


"OldStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
"StubPath"="c:\\windows\\msnmgsr1.exe"
"StubPath"=""
"StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
"OldStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"
"StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"

-=================-
DOSSTART.BAT File - (c:\windows\dosstart.bat)
-=================-

@echo off

REM Notes:
REM DOSSTART.BAT is run whenenver you choose "Restart the computer
REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
REM you to load programs that you might not want loaded in Windows,
REM (because they have functional equivalents) but that you do
REM want loaded under MS-DOS. The two primary candidates for
REM this are MSCDEX and a real mode driver for the mouse you ship
REM with your system. Commands that you want present in both Windows
REM and MS-DOS should be placed in the Autoexec.bat in the
REM \Image directory of your reference server. Please note that for
REM MSCDEX you will need to load the corresponding real-mode CD
REM driver in Config.sys. This driver won't be used by Windows 98
REM but will be available prior to and after Windows 98 exits.
REM
REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
REM before Windows loads and access the CD-ROM. All you have to do
REM is press F8 and then run DOSSTART to load MSCDEX and your real
REM mode mouse driver (no need to remember the command line parameters
REM for these two files.
REM
REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
REM - The string following the /D: statement must explicitly match
REM the string in CONFIG.SYS following your CD-ROM device driver.

REM MSCDEX.EXE /D:OEMCD001 /l:d
REM MOUSE.EXE
C:\SBPCI\SBINIT



-=================-
WININIT.BAK File - (c:\windows\wininit.bak)
(name) (type) (size)(modified)(time)
wininit bak 1,953 09-01-02 7:42p
-=================-



[Rename]
NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\S ET8315.TMP
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IE PEERS.RCX
C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\RSASIG.DLL
C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\XENROLL.DLL
C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\MSCAT32.DLL
C:\WINDOWS\SYSTEM\MSSIP32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\MSSIP32.DLL
C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MSSIGN32.DLL
C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\CRYPTUI.DLL
C:\WINDOWS\SYSTEM\CRYPTNET.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\CRYPTNET.DLL
C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\CRYPTEXT.DLL
C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\DIGEST.DLL
C:\WINDOWS\SYSTEM\WLDAP32.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\WLDAP32.DLL
C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\DXTMSFT.DLL
C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE 4SETUP\DXTRANS.DLL
C:\WINDOWS\SYSTEM\MSTIME.DLL=C:\WINDOWS\SYSTEM\IE4 SETUP\MSTIME.DLL
C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MMUTILSE.DLL
C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4 SETUP\PLUGIN.OCX
C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MSRATING.DLL
C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\I E4SETUP\MSHTMLED.DLL
C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4S ETUP\HLINK.DLL
C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\I E4SETUP\PROCTEXE.OCX
C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SET UP\URL.DLL
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTE M\IE4SETUP\IEXPLORE.EXE
NUL=C:\WINDOWS\SHELLI~1
NUL=C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE=C:\WINDOWS\SYSTEM\SET 9392.TMP
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\S ETA000.TMP
NUL=C:\WINDOWS\SYSTEM\MSIDLE.DLL
C:\WINDOWS\SYSTEM\MSIDLE.DLL=C:\WINDOWS\SYSTEM\SET A001.TMP


-=========================-
ICQ Inet Registry StartUp
-=========================-

Shows applications that start when connected to Inet


[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\App s]
"Launch Browser"="No"

[HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\App s\Utopia Angel]
"Enable"="Yes"
"Parameters"=""
"Path"="C:\\WINDOWS\\DESKTOP\\DESKTOP STUFF\\UTOPIA PICS\\ANGEL.EXE"
"Startup"=""


-=====================-
Screen Saver Settings (Possible system.ini start-up)
-=====================-

SCRNSAVE.EXE=c:\PROGRA~1\MCAFEE\MCAFEE~1\SCRSCAN.E XE

================================================== ========================
__________________________________________________ ________________________

- Supplemental Environment Information -

TMP=c:\windows\TEMP
TEMP=C:\windows\TEMP
winbootdir=C:\WINDOWS
COMSPEC=C:\WINDOWS\COMMAND.COM
SBPCI=C:\SBPCI
PATH=C:\WINDOWS;c:\windows;c:\windows\COMMAND;C:\P AGEMGR
windir=C:\WINDOWS

File - c:\windows\Wininit.bak
File - c:\windows\deletefi.ini

================================================== ========================
__________________________________________________ ________________________

- End -

Oh, ok, well here is the log... I know he went to a bad (you can guess what kind) site and screwed up my comp like that so no more computer use for anyone but me:)

Few comments:
-I deleted that MSBA41 thing but it still shows up when I run MSCONFIG (I did uncheck it so it won't run in startup).
-WHy it shows up in the log is because I checked them all in order to run this log thing so you can see every program that wants to start up.
-Angel program is a program I used for a long time that is used for an online game that I play.


Thank you very much:)

I was browsing thorugh these forums (and I cannot say it enough: they are awesome!), and came across a link for "Startup COntrol Panel" by Mike Lin... I have downloaded it and installed it and it has a "delete option" when I right click on the item listed under HKLM/Run tab. Should I just use this to delete those bad items up there or another answer exists... Of course I do need help telling me if those I suspect of being bad items that I don't need are bad or which one you think I should delete and what's the best way in your opinion for me to delete them and get rid of them once and for all. Thanx:)

You've got a lot of assorted foistware, homepage hijackers, and other baddies there.

As I'm not familiar with Startup Control Panel, let's do it my way:

Go to Start &gt; Run &gt; Msconfig, and uncheck the following items on the Startup tab:

wcmdmgr, RFX_auto_upgrade, WebInstall2, SystemBoot, MSPQFile.

Click OK, close Msconfig, and reboot.

Now delete the following two files:

C:\WINDOWS\SYSTEM\MSBA41A.TMP
C:/ladies.htm

Next, empty the contents of you C:\Windows\Temp folder in its entirety

Now Download and install Refupdate Utility (http://www.wyvernworks.com/Lavasoft/aaw.exe>Ad-Aware</a>).
This utility searches for, downloads and automatically installs the latest AAW reffile (the spyware definitions, so to speak).

Run the refupdate.exe installation file, and once installed, go to Start Menu&gt;Programs, find the Lavasoft Refupdate entry and run it.
Click connect; it will open a connection to the internet to check and update the current signature file.

When that's completed open Ad-aware, look at the bottom left corner, it should now say "Signature file in use: "038-16.08.2002".

Then have your drives and registry scanned for spyware, check all found files and reg keys, hit 'backup', then click continue, and have them all removed.

Reboot again.

Good luck, Tony

Hello

I went and deleted all files and folders in that Temp folder, but one file remains and refuses to be deleted ("Cannot delete WebPoolFileFile: Access is denied. Make sure the disk is not full or write protected and that file is not currently in use"). WebPoolFileFile seems to be 0kb file...
I also went and unchecked all those you mentioned.
About deleting those two... MSBA41A.TMP, I deleted earlier and it still shows up in MSCONFIG thing but I cannot find it using find or looking in the folder. So I guess that's just a leftover.
It is showing up in this registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run-


About that ladies file, I have not been able to find it at all ever since I noticed it...

I did go to my registry and found WebInstall2, RFX auto upgrade, System Boot thing (with ladies.htm), and QuickTime Task, along with a Default ("value not set" for default"). under:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run-

About AdAware, yes, I got that installed couple of months ago and I did not have the most recent version. I had 032-23.06.2002 version. I actually run it when the trouble stated and it found one Alexa which I deleted. I will go and upgrade it and see what this new version finds.


PS: Isn't it weird that ladies file is located under file:/// thing or that's normal? thanx once again for your help, I guess I'm almost there to the end of the problem:)

WebPoolFileFile is from McAfee, and it's a protected file, so you can leave that one.

Otherwise it seems you've done most of what's neccessary.

"file:///C:/ladies.htm" certainly is weird, what with the slashes pointing the wrong way as well. I don't know what to make of it.

Anyway, it's out of startup now.

Oh, ok, cool.

I cannot say thank you enough:)
So I should even bother to try and delete those from registry, since they're out of startup they can't hurt me?

I gotta go to school now, so sorry if I don't reply quickly. Thanx a lot once again, I am very happy now:)

You're welcome. :)

They're harmless now, especially as the files themselves have been deleted as well.

sorry for seeming so redundant, but so doesn't matter they're showing up after I do MSCONFIG and that they can be seen in registry? My question shows how little I know:)
Well, I truly appreciate your help and taking your time to help me with my problem. Sorry to bother you and thank you once again:)

No, they're UNchecked hence disabled Startup items.

However, now launch Startup Control Panel, and delete the ones I told you to uncheck in Msconfig.

I believe that will get rid of them, and it'll look a little neater.

We can also edit the registry, but first try it this way.

oh, ok, I couldn't delete them since they're not showing up in Startup Control Panel, probably since they're unchecked in MSCONFIG thing, so I guess everything is fine and dandy now:) I won't worry too much about their names being out there since they can't hurt me:) If you got time then we can worry about removing even their names but if not don't worry about it, you helped me plenty:)

No prob, do this:

Start >Run > regedit.

Navigate to, and examine the following 2 subkeys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run-

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run-

Note the - (minus) sign behind Run and RunServices.

In those subkeys you'll find the Msconfig/startup entries we're dealing with that are UNchecked.

Highlight the ones we got rid of in the RIGHT pane, and choose 'delete'.

They'll be gone from Msconfig.

Ok, I found them clicked and deleted them (right clicked and deleted them).


I found this as well:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Doc Find Spec MRU

Under this key there are name "a" "b" "c" and so on... Last one being named MRUlist
b has a value of MSBA4,
e value of "Temp"
d value of "MSPQ"
g value of "MSBA",
c value of "ladies"
h value of "lol"
i value of "upgrade"
j value of "Ensoniq"
and last one has name of "MRUlist" and value of "hcgaebifjd"

Do I worry about this one?



Update!
MSCONFIG doesn't show them anymore! Thanx!!! Still wondering about the key above:)<P ID="edit"><FONT class="small">Edited by SDD on 09/03/02 12:04.</FONT></P>

These are harmless. They're just the Most Recently Used search terms you typed in the 'Find' (Search) applet.

awesome... I don't remember searching for couple of those but shared computer explains it... cool, I am happy and I'll go back browsing this site, lots ofthings to learn, thanx once again and have a great day!

You're welcome.

Have fun!

Cheers, Tony