Do I need all these in my registry?

[diy101]

Lokking thru my registry:
Start Menu- Run - "regedit" - OK
Hkey-Local Machines/Software/Microsoft/Windows/Current version/Run
I found these items (can I delete any of these to help speed up the pc?)

"omcamlch"
CaGoU "C:\WINDOWS\SYSTEM\28E 3DC20.hta"
Quick Time Task "C:\WINDOWS\SYSTEM\QTTASK.EXE-atboottime"
setfirst "omcamuns setfirst"
TKBellExe "C:\Program Files\Common Files\Real\Update_OB\rea..."

I know what Quick Time is, but I'm not sure about the others. I just want to make sure these are (or aren't) necessary to be in the registry. Can I delete any of these?

The system is an old P3, 500Mhz, 818chipset and running 98SE.
Thanks for any help. Erik

[ktkendall]

Use the msconfig utility startup tab and you will see them there also, and in there you can uncheck them, and reboot, but if you do need one of them back then you can just go back in and recheck the item you needed. I keep nothing in mine though.

[Panama Red]

Here's the site I use to investigate items I find in Startup. I don't recommend removing programs by editing the Registry. I prefer Hijack This! to reveal/remove stubborn nasties. If you do remove anything from the Registry manually, make a backup first in case something goes wrong.

http://www.sysinfo.org/startuplist.php

[glc]

I think you have some malware - have you done any virus/trojan/spyware scans?

The TKBell is part of Real Player. You know what Quicktime is. The other 3 are VERY suspicious.

[GaryRouth]

I took a quick look, the entries with "onmcam" in their process names seem to be related to a Win98 driver for a web-camera. If you don't have one of these, make sure to check what is calling those to start when you visit your Startup list in msconfig.

The CaGoU item is associated with malware, just as glc mentioned. CastleCops links it to a known virus, that they call "Kakworm virus". http://www.castlecops.com/s500-cAgOu.html

Run your scans on as "thorough" settings as you are allowed, and run them from both normal mode and Safe mode. Disconnect from the Internet for your first round of scans. When reconnecting, make sure a firewall is in place, and visit an online scanner to double-check your local scanner - Ewido has had some favorable feedback on the forums (although I believe it does rely ActiveX to run, so you may need to temporarily allow it's applet to run) http://www.ewido.net/en/onlinescan/

Best of luck
. . . Gary

[P.S. ... once the malware is gone, you can also safely remove the RealPlayer (TKBell) and QuickTime startup processes, they just eat precious Win9x resources unnecessarily. RealPlayer and Quicktime will run just fine without them.]

[glc]

Ewido requires Win2000 or XP, it won't run on 9x/ME.

[tacoeater]

Sunbelt Software's CounterSpy will run on Win9x and is similar to ewido

[diy101]

Thanks guys. I googled cAgOu and found out about the KAKWorm. These sites helped me identify and fix the problem.

http://www.ravantivirus.com/virus/showvirus.php?v=40

http://startup.networktechs.com/srch-cAgOu.html

I was able to clear it from the system (as far as I know).
I currently use Cleanup by Steven Gould (every time prior to shutting down), Adaware SE Personal 1.06 by Lavasoft, Spybot: Search & Destroy 1.4 and Avast! 4.7 (all FREE! and run weekly) Luckily I found the worm. I recently built a new Pentium D / XP system and am clearing the old 98 system for a family member. I was able to eliminate the problem and have cleared all my files, doc, pics and preferences.

Should I also download Hijack This and/or Counterspy?

Thanks again for the help. Erik

[GaryRouth]

Sounds like you've been pretty thorough. It shouldn't hurt anything to run HiJack This or Counterspy, but that's up to you. Interpreting the HiJack This logs can be a little tricky, but there are quite a few folks helping out with that - you don't have to try to do a full interpretation on your own the first time.

A lot of times, when I'm cleaning an older computer for a donation, I'll zero-write the drive & clean install Win98se, then follow that with the Feb 2004 Security Update CD, then have a disk handy with many of the same tools you use (SpyBot, AdAware, avast! - or AVG - I generally use AVG on older pcs, and save avast! for the XP and newer ones), and the more recent Security Patches. I doubt that you'll want to do that at this point, since it's a family member & since you've already got the box setup and cleaned up. But it's an option you can keep in mind for future donations.

If you haven't tried the "Immunize" function in SpyBot yet, it's a worthy tool - especially for computers that will spend a lot of time on the Internet.

Best of luck
. . . Gary

[p.s. ... glc - Thank You! for correcting my error about Ewido -- I hadn't noticed that it doesn't have a Win98 compatible version. Not that you have any spare time, but if we could ever put all your repair-savvy into a book, it'd be a best-seller ]

[P.S. #2 -- diy101 --- I'm not familiar with the Cleanup tool by Steven Gould you mention. Is the author any relation to the famous naturalist?]

[tacoeater]

that cleanup is referred to quite often on the hijack this help forums,
http://www.stevengould.org/software/cleanup/
cleanup4 i think it is
the other file is the crap cleaner which i think can be more dangerous