AndyManchesta

The best thing you can do it learn it for yourself and read sites that give details of the registry and the use of scripts, you could test it on your own pc but mistakes could mean you having to reinstall Windows, If someone posted the commands to log off and delete files then you could make a mistake somewhere writing the script maybe because you didnt fully understand the command line switches and damage your pc. Here's a few sites that may help Winguides Description of the registry TheElderGeek Command-line reference

Hey Aaron Can you give us more info on how you "added it" to people's startup folders ? did you mean you add it to other users startup folder on your own pc or add it to others people pc's remotely or via a file they download ? I'm sure people would be willing to help if you can explain why its being used but it does sound like its for malicious use as I cannot imagine anyone appreciating a shutdown script in the startup folder. Its the same for the Log Off question, there is already a quick way to log in or out using the Start Menu so its hard to see how a script to automate it could benefit anyone. If your interested in cracking or hacking Id suggest you consider using that knowledge to help people rather than infect pc's. Stick with your Myspaces site, its alot safer

Hi DaveInRI Try changing the permissions on the key and make sure you are running from the Administrator account. Locate the key and any subkeys that you want to remove then right click each and choose 'Permissions' . If the field under 'Group or user names' is empty or doesnt contain Administrators click Add, In the box titled 'Enter the object names to select' type Administrators, click OK. With Administrators highlighted in the top part of the window check the Allow box next to 'Full Control', click Apply and OK. Finally Right click the keys and choose Delete. Another way to do this is using Respendance Registrar Lite Install then run Reglight , Navigate to the key or enter it in the Address bar and choose GO, left click the key then click Security on the top bar and click Take Ownership, once it confirms you are the owner then right click the keys and choose Delete.

Hi John , Ive never used Win98 and hardly ever use Outlook so hopefully other members can give you some advise but from reading the support pages it sounds like either some of the .dll file versions are mixed up or there is corrupt/missing information in the Identities registry key. Here's afew more links that explain the problem and many suggest removing Outlook and all its files then reinstalling but Its probably worth waiting incase other members know an easier way to repair things or consider contacting Microsoft by choosing your location then use the Contact link at the bottom of the screen or post the question on one of Microsoft's Outlook newsgroups. Outlook Express could not be started because MSOE.DLL could not be loaded" when you start Outlook Express How to Manually Uninstall and Reinstall Outlook Express on Windows Millennium You receive an error message or are unable to start Outlook Express Inside Outlook Express All The Best Andy

Hi John god Try these links. Error message "Outlook Express could not be started because Msoe.dll could not be loaded" OLEXP: Error Message: Outlook Express Could Not Be Started Because MSOE.DLL Could Not Be Loaded Outlook is throwing a wobbler over msoe.dll - pcanswers site Andy

Ive only been visiting here for a few months but can see K helps anyone she can and gets on great with everyone on the forum, I fully agree with lokoike and Tarun , I've learnt alot by reading her posts and from all the other members here. keep up the great work K

Hi Hlpme Its difficult to know what that is without getting more info on your system , If you have malware problems it could be connected to that as it doesnt look like a genuine file especially with you not knowing where it came from. I think this is the same system Krit86lr mentioned to me and if it is there was a part about some Trojan and Rootkit infections on the pc. Its maybe related to that but I would have to see other logs to see whats going on, If it was the same system she also mentioned there was no Admin account which I didnt think was possible as there has to always be an Admin account available. Without the Admin account we cannot fix any issues so that will be something that needs fixing first, If you can restore the Admin account then post a Hijack Log on the Spyware Hell area and we can take it from there. If the system has Rootkit infections the best solution maybe to Format and reinstall Windows because there could be alot of damage done to the system and it would be difficult for any person or program to guarantee the system is ever going to be 100% clean. Andy

WOW, DJLizard your not joking That update causes a huge amount of problems and my advise to register the mshtml.dll file which would usually be harmless is a big problem if he has that update installed. Thanks DjLizard , I should of tested that optional download earlier as its been sat there since the 28th Feb but I'm glad I didnt now after seeing so many different problems on my system after registering the new file. EDIT: Got a PM from Poppadum saying they had no problems so I will be abit more careful in future regarding that corrupt file untill its fixed. Andy

Thanks DjLizard , I keep forgetting about that issue as I didnt install that optional update from MS, @Poppadum Glad it solved the problem , As DjLizard has pointed out there is maybe some bug in one of Microsoft's new updates (KB912945) and registering the file he mentioned may cause some issue.

EDIT : To remove the instruction to register mshtml.dll after reading DJLizards reply. Hi Poppadum, Welcome to the forum, What happens if you go to Start Menu then run and type Appwiz.cpl Press Ok, this should open the Add/Remove screen. Next try re-registering these files Can you open Notepad (Start Menu > run > type notepad and press OK) Then copy and paste the contents of the code box into Notepad: regsvr32 /s %systemroot%\System32\Appwiz.cpl regsvr32 /s %systemroot%\System32\Jscript.dll regsvr32 /s %systemroot%\System32\Msi.dll regsvr32 /s %systemroot%\System32\Mshtmled.dll regsvr32 /s %systemroot%\System32\Ole32.dll regsvr32 /s %systemroot%\System32\Urlmon.dll regsvr32 /s %systemroot%\System32\Clbcatq.dll regsvr32 /s %systemroot%\System32\Oleaut32.dll regsvr32 /s %systemroot%\System32\Mlang.dll regsvr32 /s %systemroot%\System32\Shell32.dll regsvr32 /s %systemroot%\System32\Plugin.ocx regsvr32 /s %systemroot%\System32\Imgutil.dll regsvr32 /s %systemroot%\System32\Cscui.dll EXIT Goto File on the top bar of notepad and choose Save As, On the Save As Type change it to All Files, name it fix.bat and save it to your desktop Double click fix.bat, you will just notice cmd screen open then list each file and close, its then finished and registered the files. Reboot the pc and check Add/Remove again If that doesnt help there's likely to be some registry corruption so its difficult to know where to start, One option is performing a repair install of Windows but you will need to upgrade the service packs and updates if you use that option. Maybe other members can offer some suggestions if the above doesnt help.

Hi lokoike I must admit I thought it was abit extreme but I cannot blame them for saying that, Usually the only files that will target Microsoft folders and delete them is malware so I appreciate their view on this, If the Author would like the contact address of the person I spoke to Id be happy to pass it on. No program should interfere with Microsoft's files and if they do they should make sure what they are removing is legit, This isnt and removing nearly 200mb of dll, exe and inf files and the complete $hf_mig$ folder isnt a good thing so Its suprising it hasnt already been fixed, I just mentioned the conversation as I was speaking to them about an unrelated matter connected to malware using text files to get on the system then running them as executables so thought Id get their view about removing the $hf_mig$ folder and any potential problems that may arise for people who had. I wouldn't advise anyone to remove Ccleaner once its on the pc as its a useful tool but there is plenty of programs that offer the same temp file removal feature without the potential to cause damage but its not appropriate to promote them on here. If the Author is releasing an update later in the week to fix the issue then its not a problem for new users but in the same sense its not a solution for the users who have already removed that thinking they were just removing temp files or files that were not needed. I think this may damage Ccleaner's reputation because if it can make a mistake like this it can be making mistakes in other area's such as the issues scanning but I hope that will not be the case. Personally I like the program except for the inclusion of Yahoo's toolbar in the standard version but I do not use it on the Advanced setting or use the issues feature so It works well for me to just remove temp files and cookies before I shut the pc down each day.

I agree Ccleaner removing the $hf_mig$ folder is a serious issue, I spoke to Microsoft about that last week and their advise was no one should use Ccleaner and anyone who has it installed should remove it from the pc and use Disk Cleanup with it targeting genuine Microsoft files which could cause damage serious enough to require a repair install of Windows as the information in the hotfix folders is also mapped into alot of other area's of the system. They did say they thought XP was tolerant and would probably get by without the files and the $hf_mig$ folder is re-created after a reboot but they couldnt be sure without looking into it as it was the first time they had heard of a third party tool targeting their files. They also didnt understand why a cleaner would want to remove the hotfix uninstallers as there's always a chance a hotfix could cause conflicts or other problems on some systems and without the unistallers the user cannot remove them. I'm sure the author is aware that we all think its a serious mistake and personally Im suprised Ccleaner wasnt dropped from the download page and that feature removed when it was first brought to their attention. Regarding your other points. What part of the firewall can you not change ? I dont think removing the hotfixes will effect your Internet connection but if you can explain more about that it may be another option in Ccleaner thats causing it, SP2 cannot be uninstalled unless this file exists : c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe What part of System restore doesnt work ? If you goto start and run then copy and paste this: %SystemRoot%\System32\restore\rstrui.exe Press OK, does this open the system restore options screen ? Andy

Hi Hazelnut I do not have that file listed in my Windows Firewall exception list but rundll32.exe is a genuine and needed file to enable components in dll files to run as applications. I would leave it unchecked in the exception list as adding any exceptions to the firewall does make the system less secure and that exception doesnt need to be enabled for the file to function, Here's Microsoft's description of the exception list Andy

EDIT: Sorry K I didnt see your reply Use this is you still have problems after following K's suggestion. You could try resetting the permissions on all reg keys using SubInACL and allow full control to Admin and System. Download and install SubInACL from Here Which installs into this folder: C:\Program Files\Windows Resource Kits\Tools Open Notepad and save the contents of the code box into it subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=fsubinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=fsubinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=fsubinacl /subdirectories %SystemDrive% /grant=administrators=fsubinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=fsubinacl /subkeyreg HKEY_CURRENT_USER /grant=system=fsubinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=fsubinacl /subdirectories %SystemDrive% /grant=system=f Goto File on the top bar of Notepad and then choose Save As, change the Save As Type to All Files and call it reset.cmd then save it into the 'Tools' folder so its in the same folder as SubInACL. C:\Program Files\Windows Resource Kits\Tools Next goto Start > Run > type cmd press enter then type these commands and press enter after each one. cd "C:\Progra~1\Windows Resource Kits\Tools" reset.cmd It will take awhile to reset them all then reboot and try Ccleaner again Andy

Hey K , The VB script will be readable, just right click and choose Edit, I think it would fix alot of different issues rather than one specific problem but its worth a look, The Quick Lauch problem isnt something Id seen before and with me not having any problems with the Ccleaner Advanced cleanup (except removing the $hf_mig$ folder and contents but it missed the backup $hf_mig$ Id saved ) It's difficult to know where to start , maybe Kelly will make that clearer to you

Nice catch K I wonder if that meant there was a Classic Shell or a similar policy enabled It's great to know Kelly's VB script fixes the problem incase we see it again.

I only use Hotmail accounts so Im probably not the best person to comment, You would have to open the email first then Right click inside the message area and choose View Source or choose View from the top bar and click Source, the only difference when you view the source of an email is alot of the information is connected to the email provider rather than the sender such as images,buttons, links etc... With emails you can usually open the full header's when reading emails which can give alot of information. On hotmail (and Im sure other email providers will have similar settings) you can do that by choosing Options which is just under the banner advert on the top right of the screen, then choose Mail Display Settings, on the Message Header section you can change it to None, Basic, Full or Advanced , Here's the description Hotmail has about each setting: I have mine always set to Full which helps trace the sender if you ever need to report abuse or phishing emails like this,

Hi again Usually If I find a malicious site of any form I will view the source code of the page, with this being a e-gold scam site my first thought was it may attempt to load password stealers or keyloggers onto the system when the page is opened via IFrame, Javascripts etc.. but the page is clean , As Eldmannen says the code can give alot of information which cannot be viewed by just looking at the page and can show if the information that is submitted is being sent to another website, to an email address or another part of their own site. With this page It looked genuine as it only had one address bar and that contained the genuine site address but the source code showed they are hiding the true address bar using scripts and then use another script to generate a fake bar with the genuine site address showing. It just makes it easier to see whats going on and can sometimes lead you to other parts of the sites, There's one site that loads trojan infections and alot of other sites (serial/crack/keygen/adult) and others link to this sites files to infect pc's . By viewing the sites source code it shows the directories where the files are saved so then I checked that and the area contains alot of text files full of IP Addresses which I assume is people they have infected and contains over 100 different exploit files and malware bundles so it can help alot. I should point out that I do all this on a test machine and not my main pc Andy

Well Noticed MP Handler , I must admit I didnt even read all the message, I just checked the page source and then got details on the sites owner and ISP to pass to e-gold but its the quality of the site that suprised me, Ive had plenty in the past from Paypal spoof sites and they usually trace back to colleges in Thailand, this website with the spoof e-gold page actually sells sporting goods on some of their more genuine looking pages but I feel sorry for anyone who buys anything from them and gives credit card info as the owner is clearly phishing. With the ISP being in the U.S it will be shutdown easily enough as Im sure the webhosting terms do not include setting up a scam site Here's the fake and genuine e-gold pages : Fake: Genuine:

I just received a email which is clearly fake asking me to login to my e-gold account , Ive just forwarded the site address and details to e-gold but wanted to post it on here incase any members do have an account there and get a similar email as the site is very well made. I'm sure it will be closed down within a few days though as their ISP seems to be based in Atlanta, US Here's the contents of the email The link in the email opens this page h**p://[**modified**]1128157629:84/logins/ which shows the page has moved and asks you to click the link to open this page h**p://[**modified**]1128157629:84/logins/sysdll.php (use caution before viewing the links, remove [**modified**] and change the h**p to http if you did want to check it - they are not serving any trojan infections as Ive viewed the source code of the pages but that may change if they are not shut down) the link opens a genuine looking e-gold page but it isn't secure (no lock icon in the browser status bar and is http when it should be https) so any information is sent in plain text, what's clever about it is the page also contains code to hide the true address bar and then adds a fake address bar written into the page at the top showing https://www.e-gold.com/acct/login.html to give the impression its the genuine site. The webpage contact info traces to Ansari, Rehman Sitten Street Malaz P.O.Box 50571 Riyadh 11341 SA

Hi Matt I cannot help with this, I run Ccleaner a few times on the Advanced settings and it didn't disable Quick Launch, Try unlocking the toolbar first then enabling Quick launch and it may remember your settings when you reboot. All The Best Andy

Hey Matt I will have a play with cleaning on the advanced settings and see if I can re-create your problem on my system as its hard to know whats been changed at this stage

Hi Matt Ive not read all the topic so I apologize if you have already tried this. Is quick launch enabled on start menu's properties ? Right click the start menu and choose properties , then click the Taskbar tab, place a check next to Show Quick Launch and press apply. Next check that the Quick launch folders exist , goto start menu then run and copy and paste these commands into the run box and press OK after each command %userprofile%\Applic~1\Microsoft\Intern~1 %Allusersprofile%\Applic~1\Microsoft\Intern~1 both should contain a quick launch folder Andy

EDIT: Removed information and script to check userinit / wsaupdater.exe as its clearly not connected to this problem

EDIT: Removed information about wsaupdater.exe as its clearly not connected to this problem